Solved FRST Scanned

Malnutrition · Aug 3, 2017

mnisia said:
I think this is what you are looking for not sure.

Yes.

mnisia said:
The machine is acting better.

Sweet.

mnisia said:
When the machine starts up now note pad is on the desk top saying access denied.

Still having this issue?

I'd like to run a scan that looks deep into the system to make certain I have not missed anything what so ever...

Download Quick Diag to your desktop.
Very Important!! — Make sure program is on your desktop.
Disable your Antivirus/Antispyware prior to scanning.
Right Click Run as Administrator.
Select the Quick Scan.

Post the log that is generated in your next post.

mnisia · Aug 3, 2017

Yes I'm still getting the access denied with note pad

Malnutrition · Aug 3, 2017

OK, Lets see the new log, then after I check it and make sure there is nothing lurking on your machine I will send you instructions to remedy that issue.

mnisia · Aug 4, 2017

--------------- QuickDiag | g3n-h@ckm@n | V3_01.07.17.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 03/08/2017 16:07:19

Updated 01/07/2017 | 11.30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-05:00) Eastern Time (US & Canada)
[Steve (Administrator)] - [STEVE-PC] (S-1-5-21-3518905376-1918425772-3662548586-1001)

System: Microsoft Windows 10 Home - - (10.0.15063) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) -> (1703)
System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 10 Home|C:\WINDOWS|\Device\Harddisk0\Partition3
Boot : Normal boot
PC: Studio XPS 9100 - Dell Inc. - IdNumber: 8MNRBP1 - UUID: 4C4C4544-004D-4E10-8052-B8C04F425031
Processor : X64 - 2800 Mhz - Intel(R) Core(TM) i7 CPU 930 @ 2.80GHz
Default System BIOS - - Dell Computer Corporation - S/N: 8MNRBP1 - A04 - DELL - 20101021
CoreTemp : ? Celsius

----------| Quick

---------- | SoundDevice

NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&25211838&0&0001
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&25211838&0&0101
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&25211838&0&0201
NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_000B&SUBSYS_10DE0101&REV_1002\5&25211838&0&0301
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0892&SUBSYS_10280482&REV_1003\4&2D476A8&0&0201

---------- | Video

NVIDIA GeForce 310 - Resolution: 1680x1050 - Colors: 4294967296 - RefreshRate: 59 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_0A66&SUBSYS_90601B0A&REV_A2\4&3A4C116B&0&0038 - AdapterCompatibility: NVIDIA - RAM: 536870912
Inegrated Video Chipset DeviceName: NVIDIA GeForce 310 - DriverVersion: 21.21.13.4201 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 84992 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42488 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 28160 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 53760 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25920 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35208 - Manufacturer: Microsoft Corporation - Status: OK

---------- | CPU

CPU #1 value:25 %
CPU #2 value:19 %
CPU #3 value:0 %
CPU #4 value:12 %
CPU #5 value:0 %
CPU #6 value:0 %
CPU #7 value:0 %
CPU #8 value:0 %
Total Overall CPU Usage value:7 %

---------- | Network

Realtek PCIe GBE Family Controller : SENT:0 bytes/sec / RECVD:0 bytes/sec
NETGEAR WNA3100 N300 Wireless USB Adapter : SENT:867 bytes/sec / RECVD:867 bytes/sec
Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec

Overall -> SEND Maxium:867 bytes/sec, / RECEIVE Maximum:867 bytes/sec

Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status: - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_E0001028&REV_03\03000000684CE00000
NETGEAR WNA3100 N300 Wireless USB Adapter - Ethernet 802.3 - Netgear - Status: - PnPID : USB\VID_0846&PID_9020\113
WAN Miniport (SSTP) - - - Status: - PnPID :
WAN Miniport (IKEv2) - - - Status: - PnPID :
WAN Miniport (L2TP) - - - Status: - PnPID :
WAN Miniport (PPTP) - - - Status: - PnPID :
WAN Miniport (PPPOE) - - - Status: - PnPID :
WAN Miniport (IP) - - - Status: - PnPID :
WAN Miniport (IPv6) - - - Status: - PnPID :
WAN Miniport (Network Monitor) - - - Status: - PnPID :
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE

---------- | Memory

RAM = Total (MB) : 8379 | Free (MB) : 5515
Pagefile = Total (MB) : 8904 | Free (MB) : 5813
Virtual = Total (MB) : 4194 | Free (MB) : 3938

Physical Memory 0 : Capacity: 4294967296 - DIMM0 - Posit.: - Manufacturer: Manufacturer00 - PartNumber: BLT4G3D1608DT1TX0. - S/N: 21DA07A8
Physical Memory 2 : Capacity: 2147483648 - DIMM2 - Posit.: - Manufacturer: Hyundai - PartNumber: HMT125U6DFR8C-H9 - S/N: EB2B2331
Physical Memory 4 : Capacity: 2147483648 - DIMM4 - Posit.: - Manufacturer: Hyundai - PartNumber: HMT125U6DFR8C-H9 - S/N: E92B6331

---------- | SID Users

Administrator : [S-1-5-21-3518905376-1918425772-3662548586-500]
DefaultAccount : [S-1-5-21-3518905376-1918425772-3662548586-503]
Guest : [S-1-5-21-3518905376-1918425772-3662548586-501]
HomeGroupUser$ : [S-1-5-21-3518905376-1918425772-3662548586-1003]
Steve : [S-1-5-21-3518905376-1918425772-3662548586-1001]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Remote Management Users : [S-1-5-32-580]
System Managed Accounts Group : [S-1-5-32-581]
Users : [S-1-5-32-545]
HelpLibraryUpdaters : [S-1-5-21-3518905376-1918425772-3662548586-1008]
HomeUsers : [S-1-5-21-3518905376-1918425772-3662548586-1000]
SQLServer2005SQLBrowserUser$STEVE-PC : [S-1-5-21-3518905376-1918425772-3662548586-1005]
SQLServerMSSQLServerADHelperUser$STEVE-PC : [S-1-5-21-3518905376-1918425772-3662548586-1004]
SQLServerMSSQLUser$Steve-PC$SQLEXPRESS : [S-1-5-21-3518905376-1918425772-3662548586-1006]
SQLServerSQLAgentUser$STEVE-PC$SQLEXPRESS : [S-1-5-21-3518905376-1918425772-3662548586-1007]

---------- | SystemAccounts

Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK

---------- | Drives

C:\ -> [Fixed] | [OS] | Total : 919.22 Go | Free : 675.21 Go -> NTFS [SATA]

Disk Usage Information [1 total Physical Disks]

Physical Drive #0 [C:] : Read:658,645 bytes/sec, Written:188,184 bytes/sec Max Read:658,645 bytes/sec, Max Write:188,184 bytes/sec

Overall - Read Maximum:658,645 bytes/sec, Write Maximum:188,184 bytes/sec

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_&PROD_ST31000528AS\4&2F621F8A&0&020000

---------- | Windows updates

Test 1 : Windows Is Activated
Test 2 : Windows Is Activated
Test 3 : Possible Fixed Windows (Notification Mode)

---------- | Browsers

IE : 11.0.15063.0 (© Microsoft Corporation.)
FF : 54.0.1.6388 (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 60.0.3112.78 (Copyright 2016 Google Inc.)
SF : 5.34.57.2 (Copyright Apple Inc. 2007-2012)

Default : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url ""

---------- | FlashPlayer

FlashPlayer ActiveX : 26.0.0.137
FlashPlayer Plugin : 26.0.0.137

---------- | Security

FW : McAfee Firewall Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

460 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.15063.0) = C:\Windows\System32\smss.exe [18/03/2017 16:57:38] CPU Usage:0 %
720 | [Owner : SYSTEM | Parent : 712() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 16:57:38] CPU Usage:0 %
872 | [Owner : SYSTEM | Parent : 864() | ?????] - (.Microsoft Corporation - Client Server Runtime Process.) - (10.0.15063.0) = C:\Windows\System32\csrss.exe [18/03/2017 16:57:38] CPU Usage:0 %
896 | [Owner : SYSTEM | Parent : 712() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.15063.483) = C:\Windows\System32\wininit.exe [26/07/2017 09:48:36] CPU Usage:0 %
976 | [Owner : SYSTEM | Parent : 864() | 9.82 Mo] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.15063.483) = C:\Windows\System32\winlogon.exe [26/07/2017 09:48:36] CPU Usage:0 %
1000 | [Owner : SYSTEM | Parent : 896(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.15063.0) = C:\Windows\System32\services.exe [18/03/2017 16:57:39] CPU Usage:0 %
260 | [Owner : SYSTEM | Parent : 896(wininit.exe) | 16.71 Mo] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.15063.483) = C:\Windows\System32\lsass.exe [26/07/2017 09:48:36] CPU Usage:0 %
668 | [Owner : SYSTEM | Parent : 1000(services.exe) | 3.95 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
652 | [Owner : UMFD-1 | Parent : 976(winlogon.exe) | 18.71 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [26/07/2017 09:48:48] CPU Usage:0 %
704 | [Owner : UMFD-0 | Parent : 896(wininit.exe) | 13.84 Mo] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe [26/07/2017 09:48:48] CPU Usage:0 %
780 | [Owner : SYSTEM | Parent : 1000(services.exe) | 25.38 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1064 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 11.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1108 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.78 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1192 | [Owner : DWM-1 | Parent : 976(winlogon.exe) | 35.51 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (10.0.15063.0) = C:\Windows\System32\dwm.exe [18/03/2017 16:58:21] CPU Usage:0 %
1248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.77 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1292 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.75 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1300 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 11.11 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1364 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1484 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 19.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1528 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.05 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.01.) - (8.17.13.4201) = C:\Windows\System32\nvvsvc.exe [26/07/2017 05:59:50] CPU Usage:0 %
1548 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1564 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.74 Mo] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4201) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [17/12/2016 06:20:40] CPU Usage:0 %
1632 | [Owner : SYSTEM | Parent : 1528(nvvsvc.exe) | 19.92 Mo] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4201) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [26/07/2017 05:59:50] CPU Usage:0 %
1640 | [Owner : SYSTEM | Parent : 1528(nvvsvc.exe) | 14.03 Mo] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 342.01.) - (8.17.13.4201) = C:\Windows\System32\nvvsvc.exe [26/07/2017 05:59:50] CPU Usage:0 %
1688 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 19.37 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1740 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.71 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1748 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.76 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1860 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 12.03 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
1964 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.74 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2032 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.45 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2040 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2080 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2088 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 8.05 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2220 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.29 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.34 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2256 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 8.23 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2376 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 12.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2460 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.39 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2468 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 8.33 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2476 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 12.54 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2484 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 6.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2688 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.47 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2792 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.5 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2868 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.85 Mo] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.15063.0) = C:\Windows\System32\spoolsv.exe [18/03/2017 16:58:24] CPU Usage:0 %
2908 | [Owner : SYSTEM | Parent : 2688(svchost.exe) | 6.72 Mo] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (10.0.15063.0) = C:\Windows\System32\wlanext.exe [18/03/2017 16:58:10] CPU Usage:0 %
2976 | [Owner : SYSTEM | Parent : 2908(wlanext.exe) | 5.99 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe [18/03/2017 16:57:35] CPU Usage:0 %
3068 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.93 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2140 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 7.2 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2144 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 8.15 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2724 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2716 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.84 Mo] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.22.5037) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [25/04/2017 09:12:12] CPU Usage:0 %
2700 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 10.66 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3040 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.73 Mo] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (4.2.0.574) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [04/09/2015 16:54:06] CPU Usage:0 %
3076 | [Owner : SYSTEM | Parent : 1000(services.exe) | 25.84 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3084 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.49 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3092 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.72 Mo] - (.Adobe Systems Incorporated - Adobe Update Service.) - (3.8.0.310) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [24/08/2016 08:45:06] CPU Usage:0 %
3100 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 14.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3108 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 9.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3116 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.46 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3148 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.44 Mo] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.6.0.2180) = C:\Windows\System32\mfevtps.exe [01/05/2016 18:12:28] CPU Usage:0 %
3184 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3204 | [Owner : SYSTEM | Parent : 1000(services.exe) | 18.26 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3252 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.63 Mo] - (.McAfee, Inc. - McAfee Management Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [01/05/2016 18:12:26] CPU Usage:0 %
3344 | [Owner : SYSTEM | Parent : 1000(services.exe) | 28.52 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.6.149) = C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [27/07/2017 16:37:00] CPU Usage:0 %
3352 | [Owner : SYSTEM | Parent : 1000(services.exe) | 48.21 Mo] - (.McAfee, Inc. - McAfee Module Core Service.) - (1.8.140.0) = C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [07/02/2017 06:11:58] CPU Usage:0 %
3492 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.04 Mo] - (.Intel Security, Inc. - Intel Security PEF Service.) - (1.6.122.0) = C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [01/05/2016 18:16:26] CPU Usage:0 %
3508 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.09 Mo] - (.Motorola - ForwardDemon.) - (1.0.0.0) = C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [15/08/2015 17:09:45] CPU Usage:0 %
3556 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.05 Mo] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2007.100.5500.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [22/09/2011 21:07:34] CPU Usage:0 %
3564 | [Owner : SYSTEM | Parent : 1000(services.exe) | 32.95 Mo] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8229.2103) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [24/01/2016 01:41:43] CPU Usage:0 %
3612 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.1 Mo] - (.- Wifi Service.) - (2.1.0.24) = C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [29/08/2016 22:34:24] CPU Usage:0 %
3648 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.45 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/07/2017 17:43:54] CPU Usage:0 %
3688 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 52.73 Mo] - (.Microsoft Corporation - SQL Server Windows NT - 64 Bit.) - (2007.100.5538.0) = C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [03/04/2015 19:15:26] CPU Usage:0 %
3740 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.41 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3748 | [Owner : SYSTEM | Parent : 1000(services.exe) | 5.81 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3760 | [Owner : SYSTEM | Parent : 1000(services.exe) | 66.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3768 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.64 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3776 | [Owner : SYSTEM | Parent : 1000(services.exe) | 20.89 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3784 | [Owner : SYSTEM | Parent : 1000(services.exe) | 8.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3864 | [Owner : SYSTEM | Parent : 1000(services.exe) | 18.04 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3884 | [Owner : SYSTEM | Parent : 1000(services.exe) | ?????] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe [26/07/2017 09:49:11] CPU Usage:0 %
3968 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 13.52 Mo] - (.Microsoft Corporation - Message Queuing Service.) - (5.0.1.1) = C:\Windows\System32\mqsvc.exe [18/03/2017 16:56:51] CPU Usage:0 %
2980 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 5.68 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4176 | [Owner : LOCAL SERVICE | Parent : 3084(svchost.exe) | 5.58 Mo] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe [18/03/2017 16:57:46] CPU Usage:0 %
4240 | [Owner : SYSTEM | Parent : 1000(services.exe) | 16.37 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4448 | [Owner : SYSTEM | Parent : 1000(services.exe) | 239.08 Mo] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.479) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [25/07/2017 16:42:20] CPU Usage:0 %
4476 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.81 Mo] - (.Nero AG - NeroUpdate.) - (11.2.0.6) = C:\Program Files (x86)\Nero\Update\NASvc.exe [15/07/2014 09:46:00] CPU Usage:0 %
4588 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 7.79 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
4616 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 12.79 Mo] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.6.0.2180) = C:\Windows\System32\mfevtps.exe [01/05/2016 18:12:28] CPU Usage:0 %
4340 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.06 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
2644 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 6.93 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
5276 | [Owner : SYSTEM | Parent : 1000(services.exe) | 27.61 Mo] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe [26/07/2017 09:38:59] CPU Usage:0 %
6072 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 23.58 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2046.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [18/03/2017 16:59:43] CPU Usage:0 %
6192 | [Owner : Steve | Parent : 1000(services.exe) | 19.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6244 | [Owner : Steve | Parent : 2032(svchost.exe) | 22.2 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe [18/03/2017 16:58:10] CPU Usage:0 %
6256 | [Owner : Steve | Parent : 3344(mcsacore.exe) | 30.7 Mo] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.6.149) = C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe [27/07/2017 16:37:02] CPU Usage:0 %
6472 | [Owner : Steve | Parent : 1000(services.exe) | 25.9 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6644 | [Owner : SYSTEM | Parent : 1000(services.exe) | 19.25 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
6700 | [Owner : NETWORK SERVICE | Parent : 1000(services.exe) | 16.24 Mo] - (.Microsoft Corporation - SMSvcHost.exe.) - (4.7.2046.0) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [18/03/2017 16:59:43] CPU Usage:0 %
6740 | [Owner : NETWORK SERVICE | Parent : 780(svchost.exe) | 16.84 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
6984 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 18.28 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
5140 | [Owner : Steve | Parent : 1740(svchost.exe) | 21.91 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe [18/03/2017 16:57:57] CPU Usage:0 %
7300 | [Owner : Steve | Parent : 7148() | 98.15 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.15063.447) = C:\Windows\explorer.exe [26/07/2017 09:48:47] CPU Usage:0 %
7912 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.62 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
8136 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 57.08 Mo] - (.McAfee, Inc. - McAfee Cloud AV.) - (20.1.159.0) = C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe [03/07/2017 21:35:55] CPU Usage:2 %
772 | [Owner : Steve | Parent : 780(svchost.exe) | 62.74 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [18/03/2017 16:56:41] CPU Usage:0 %
1768 | [Owner : Steve | Parent : 780(svchost.exe) | 93.62 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [26/07/2017 09:39:07] CPU Usage:0 %
7064 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 11.5 Mo] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2016 18:16:03] CPU Usage:0 %
5156 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.42 Mo] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.6.0.2180) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [01/05/2016 18:16:03] CPU Usage:0 %
8196 | [Owner : SYSTEM | Parent : 1000(services.exe) | 21.44 Mo] - (.Intel Security - AnalyticsSDK.) - (2.2.143.0) = C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [14/01/2017 10:44:05] CPU Usage:0 %
8204 | [Owner : SYSTEM | Parent : 1000(services.exe) | 57.38 Mo] - (.McAfee, Inc. - McAfee Service Host.) - (6.4.4016.0) = C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [01/05/2016 18:15:21] CPU Usage:0 %
8372 | [Owner : SYSTEM | Parent : 1000(services.exe) | 11.47 Mo] - (.McAfee, Inc. - McAfee Access Protection.) - (7.1.156.0) = C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe [07/02/2017 06:14:27] CPU Usage:0 %
8700 | [Owner : Steve | Parent : 3328() | 12.59 Mo] - (.Motorola Mobility LLC - MotoHelperAgent.) - (14.8.6.1) = C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [15/04/2015 09:43:18] CPU Usage:0 %
9028 | [Owner : Steve | Parent : 780(svchost.exe) | 26.56 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe [18/03/2017 16:58:01] CPU Usage:0 %
9712 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 10.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
9232 | [Owner : Steve | Parent : 780(svchost.exe) | 32.15 Mo] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe [26/07/2017 09:38:59] CPU Usage:0 %
3376 | [Owner : SYSTEM | Parent : 5276(SearchIndexer.exe) | 7.54 Mo] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.15063.447) = C:\Windows\System32\SearchProtocolHost.exe [26/07/2017 09:48:36] CPU Usage:0 %
9276 | [Owner : Steve | Parent : 780(svchost.exe) | 10.05 Mo] - (.-.) - (11.19.820.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe [23/07/2017 05:05:56] CPU Usage:0 %
6400 | [Owner : LOCAL SERVICE | Parent : 2376(svchost.exe) | 15.84 Mo] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.15063.447) = C:\Windows\System32\audiodg.exe [26/07/2017 09:48:36] CPU Usage:0 %
2704 | [Owner : Steve | Parent : 3352(ModuleCoreService.exe) | 30.68 Mo] - (.McAfee, Inc. - McAfee Module Core Service.) - (1.8.140.0) = C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [07/02/2017 06:11:58] CPU Usage:0 %
2984 | [Owner : Steve | Parent : 2704(ModuleCoreService.exe) | 6.18 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.15063.0) = C:\Windows\System32\conhost.exe [18/03/2017 16:57:35] CPU Usage:0 %
3856 | [Owner : Steve | Parent : 4448(MBAMService.exe) | 20.94 Mo] - (.Malwarebytes - Malwarebytes Tray Application.) - (3.0.0.1068) = C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe [25/07/2017 16:42:18] CPU Usage:0 %
2408 | [Owner : Steve | Parent : 780(svchost.exe) | 4.37 Mo] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.250) = C:\Windows\System32\SettingSyncHost.exe [26/07/2017 09:38:59] CPU Usage:0 %
4864 | [Owner : Steve | Parent : 7300(explorer.exe) | 9.52 Mo] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe [18/03/2017 16:56:44] CPU Usage:0 %
6416 | [Owner : Steve | Parent : 7300(explorer.exe) | 109.96 Mo] - (.Copyright 2017. - ZAM.) - (2.74.0.76) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [24/07/2017 17:43:54] CPU Usage:0 %
6488 | [Owner : Steve | Parent : 1740(svchost.exe) | 33.4 Mo] - (.McAfee, Inc. - McAfee.) - (9.1.151.0) = C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe [01/05/2016 18:16:15] CPU Usage:0 %
5284 | [Owner : SYSTEM | Parent : 1000(services.exe) | 19.18 Mo] - (.McAfee, Inc. - McAfee CSP Service Host.) - (2.5.312.0) = C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe [30/05/2017 21:21:26] CPU Usage:0 %
10912 | [Owner : Steve | Parent : 7300(explorer.exe) | 222.56 Mo] - (.Mozilla Corporation - Firefox.) - (54.0.1.6388) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe [19/11/2016 13:04:59] CPU Usage:0 %
2832 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.17 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
3244 | [Owner : Steve | Parent : 1000(services.exe) | 19.99 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
10492 | [Owner : LOCAL SERVICE | Parent : 1000(services.exe) | 10.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
10280 | [Owner : SYSTEM | Parent : 1000(services.exe) | 13.39 Mo] - (.Dell Inc. - Dell Data Vault Rules Processor.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [20/06/2017 14:20:18] CPU Usage:0 %
3940 | [Owner : SYSTEM | Parent : 1000(services.exe) | 40.1 Mo] - (.Dell Inc. - DCCService.) - (1.4.15.0) = C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [21/12/2016 11:23:18] CPU Usage:0 %
7880 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.6 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11380 | [Owner : SYSTEM | Parent : 1000(services.exe) | 46.76 Mo] - (.Dell Inc. - Dell Update Windows Service.) - (1.9.20.0) = C:\Program Files (x86)\Dell Update\DellUpService.exe [01/05/2017 15:27:48] CPU Usage:0 %
11780 | [Owner : SYSTEM | Parent : 780(svchost.exe) | 53.78 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
11888 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.21 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11860 | [Owner : Steve | Parent : 11380(DellUpService.exe) | 53.3 Mo] - (.Dell Inc. - Dell Update.) - (1.9.20.0) = C:\Program Files (x86)\Dell Update\DellUpTray.exe [01/05/2017 15:25:50] CPU Usage:0 %
12256 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.61 Mo] - (.Microsoft Corporation - Windows® installer.) - (5.0.15063.0) = C:\Windows\System32\msiexec.exe [18/03/2017 16:57:05] CPU Usage:0 %
12248 | [Owner : SYSTEM | Parent : 1000(services.exe) | 30.08 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
11884 | [Owner : SYSTEM | Parent : 1000(services.exe) | 10.23 Mo] - (.Intuit Inc. - Intuit Update Service.) - (4.0.11.0) = C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [27/04/2015 14:43:32] CPU Usage:0 %
9996 | [Owner : SYSTEM | Parent : 1000(services.exe) | 15.82 Mo] - (.Sonic Solutions - RoxWatch12 Module.) - (12.2.1.22) = C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [04/09/2010 03:15:22] CPU Usage:0 %
10388 | [Owner : SYSTEM | Parent : 1000(services.exe) | 55.15 Mo] - (.Dell Inc. - Service.) - (2.0.1.7) = C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [28/06/2017 16:49:30] CPU Usage:0 %
11540 | [Owner : SYSTEM | Parent : 1000(services.exe) | 21.93 Mo] - (.Dell Inc. - Dell Data Vault Data Collector Service.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [20/06/2017 14:22:48] CPU Usage:0 %
11300 | [Owner : SYSTEM | Parent : 1000(services.exe) | 17.11 Mo] - (.Sonic Solutions - RoxMediaDB12 Module.) - (12.2.1.22) = C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [04/09/2010 03:14:26] CPU Usage:0 %
10908 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.06 Mo] - (.Dell Inc. - Dell Data Vault Data Collector Service API.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [20/06/2017 14:23:02] CPU Usage:0 %
12524 | [Owner : LOCAL SERVICE | Parent : 780(svchost.exe) | 12.81 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiPrvSE.exe [18/03/2017 16:58:01] CPU Usage:0 %
12780 | [Owner : Steve | Parent : 11540(DDVDataCollector.exe) | 6.97 Mo] - (.Dell Inc. - DDV Nvidia Graphics Worker.) - (5.2.1.55) = C:\Program Files\Dell\DellDataVault\nvapiw.exe [20/06/2017 14:23:24] CPU Usage:0 %
11812 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.3 Mo] - (.Microsoft Corporation - Windows Modules Installer.) - (10.0.15063.0) = C:\Windows\servicing\TrustedInstaller.exe [18/03/2017 07:40:21] CPU Usage:0 %
13080 | [Owner : SYSTEM | Parent : 780(svchost.exe) | 8.77 Mo] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.15063.0) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.15063.410_none_9e914f9d2d85dacb\TiWorker.exe [18/03/2017 07:40:23] CPU Usage:0 %
12532 | [Owner : SYSTEM | Parent : 3252(mfemms.exe) | 56.7 Mo] - (.McAfee, Inc. - McAfee Scanner service.) - (1.5.0.2939) = C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [01/05/2016 18:16:58] CPU Usage:0 %
3696 | [Owner : SYSTEM | Parent : 1000(services.exe) | 9.52 Mo] - (.Motorola Mobility LLC - MotoHelper Service.) - (14.3.23.0) = C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [15/04/2015 09:44:32] CPU Usage:0 %
13268 | [Owner : SYSTEM | Parent : 5276(SearchIndexer.exe) | 6.26 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.15063.0) = C:\Windows\System32\SearchFilterHost.exe [18/03/2017 16:58:18] CPU Usage:0 %
13208 | [Owner : SYSTEM | Parent : 1000(services.exe) | 6.24 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe [18/03/2017 16:58:21] CPU Usage:0 %
13100 | [Owner : SYSTEM | Parent : 1000(services.exe) | 7.95 Mo] - (.Microsoft Corporation - WMI Performance Reverse Adapter.) - (10.0.15063.0) = C:\Windows\System32\wbem\WmiApSrv.exe [18/03/2017 16:57:50] CPU Usage:0 %
3332 | [Owner : Steve | Parent : 7300(explorer.exe) | 40.37 Mo] - (.SosVirus - QuickDiag.) - (1.7.17.1) = C:\Users\Steve\Desktop\QuickDiag.exe [03/08/2017 16:05:12] CPU Usage:0 %
7548 | [Owner : NETWORK SERVICE | Parent : 780(svchost.exe) | 9.46 Mo] - (.Microsoft Corporation - WMI Provider Host.) - (10.0.15063.0) = C:\Windows\SysWOW64\wbem\WmiPrvSE.exe [18/03/2017 16:58:50] CPU Usage:0 %

---------- | MD5

[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [26/07/2017 09:48:47] - (.© Microsoft Corporation. - Windows Explorer.) - [4733.81 Ko] - (10.0.15063.447) : C:\WINDOWS\Explorer.exe
[MD5.94912C1D73ADE68F2486ED4D8EA82DE6] - [18/03/2017 16:57:50] - (.© Microsoft Corporation. - Windows Command Processor.) - [265.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\cmd.exe
[MD5.31E45CAA8E7035ECD47E96A7377BE975] - [18/03/2017 16:57:38] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.28 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\csrss.exe
[MD5.2D29C0AFCC8225AFF6637F7362C22960] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - COM Surrogate.) - [20.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\dllhost.exe
[MD5.90224339656D3CFEC43150209B4CD38E] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [692.1 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\Kernel32.dll
[MD5.9936F9E94C6E3F47A158D7BFF020575A] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Local Security Authority Process.) - [57.12 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\lsass.exe
[MD5.0E79A4C76CAAA0CFE9CA42C13E5AA086] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - Distributed COM Services.) - [1060 Ko] - (10.0.15063.296) : C:\WINDOWS\System32\rpcss.dll
[MD5.ECB702B8C5650381C0784F1EEABB97BC] - [18/03/2017 16:58:29] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [67 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\rundll32.exe
[MD5.800D00D1A7ADA9E341CACDF287347584] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - Services and Controller app.) - [515.6 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\services.exe
[MD5.3120B24060924F9B94182A1432B2D7F9] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [46.55 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\svchost.exe
[MD5.9F67071B597A3CCC8C11CE761CE88B04] - [18/03/2017 16:57:35] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1313.56 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\user32.dll
[MD5.46B72E05D0B9F489CA60DBD7361039B0] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - Userinit Logon Application.) - [31.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\userinit.exe
[MD5.B2DB5876B6F68D32E470F691C7088F3F] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [310.77 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Wininit.exe
[MD5.31E3287EF6D97C5864A301CEA75BBBA1] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Windows Logon Application.) - [690 Ko] - (10.0.15063.483) : C:\WINDOWS\System32\Winlogon.exe
[MD5.AC1928C2F7505BD556C552F153B062AB] - [18/03/2017 16:57:36] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [596.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\afd.sys
[MD5.01733BEEE02E51F712330D5909BD701C] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [28.41 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\atapi.sys
[MD5.71CCAFFF7D5E64E3D07BD96F2B2898EF] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [189.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ataport.sys
[MD5.B6E5AD7C83A5254DEE9D86023C0E5A81] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
[MD5.ABE77AD954BC3D72F559CF0C381E50BC] - [18/03/2017 16:56:25] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [156.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
[MD5.185A4519B7764F4DEF714D890A7A9FD2] - [18/03/2017 16:57:47] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [147 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\dfsc.sys
[MD5.02B9639D9997E95CDF2F4C4F3BDCC73D] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [84.5 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
[MD5.C6C8315E3262FAE460529C6DA2951682] - [18/03/2017 16:56:35] - (.© Microsoft Corporation. - i8042 Port Driver.) - [112.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
[MD5.DCC05E5EAA580C97F13B434FAFACED85] - [18/03/2017 16:58:21] - (.© Microsoft Corporation. - IP Network Address Translator.) - [209.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
[MD5.F2AD1B72C5A6475FB5FF332E1980DF88] - [18/03/2017 16:57:54] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [456.4 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
[MD5.59F3D5FEF4A24871C07C279762DA8624] - [26/07/2017 09:48:36] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1213.41 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ndis.sys
[MD5.30C2F67EC84EB11B22011620107E0325] - [18/03/2017 16:57:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [298 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\netbt.sys
[MD5.8D72D5038C5F91AFEF1B160FE524C2D9] - [26/07/2017 09:48:47] - (.© Microsoft Corporation. - NT File System Driver.) - [2272.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\ntfs.sys
[MD5.2CC6C325B271C7CA60F374F8F868CB45] - [18/03/2017 16:56:26] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\parport.sys
[MD5.5279EC98F6218D29EADDFECCC0D80E9A] - [18/03/2017 16:58:07] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [104.5 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
[MD5.53A01D3FDB701AC5D9DDE4140227E3D9] - [18/03/2017 16:59:55] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [179 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
[MD5.DC0D1B5284152315F81894DAABBB2AF3] - [26/07/2017 09:48:37] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2618.91 Ko] - (10.0.15063.447) : C:\WINDOWS\System32\Drivers\tcpip.sys
[MD5.892AB2637603A5E9507C39E61101C3C3] - [26/07/2017 09:38:59] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.91 Ko] - (10.0.15063.413) : C:\WINDOWS\System32\Drivers\tdx.sys
[MD5.E3429DBBEA3965BB96E24B16EF4A2551] - [18/03/2017 16:57:39] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [387.91 Ko] - (10.0.15063.0) : C:\WINDOWS\System32\Drivers\volsnap.sys

---------- | Locked Applications

---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 342.01.) - (21.21.13.4201) -- C:\WINDOWS\SYSTEM32\nvwgf2umx.dll
(.Google.-.Google Drive shell extension.) - (2.34.5075.1619) -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll
(..-.Core Sync.) - (2.2.0.256) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
(..-..) - (16.0.8229.2045) -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.15.2.0) -- C:\WINDOWS\System32\winsqlite3.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
desktop - (desktop.ini [Startup]) - User: Steve-PC\Steve
OneNote 2010 Screen Clipper and Launcher - (OneNote 2010 Screen Clipper and Launcher.lnk [Startup]) - User: Steve-PC\Steve
OneDrive - ("C:\Users\Steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\...\Run]) - User: Steve-PC\Steve
Adobe Acrobat Synchronizer - ("C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\...\Run]) - User: Steve-PC\Steve
CCleaner - ("C:\Program Files\CCleaner\CCleaner64.exe" /AUTO [HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\...\Run]) - User: Steve-PC\Steve
NETGEAR WNA3100 Genie - (C:\PROGRA~2\NETGEAR\WNA3100\WNA3100.exe [Common Startup]) - User: Public
SecurityHealth - (%ProgramFiles%\Windows Defender\MSASCuiL.exe [HKLM\SOFTWARE\...\Run]) - User: Public
RtHDVCpl - (C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [HKLM\SOFTWARE\...\Run]) - User: Public
RunDLLEntry_THXCfg - (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [HKLM\SOFTWARE\...\Run]) - User: Public
RunDLLEntry_EptMon - (C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [HKLM\SOFTWARE\...\Run]) - User: Public
NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\SOFTWARE\...\Run]) - User: Public
ZAM - ("C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\...\Run]) - User: Public
Malwarebytes TrayApp - (C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [HKLM\SOFTWARE\...\Run]) - User: Public

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Command Processor]
"CompletionChar"=9
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=9

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\Steve\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
"Adobe Acrobat Synchronizer"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
"CCleaner"="C:\Program Files\CCleaner\CCleaner64.exe" /AUTO

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"OneDrive"=0x03000000C35F46E246FED001
"Adobe Acrobat Synchronizer"=0x03000000702C4066C004D301
"CCleaner"=0x03000000F0E22667C004D301

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"Device"=hp LaserJet 1300 PCL 5,winspool,Ne02:
"IsMRUEstablished"=1
"LegacyDefaultPrinterMode"=0

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"SecurityHealth"=%ProgramFiles%\Windows Defender\MSASCuiL.exe
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
"RunDLLEntry_THXCfg"=C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
"RunDLLEntry_EptMon"=C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized
"Malwarebytes TrayApp"=C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [25/07/2017 16:42:18]

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
"SecurityHealth"=0x040000000000000000000000
"RtHDVCpl"=0x03000000C073726FC004D301
"AdobeAAMUpdater-1.0"=0x03000000123CBECB46FED001
"NvBackend"=0x03000000555621E846FED001
"RunDLLEntry_EptMon"=0x0300000010D35370C004D301
"RunDLLEntry_THXCfg"=0x03000000901DCF70C004D301
"mcui_exe"=0x03000000D09B8169C004D301

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
"Acrobat Assistant 8.0"=0x030000005BAC30D446FED001
"Adobe Creative Cloud"=0x03000000F877C6B046FED001
"AdobeCS6ServiceManager"=0x03000000377787B346FED001
"UpdReg"=0x030000007E05793B721ED101
"IAStorIcon"=0x030000004D52B5DA46FED001
"mcui_exe"=0x020000000000000000000000
"Razer Synapse"=0x03000000D53B83C146FED001
"RoxWatchTray"=0x0300000072EADDED46FED001
"SwitchBoard"=0x030000000EF415F446FED001
"THX Audio Control Panel"=0x03000000B30791F846FED001
"SunJavaUpdateSched"=0x030000001A46703A8467D101
"Malwarebytes Anti-Exploit"=0x0300000070F20D69C004D301
"AdobeAAMUpdater-1.0"=0x03000000B0555C68C004D301
"NvBackend"=0x030000007031B96AC004D301

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"EnableMitInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=1
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000
"Win32kLastWriteTime"=1D2A02A4539A47C

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64
"DefaultColor"=0
"EnableExtensions"=1
"PathCompletionChar"=64

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"THX Audio Control Panel"="C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r
"UpdReg"=C:\Windows\UpdReg.EXE [17/02/2011 01:46:30]
"RoxWatchTray"="C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37:14]
"Acrobat Assistant 8.0"="C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe"
"AdobeCS6ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
""=mnmsrvc
"AppInit_DLLs"=
"DdeSendTimeout"=0
"DesktopHeapLogging"=1
"DeviceNotSelectedTimeout"=15
"DwmInputUsesIoCompletionPort"=1
"EnableDwmInputProcessing"=7
"EnableMitInputProcessing"=7
"GDIProcessHandleQuota"=10000
"IconServiceLib"=IconCodecService.dll
"LoadAppInit_DLLs"=0
"NaturalInputHandler"=Ninput.dll
"ShutdownWarningDialogTimeout"=4294967295
"Spooler"=yes
"ThreadUnresponsiveLogTimeout"=500
"TransmissionRetryTimeout"=90
"USERNestedWindowLimit"=50
"USERPostMessageLimit"=10000
"USERProcessHandleQuota"=10000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}

---------- | Win.ini :

---------- | System.ini :

---------- | Tasks List

CCleanerSkipUAC
CreateExplorerShellUnelevatedTask
GoogleUpdateTaskMachineCore
GoogleUpdateTaskMachineUA
Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
McAfee Remediation (Prepare)
McAfeeLogon
OneDrive Standalone Update Task-S-1-5-21-3518905376-1918425772-3662548586-1001
Opera scheduled Autoupdate 1501022171
User_Feed_Synchronization-{BF02009D-C843-4079-8428-ABBD8A451EAB}

---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM] : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AdobeCS6ServiceManager] : "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

---------- | Other keys

[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"AllowRemoteRPC"=0
"DelayConMgrTimeout"=0
"DeleteTempDirsOnExit"=1
"fDenyTSConnections"=1
"fSingleSessionPerUser"=1
"NotificationTimeOut"=0
"PerSessionTempDir"=0
"ProductVersion"=5.1
"RCDependentServices"=CertPropSvc
SessionEnv
"SnapshotMonitors"=1
"StartRCM"=0
"TSUserEnabled"=0
"InstanceID"=0a75482f-528e-4aed-baef-1a21b5b
"GlassSessionId"=1

[HKLM\System\CurrentControlSet\Control\Session Manager]
"AutoChkTimeout"=8
"BootExecute"=autocheck autochk *
"BootShell"=%SystemRoot%\system32\bootim.exe
"CriticalSectionTimeout"=2592000
"ExcludeFromKnownDlls"=
"GlobalFlag"=0
"HeapDeCommitFreeBlockThreshold"=0
"HeapDeCommitTotalFreeThreshold"=0
"HeapSegmentCommit"=0
"HeapSegmentReserve"=0
"InitConsoleFlags"=0
"NumberOfInitialSessions"=2
"ObjectDirectories"=\Windows
\RPC Control
"ProcessorControl"=2
"ProtectionMode"=1
"ResourceTimeoutCount"=648000
"RunLevelExecute"=WinInit
ServiceControlManager
"RunLevelValidate"=ServiceControlManager
"SETUPEXECUTE"=
"AutoChkSkipSystemPartition"=0

[HKLM\System\CurrentControlSet\Control]
"BootDriverFlags"=28
"CurrentUser"=USERNAME
"EarlyStartServices"=RpcSs
Power
BrokerInfrastructure
SystemEventsBroker
DcomLaunch
RpcEpMapper
LSM
AppIdSvc
"PreshutdownOrder"=UsoSvc
DeviceInstall
gpsvc
trustedinstaller
"SvcHostSplitThresholdInKB"=3670016
"WaitToKillServiceTimeout"=200
"SystemStartOptions"= NOEXECUTE=OPTIN
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(3)
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)
"LastBootSucceeded"=1
"LastBootShutdown"=1

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbasedirectories"=0
"auditbaseobjects"=0
"Bounds"=0x0030000000200000
"crashonauditfail"=0
"fullprivilegeauditing"=0x00
"LimitBlankPasswordUse"=1
"NoLmHash"=1
"Notification Packages"=scecli
"Authentication Packages"=msv1_0
"disabledomaincreds"=0
"everyoneincludesanonymous"=0
"forceguest"=0
"LsaPid"=260
"ProductType"=3
"restrictanonymous"=0
"restrictanonymoussam"=1
"SamConnectedAccountsExist"=1
"SecureBoot"=1
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u
livessp

---------- | .LNK with Arguments

c:\programdata\microsoft\windows\start menu\programs\wcf ria services v1.0 sp1\start here.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxp://go.microsoft.com/fwlink/?LinkID=144687) - Hidden: False - Status: OK
c:\programdata\microsoft\windows\start menu\programs\wcf ria services v1.0 sp1\wcf ria services v1.0 sp1 walkthrough.lnk - Encrypted: False - Target: C:\Program Files (x86)\Internet Explorer\iexplore.exe - Args: (hxxp://go.microsoft.com/fwlink/?LinkId=166921) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong contact us.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com/ContactUs.aspx) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong help.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com/Help.aspx) - Hidden: False - Status: OK
c:\users\steve\my backup files\seagate back up12_14_14\backup\0313ed3a-4665-4bb3-9432-12f6e4b4aabc\20121205_125545_steve\c\documents and settings\all users\start menu\programs\pricegong\pricegong homepage.lnk - Encrypted: False - Target: C:\Program Files\Internet Explorer\iexplore.exe - Args: (hxxp://www.pricegong.com) - Hidden: False - Status: OK

---------- | AppCertDlls

---------- | Dnsapi.dll

C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Control Panel\Desktop]
"ActiveWndTrackTimeout"=0
"BlockSendInputResets"=0
"CaretWidth"=1
"ClickLockTime"=1200
"CoolSwitchColumns"=7
"CoolSwitchRows"=3
"CursorBlinkRate"=530
"DockMoving"=1
"DragFromMaximize"=1
"DragFullWindows"=1
"DragHeight"=4
"DragWidth"=4
"FocusBorderHeight"=1
"FocusBorderWidth"=1
"FontSmoothing"=2
"FontSmoothingGamma"=0
"FontSmoothingOrientation"=1
"FontSmoothingType"=2
"ForegroundFlashCount"=7
"ForegroundLockTimeout"=200000
"LeftOverlapChars"=3
"MenuShowDelay"=400
"MouseWheelRouting"=2
"PaintDesktopVersion"=0
"Pattern"=0
"RightOverlapChars"=3
"ScreenSaveActive"=1
"SnapSizing"=1
"TileWallpaper"=0
"WallPaper"=C:\WINDOWS\web\wallpaper\Windows\img0.jpg [18/03/2017 16:56:56]
"WallpaperOriginX"=0
"WallpaperOriginY"=0
"WallpaperStyle"=10
"WheelScrollChars"=3
"WheelScrollLines"=3
"WindowArrangementActive"=1
"UserPreferencesMask"=0x9E3E078012000000
"Win8DpiScaling"=0
"DpiScalingVer"=4096
"MaxVirtualDesktopDimension"=1680
"MaxMonitorDimension"=1680
"TranscodedImageCount"=1
"LastUpdated"=4294967295
"TranscodedImageCache"=0x7AC301002B73030080070000B004000008258A2D2AA0D20143003A005C00570049004E0044004F00570053005C007700650062005C00770061006C006C00700061007000650072005C00570069006E0064006F00770073005C0069006D00670030002E006A007000670000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"AutoColorization"=0
"PreferredUILanguages"=en-US
"WaitToKillAppTimeout"=200

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=153
"NoRun"=0
"NoFolderOptions"=0
"NoControlPanel"=0

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{0E270DAA-1BE6-48F2-AC49-A79589C16F3B}"=1
"{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ShellState"=0x2400000033A8000000000000000000000000000001000000130000000000000062000000
"ExplorerStartupTraceRecorded"=1
"UserSignedIn"=1
"SIDUpdatedOnLibraries"=1
"TelemetrySalt"=6
"LocalKnownFoldersMigrated"=1
"AppReadinessLogonComplete"=1
"FirstRunTelemetryComplete"=1
"GlobalAssocChangedCounter"=11
"SlowContextMenuEntries"=0x0114020000000000C0000000000000467F0A0000D15C59A677BF0A43A45218696685F7C78E050000D3EFA9CCED290A43BA6DE6BBFF0A60C2F1040000AF75193DC6488E4FA182BE0E08FA86A9B3040000FB9A790967ADD111ABCD00C04FC30936290E0000

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2
"StartMenuAdminTools"=0
"ServerAdminUI"=0
"ShowCompColor"=1
"DontPrettyPath"=0
"ShowInfoTip"=1
"MapNetDrvBtn"=0
"WebView"=1
"Filter"=0
"SeparateProcess"=0
"AutoCheckSelect"=0
"IconsOnly"=0
"ShowTypeOverlay"=1
"ListviewAlphaSelect"=1
"ListviewShadow"=1
"TaskbarAnimations"=1
"StartMenuInit"=13
"TaskbarSizeMove"=1
"NavPaneShowAllFolders"=0
"AlwaysShowMenus"=0
"DisablePreviewDesktop"=0
"TaskbarSmallIcons"=0
"TaskbarGlomLevel"=0
"NavPaneExpandToCurrentFolder"=1
"Start_ShowMyComputer"=2
"Start_ShowControlPanel"=1
"Start_ShowMyDocs"=1
"Start_ShowMyGames"=0
"Start_ShowMyMusic"=0
"Start_ShowUser"=0
"Start_ShowMyPics"=0
"Start_MinMFU"=10
"Start_JumpListItems"=10
"Start_AdminToolsRoot"=0
"Start_PowerButtonAction"=2
"Start_TrackDocs"=1
"Start_TrackProgs"=0
"HideFileExt"=0
"SuperHidden"=1
"ShowSuperHidden"=1
"Hidden"=1
"HideIcons"=0
"ShowStatusBar"=1
"StoreAppsOnTaskbar"=1
"EnableStartMenu"=1
"ReindexedProfile"=1
"TaskbarStateLastRun"=0x0DE57B5900000000
"ShowTaskViewButton"=0
"Start_ShowRecentDocs"=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x00000000FFFFFFFF
"0"=0x730068006F00720074006300750074000000

[HKLM\Software\Policies\Microsoft\Windows\System]
"DisableCMD"=0

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"DisableTaskMgr"=0
"DisableRegistryTools"=0
"EnableLinkedConnections"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoControlPanel"=0
"NoRun"=0
"NoFolderOptions"=0
"NoDriveTypeAutoRun"=153

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}
"SmartScreenEnabled"=RequireAdmin
"MultipleInvokePromptMinimum"=10000
"GlobalAssocChangedCounter"=2

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0
"HideFileExt"=0
"SuperHidden"=1
"ShowSuperHidden"=1
"Hidden"=1

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

[HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System]
"DisableCMD"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"DSCAutomationHostEnabled"=2
"EnableCursorSuppression"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableUIADesktopToggle"=0
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"undockwithoutlogon"=1
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"DisableTaskMgr"=0
"DisableRegistryTools"=0
"EnableLinkedConnections"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ForceActiveDesktopOn"=0
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"NoRecentDocsHistory"=0
"NoControlPanel"=0
"NoRun"=0
"NoFolderOptions"=0
"NoDriveTypeAutoRun"=153

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1
"NoComponents"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=1
"DefaultValue"=2
"HKeyRoot"=2147483649
"Id"=2
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
"Text"=@shell32.dll,-30500
"Type"=radio
"ValueName"=Hidden

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ActiveSetupDisabled"=0
"ActiveSetupTaskOverride"=1
"AsyncRunOnce"=1
"AsyncUpdatePCSettings"=1
"DisableAppInstallsOnFirstLogon"=1
"DisableResolveStoreCategories"=1
"DisableUpgradeCleanup"=1
"EarlyAppResolverStart"=1
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}
"FSIASleepTimeInMs"=60000
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}
"IconUnderline"=2
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}
"MachineOobeUpdates"=1
"NoWaitOnRoamingPayloads"=1
"TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_TrackDocs"=1
"TaskbarSizeMove"=0

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s

---------- | Winlogon

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders
"BuildNumber"=15063
"FirstLogon"=0
"PUUActive"=0x3A3934BC010000000600220038D600004FDD000014930200D10000000200060022D8E979A9110B0046F30200E246000060430000F6040000000000002B9401004C040000B0000000CABCAC06930CD30138D60000000000000100000000000000
"DP"=0xCE0058000E000000060000003A3934BC0430010000000000CABCAC06930CD301E90549D8920CD301780001000000000000000000000000000000000000000000AEB600000000000000000000000000000000000000000000
"ParseAutoexec"=1

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"AutoRestartShell"=1
"Background"=0 0 0
"CachedLogonsCount"=10
"DebugServerCommand"=no
"DefaultDomainName"=
"DisableBackButton"=1
"EnableSIHostIntegration"=1
"ForceUnlockLogon"=0
"LegalNoticeCaption"=
"LegalNoticeText"=
"PasswordExpiryWarning"=5
"PowerdownAfterShutdown"=0
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"ReportBootOk"=1
"Shell"=explorer.exe
"ShellCritical"=0
"ShellInfrastructure"=sihost.exe
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0
"VMApplet"=SystemPropertiesPerformance.exe /pagefile
"WinStationsDisabled"=0
"LastLogOffEndTimePerfCounter"=209496342732
"ShutdownFlags"=2147483687
"Userinit"=C:\Windows\system32\userinit.exe,
"AutoAdminLogon"=0
"DefaultUserName"=Steve
"ShutdownWithoutLogon"=0
"scremoveoption"=0
"DisableCad"=1
"EnableFirstLogonAnimation"=1

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DefaultDomainName"=
"DefaultUserName"=
"EnableSIHostIntegration"=1
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}
"Shell"=explorer.exe
"ShellCritical"=0
"SiHostCritical"=0
"SiHostReadyTimeOut"=0
"SiHostRestartCountLimit"=0
"SiHostRestartTimeGap"=0

---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\Classes\.com]
""=comfile

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.reg]
""=regfile

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\Classes\.scr]
""=scrfile

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\Classes\.bat]
""=batfile

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.cmd]
""=cmdfile

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.pif]
""=piffile

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\Classes\.inf]
""=inffile

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\Classes\.url]
""=InternetShortcut

[HKLM\Software\Classes\.lnk]
""=lnkfile

[HKLM\Software\Classes\.hta]
""=htafile
"Content Type"=application/hta

[HKLM\Software\Classes\htafile\Shell\Open\Command]
""=C:\WINDOWS\SysWOW64\mshta.exe "%1" %*

[HKLM\Software\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile
"Content Type"=application/x-msdownload

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*
"IsolatedCommand"="%1" %*

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile

[HKLM\Software\WOW6432Node\Classes\.hta]
""=htafile
"Content Type"=application/hta

[HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
""=C:\WINDOWS\SysWOW64\mshta.exe "%1" %*

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"EditFlags"=2
"FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment
"IsShortcut"=
"NeverShowExt"=
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment
""=Internet Shortcut

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest
"BrowserFlags"=4096
"EditFlags"=4259840
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
""=Application Reference
"EditFlags"=131072
"FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201
"IsShortcut"=
"NeverShowExt"=

[HKLM\Software\WOW6432Node\Classes\Folder]
""=Folder
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay
"ContentViewModeLayoutPatternForBrowse"=delta
"ContentViewModeLayoutPatternForSearch"=alpha
"EditFlags"=0xD2030000
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus
"NoRecentDocs"=
"ThumbnailCutoff"=0
"TileInfo"=prop:System.Title;System.HomeGroupSharingStatus

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\OperaStable\Shell\open\Command]
""="C:\Users\Steve\AppData\Local\Programs\Opera\Launcher.exe"
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\OperaStable\InstallInfo]
"ReinstallCommand"="C:\Users\Steve\AppData\Local\Programs\Opera\Launcher.exe" --makedefaultbrowser

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Avant.Browser\Shell\open\Command]
""=C:\Program Files (x86)\Avant Browser\avant.exe [28/06/2017 22:35:00]
[HKLM\Software\Clients\StartMenuInternet\Avant.Browser\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\Shell\open\Command]
""="C:\Program Files\Waterfox\waterfox.exe"
[HKLM\Software\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\InstallInfo]
"ReinstallCommand"="C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [18/03/2017 22:29:53]
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"
[HKLM\Software\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Safari.exe\Shell\open\Command]
""="C:\Program Files (x86)\Safari\Safari.exe"
[HKLM\Software\Clients\StartMenuInternet\Safari.exe\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Safari\Safari.exe" /reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avant.Browser\Shell\open\Command]
""=C:\Program Files (x86)\Avant Browser\avant.exe [28/06/2017 22:35:00]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Avant.Browser\InstallInfo]
"ReinstallCommand"=

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\Shell\open\Command]
""="C:\Program Files\Mozilla Firefox\firefox.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-308046B0AF4A39CB\InstallInfo]
"ReinstallCommand"="C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\Shell\open\Command]
""="C:\Program Files\Waterfox\waterfox.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Firefox-6F940AC27A98DD61\InstallInfo]
"ReinstallCommand"="C:\Program Files\Waterfox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""=C:\Program Files\Internet Explorer\iexplore.exe [18/03/2017 22:29:53]
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\Shell\open\Command]
""="C:\Program Files\Pale Moon\palemoon.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\PALEMOON.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files\Pale Moon\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Safari.exe\Shell\open\Command]
""="C:\Program Files (x86)\Safari\Safari.exe"
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Safari.exe\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Safari\Safari.exe" /reinstall

---------- | AppcompatFlags

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"SIGN.MEDIA=1BA1796A setup.exe"=1
"C:\Users\Steve\Downloads\wrar393.exe"=1
"C:\Users\Steve\Downloads\rpsetup.exe"=1
"SIGN.MEDIA=7239C InstallMgr.exe"=1
"C:\Users\Steve\Downloads\DMSetup.exe"=1
"C:\Users\Steve\Downloads\Firefox Setup 4.0.1.exe"=1
"SIGN.MEDIA=262E7674 setup.exe"=1
"C:\Users\Steve\nero11v2.exe"=1
"C:\Users\Steve\Downloads\wlsetup-web.exe"=1
"C:\Users\Steve\Adobe Dreamweaver CS3\Adobe CS3\Setup.exe"=1
"C:\Users\Steve\Dream_Weaver_8.0\Dreamweaver8-en.exe"=1
"E:\TL_Bootstrap.exe"=1
"C:\Users\Steve\Downloads\winscp439setup.exe"=1
"C:\Users\Steve\Downloads\ChromeSetup.exe"=1
"C:\Users\Steve\Downloads\dotnetfx35setup.exe"=1
"C:\Users\Steve\Downloads\Firefox Setup 17.0.1.exe"=1
"C:\Users\Steve\Downloads\UseNeXTSetup_5.41.exe"=1
"C:\Users\Steve\Downloads\GrabIt172b6.exe"=1
"C:\Users\Steve\Downloads\AdobeDownloadAssistant.exe"=1
"SIGN.MEDIA=10ED24 SETUP.EXE"=1
"E:\VerizonSWUpgradeAssistantLauncher.exe"=1
"C:\Users\Steve\Downloads\Cisco Packet Tracer 6.0.1 for Windows (with tutorials).exe"=1
"C:\Users\Steve\Downloads\jre-7u45-windows-i586.exe"=1
"C:\Users\Steve\Downloads\jxpiinstall.exe"=1
"SIGN.MEDIA=2189E0FA Setup.exe"=1
"C:\Users\Steve\Downloads\ChromeSetup(1).exe"=1
"SIGN.MEDIA=9BE9E VerizonWirelessUpgradeAssistantSetup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6584_81_64_02.exe"=1
"C:\Program Files\Dell\SupportAssist\uninstaller.exe"=1
"C:\Users\Steve\Downloads\mbam-setup-2.1.4.1018.exe"=1
"C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\Adobe Installer.exe"=1
"C:\Users\Steve\Downloads\mwav.exe"=1
"C:\Users\Steve\Downloads\DriverSupport.exe"=1
"C:\Users\Steve\Downloads\R302955.exe"=1
"C:\dell\drivers\R266204\setup.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6664_10_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nso3718.tmp\Setup.exe"=1
"C:\Users\Steve\Downloads\AVSAudioConverter.exe"=1
"C:\Users\Steve\Downloads\cdbxp_setup_4.5.6.5844.exe"=1
"C:\Users\Steve\Downloads\picard-setup-1.3.2.exe"=1
"C:\Users\Steve\Downloads\rcsetup152.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6664_93_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsaD162.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6745_47_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsu9FFC.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6793_01_64_03.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsg6636.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6817_107_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsdF9.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6817_133_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsj2645.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6855_61_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsy3442.tmp\Setup.exe"=1
"C:\dell\drivers\R266194\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6855_72_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsl1DF.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6855_212_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsdFA29.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6875_402_64_02.exe"=1
"C:\Users\Steve\AppData\Local\Temp\nsl44CD.tmp\Setup.exe"=1
"C:\Users\Steve\AppData\Local\Programs\Opera\Launcher.exe"=32

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A002100006A920CE5B7BAD0010000000100000000
"C:\Users\Steve\Downloads\Windows7-USB-DVD-Download-Tool-Installer-en-US.exe"=0x534143500100000000000000070000002800000090852900E2D52900010000000000000000000106710200006A920CE5B7BAD001000000000000000002000000280000000000000080010000000000000000000000000000000000007A320000000000000200000002000000
"C:\Users\Steve\AppData\Local\Apps\Windows 7 USB DVD Download Tool\Windows7-USB-DVD-Download-Tool.exe"=0x53414350010000000000000007000000280000007847070018800700010000000000000000000006F10200006A920CE5B7BAD0010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000042310D00000000000100000001000000
"C:\Program Files (x86)\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000000DC0F00A00210000100000000000000000001060021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000001C820801000000002D0000002D000000
"C:\Users\Steve\Desktop\A Bootable USB\A Bootable USB\A Bootable USB.exe"=0x53414350010000000000000007000000280000000EEB0F0055780400010000000000000000000006712200006A920CE5B7BAD00100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000837865010000000005000000010000000000000000000000001000000000000000000000000000007B100000000000000400000000000000
"C:\Users\Steve\Downloads\MediaCreationTool.exe"=0x534143500100000000000000070000002800000030E516013EC9170101000000000000000000000A002100006A920CE5B7BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008C2F0000000000000100000001000000
"C:\Users\Steve\Downloads\MediaCreationToolx64.exe"=0x5341435001000000000000000700000028000000C01C2D01A8E42D0101000000000000000000000A00210000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000D6782500000000000100000001000000
"C:\Users\Steve\Downloads\MediaCreationTool(1).exe"=0x534143500100000000000000070000002800000030E516013EC9170101000000000000000000000A002100006A920CE5B7BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007E0D0000000000000100000001000000
"C:\Users\Steve\Downloads\MediaCreationTool(2).exe"=0x534143500100000000000000070000002800000030E516013EC9170101000000000000000000000A002100006A920CE5B7BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000009D270000000000000100000001000000
"C:\Users\Steve\Downloads\MediaCreationToolx64(1).exe"=0x5341435001000000000000000700000028000000C01C2D01A8E42D0101000000000000000000000A00210000EDA4DCB1B3BAD001000000000000000002000000280000000000000000000040000000000000000000000000000000001A252800000000000200000002000000
"C:\Program Files (x86)\Nero\Nero 11\Nero Express\NeroExpress.exe"=0x5341435001000000000000000700000028000000288DDB01435EDC01010000000000000000000106712200006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000D6A60F00000000000100000001000000
"C:\Program Files (x86)\Nero\Nero 11\Nero Burning ROM\nero.exe"=0x53414350010000000000000007000000280000002893DB015ACFDB01010000000000000000000106712200006A920CE5B7BAD0010000000000000000020000002800000000000000000000100000000000000000000000000000000078340B00000000000400000004000000
"C:\Program Files (x86)\UseNeXT\UseNeXT.exe"=0x534143500100000000000000070000002800000000E6410000000000010000000000000000000306F102000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000031AE340A000000004300000043000000
"C:\Program Files (x86)\WinSCP\WinSCP.exe"=0x534143500100000000000000070000002800000058658C00C5308D000100000000000000000002067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DA150000000000000300000003000000
"C:\Users\Steve\Desktop\AVSAudioConverter.exe"=0x5341435001000000000000000700000028000000481A330000000000010000000000000000000105712000006A920CE5B7BAD00100000000000000000200000028000000000000000000000000040000000000000000000000000000014D1500000000000B0000000B000000
"C:\Program Files\NVIDIA Corporation\Control Panel Client\nvcplui.exe"=0x5341435001000000000000000700000028000000B0BE68002664690001000000000000000000000A73220000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000BE530000000000000100000001000000
"C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe"=0x534143500100000000000000070000002800000000B40E0000000000010000000000000000000006F10000006A920CE5B7BAD00100000000000000000200000028000000000000000000000000100000000000000000000000000000FB43DD00000000000100000001000000
"C:\Program Files (x86)\MusicBrainz Picard\picard.exe"=0x534143500100000000000000070000002800000000A2010034330100010000000000000000000006710200006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000082840000000000000100000001000000
"C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe"=0x5341435001000000000000000700000028000000687C0B00A6230C0001000000000000000000000A00210000EDA4DCB1B3BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000062020000000000000200000002000000
"C:\Users\Steve\Downloads\MCPR.exe"=0x53414350010000000000000007000000280000004062710053727100010000000000000000000306000100006A920CE5B7BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000008E9C0000000000000100000001000000
"C:\Program Files\McAfee\MSC\mcsync.exe"=0x534143500100000000000000070000002800000010F01D00FB761E0001000000000000000000000A00210000EDA4DCB1B3BAD001000000000000000002000000280000000000000000000040000000000000000000000000000000003F4E0000000000000200000002000000
"C:\Users\Steve\Downloads\Support-LogMeInRescue.exe"=0x5341435001000000000000000700000028000000A0FD17006B5A180001000000000000000000000A002100006A920CE5B7BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000005A060300000000000100000001000000
"C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0001.tmp\lmi_rescue.exe"=0x53414350010000000000000007000000280000006073320025A9320001000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000023290000000000000100000001000000
"C:\Program Files\McAfee Security Scan\3.8.130\McUICnt.exe"=0x534143500100000000000000070000002800000030D80900A2550A0001000000000000000000030600210000EDA4DCB1B3BAD001000000000000000002000000280000000000000000000000000000000000000000000000000000000E1D0000000000000100000001000000
"C:\Program Files\McAfee Security Scan\3.11.149\McUICnt.exe"=0x534143500100000000000000070000002800000030D80900A2550A0001000000000000000000030600210000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000EA2F0000000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000E804010060270100010000000000000000000106000100006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000384A0000000000000100000001000000
"C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000E88417008A8318000100000000000000000001060001000019B4C529E312D1010000000100000000
"C:\Users\Steve\Downloads\JavaSetup8u66.exe"=0x534143500100000000000000070000002800000060EA0800BADD090001000000000000000000000A712200006A920CE5B7BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000394B0200000000000100000001000000
"C:\Users\Steve\Downloads\mwav.exe"=0x5341435001000000000000000700000028000000F04A3409B42F3509010000000000000000000105710000006A920CE5B7BAD001000000000000000002000000280000000000000000080040000000000000000000000000000000008A8C9A2A000000000100000001000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE"=0x5341435001000000000000000700000028000000E0F2300097E93100010000000000000000000106000100006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000633B0000000000000100000001000000
"C:\Program Files\McAfee Security Scan\3.11.266\McUICnt.exe"=0x534143500100000000000000070000002800000010DA090079170A0001000000000000000000030600010000EDA4DCB1B3BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000B5010A00000000000300000003000000
"C:\Program Files (x86)\Motorola Mobility\VZW_DeviceSoftwareUpdate\VSUA.exe"=0x534143500100000000000000070000002800000030010F0084C90F0001000000000000000000000A712000006A920CE5B7BAD001000000000000000002000000280000000000000000000040000000000000000000000000000000008A530100000000000600000006000000
"SIGN.MEDIA=9BE9E VerizonWirelessUpgradeAssistantSetup.exe"=0x5341435001000000000000000700000028000000308D0A00E3E20A000100000000000000000001060001000019B4C529E312D1010000000000000000020000005000000000000000000000000000000000000000000000000000000094110000000000000600000005000000000000008000000000000000000000000000000000000000E00C0000000000000100000000000000
"C:\Users\Steve\AppData\Local\Temp\VerizonWirelessUpgradeAssistantUpdate_1.4.7.exe"=0x5341435001000000000000000700000028000000C47C9F0200000000010000000000000000000106000100006A920CE5B7BAD00100000080000000000200000028000000000000000000004000000000000000000000000000000000A7381D00000000000100000001000000
"C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\BackItUp.exe"=0x534143500100000000000000070000002800000028EB6700AB4F6800010000000000000000000106F122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000FB970000000000000300000003000000
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"=0x5341435001000000000000000700000028000000A0B615009E711600010000000000000000000106000100006A920CE5B7BAD0010000000100000000
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE"=0x5341435001000000000000000700000028000000A04E37019D433801010000000000000000000106000100006A920CE5B7BAD0010000000100000000
"C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE"=0x5341435001000000000000000700000028000000A886F3004FBFF300010000000000000000000106000100006A920CE5B7BAD0010000000100000000
"C:\Users\Steve\Downloads\Setup.X86.en-US_O365HomePremRetail_680f6dad-16aa-4720-b541-93222f0b35cc_TX_PR_.exe"=0x5341435001000000000000000700000028000000C0D830002E4E310001000000000000000000000A002100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000017301400000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE"=0x5341435001000000000000000700000028000000C08EF0002882F10001000000000000000000000A002100006A920CE5B7BAD0010000001100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A002100006A920CE5B7BAD0010000000100000000
"C:\Users\Steve\Downloads\ADE_4.5_Installer.exe"=0x534143500100000000000000070000002800000020408200597F8200010000000000000000000006710200006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000B0B22C00000000000100000001000000
"C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\DigitalEditions.exe"=0x5341435001000000000000000700000028000000D80A3F000D913F0001000000000000000000000AF120000019B4C529E312D10100000000000000000200000028000000000000000000000004000000000000000000000000000000FF547303000000001D0000001D000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE"=0x5341435001000000000000000700000028000000C0601C00D0A91C0001000000000000000000000A002100006A920CE5B7BAD0010000000100000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe"=0x5341435001000000000000000700000028000000C0CE100092111100030000000000000000000106000100006A920CE5B7BAD001000000000000000002000000280000000000000000000010000000000000000000000000000000009B1F0700000000000100000001000000
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHBS.EXE"=0x534143500100000000000000070000002800000090CE050013B60600030000000000000000000106000100006A920CE5B7BAD00100000000000000000200000028000000000000000000000000000000000000000000000000000000FDD50000000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe"=0x5341435001000000000000000700000028000000E862350054FC350001000000000000000000000A712200006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000088A01000000000000100000001000000
"C:\Users\Steve\Downloads\mvt.exe"=0x53414350010000000000000007000000280000007039030006B70300010000000000000000000306000100006A920CE5B7BAD001000000000000000002000000280000000000000000000040000000000000000000000000000000002F170700000000000200000002000000
"C:\Program Files (x86)\PrivaZer\PrivaZer.exe"=0x53414350010000000000000007000000280000008852DA00F578DA000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000486AC501000000000400000004000000
"C:\Users\Steve\Downloads\eset_nod32_antivirus_live_installer.exe"=0x5341435001000000000000000700000028000000C84E2B00EB8F2B0001000000000000000000000A002100006A920CE5B7BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000274F0700000000000100000001000000
"C:\Users\Steve\Downloads\esetsmartinstaller_enu.exe"=0x5341435001000000000000000700000028000000C8CE2B00B9E72B0001000000000000000000000A712000006A920CE5B7BAD001000000000000000002000000280000000000000000000000000000000000000000000000000000005851A200000000000100000001000000
"C:\Program Files\ESET\ESET NOD32 Antivirus\eeclnt.exe"=0x5341435001000000000000000700000028000000C8CC00009F91010001000000000000000000000A00210000EDA4DCB1B3BAD001000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000003F270000000000000200000002000000
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe"=0x5341435001000000000000000700000028000000C8DE0100F9D0020003000000000000000000000A712000006A920CE5B7BAD0010000000000000000020000002800000000000000000800000000000000000000000000000000000095230000000000000100000001000000
"C:\Users\Steve\Downloads\AdwCleaner.exe"=0x5341435001000000000000000700000028000000000417000000000001000000000000000000000A002100006A920CE5B7BAD0010000000000000000
"C:\Program Files (x86)\Driver Support\Uninstall.exe"=0x5341435001000000000000000700000028000000E8D401008C150200030000000000000000000306000100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000011070400000000000100000001000000
"C:\Program Files (x86)\AVS4YOU\AVSUpdateManager\unins000.exe"=0x534143500100000000000000070000002800000061CB0A0000000000030000000000000000000106000100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000076230000000000000100000001000000
"C:\Program Files (x86)\AVS4YOU\AVSSoftwareNavigator\unins000.exe"=0x534143500100000000000000070000002800000065E70A0000000000030000000000000000000106000100006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000001120000000000000100000001000000
"C:\Program Files (x86)\DVD Decrypter\uninstall.exe"=0x53414350010000000000000007000000280000000DFC000000000000030000000000000000000105710000006A920CE5B7BAD0010000000000000000020000002800000000000000000800000000000000000000000000000000000051240000000000000100000001000000
"C:\Program Files (x86)\DVD Shrink\unins000.exe"=0x5341435001000000000000000700000028000000C92D010000000000030000000000000000000105412000006A920CE5B7BAD0010000000000000000020000002800000000000000000800000000000000000000000000000000000075110000000000000100000001000000
"C:\Users\Steve\Downloads\esetsmartinstaller_enu(1).exe"=0x5341435001000000000000000700000028000000C8CE2B00B9E72B0001000000000000000000000A712000006A920CE5B7BAD0010000000000000000020000002800000000000000000000000000000000000000000000000000000068E0F501000000000100000001000000
"C:\Users\Steve\Downloads\MediaCreationTool(3).exe"=0x5341435001000000000000000700000028000000507919015BC4190101000000000000000000000A002100006A920CE5B7BAD00100000000000000000200000028000000000000000000004000000000000000000000000000000000EF118100000000000100000001000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C88002006A18030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8800200726B030001000000000000000000000A0021000019B4C529E312D1010000000100000000
"C:\Users\Steve\Downloads\Adware_Removal_Tool_by_TSA.exe"=0x5341435001000000000000000700000028000000A8B00A00864A0B0001000000000000000000000AF122000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004C263000000000000100000001000000
"C:\Users\Steve\Desktop\Desk top items\AVSAudioConverter.exe"=0x5341435001000000000000000700000028000000481A3300000000000100000000000000000001057120000033504C2B57DFD1010000000000000000010000000400000001000000020000002800000000000000000000004004000000000000400000000000000093110F03000000002000000020000000
"C:\Program Files (x86)\CDBurnerXP\unins000.exe"=0x5341435001000000000000000700000028000000C9181800000000000300000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E4980000000000000200000002000000
"C:\Users\Steve\Downloads\cdbxp_setup_4.5.6.5844.exe"=0x5341435001000000000000000700000028000000803856000AB956000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000053601D00000000000100000001000000
"C:\Users\Steve\Desktop\Usenext Files\wizard\Nero 2016 Platinum v17.0.02000 + Crack (TechTools\setup_contentpack.exe"=0x53414350010000000000000007000000280000004863ED2F5C85ED2F0100000000000000000001067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000968B1700000000000200000002000000
"C:\Program Files (x86)\Nero\Nero 11\Nero Vision\NeroVision.exe"=0x5341435001000000000000000700000028000000288513003B1514000100000000000000000001067122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000037E90000000000000100000001000000
"C:\Program Files (x86)\Nero\Uninstall.exe"=0x5341435001000000000000000700000028000000A9F90800000000000300000000000000000000067100000019B4C529E312D1010000000000000000020000002800000000000000000800000000000000000000000000000000000086E10000000000000100000001000000
"C:\ProgramData\Uninstall\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}\setup.exe"=0x5341435001000000000000000700000028000000F0613B00FE6B3B000300000000000000000001060021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000625D0000000000000100000001000000
"C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe"=0x5341435001000000000000000700000028000000F02B3B00DB763B000300000000000000000001067122000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000008000000000000000800000000000B3260000000000000100000001000000010000000400000001000000
"C:\Program Files (x86)\WinRAR\Uninstall.exe"=0x534143500100000000000000070000002800000000D80100599A02000300000000000000000001060021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E3160000000000000100000001000000
"C:\Users\Steve\Desktop\Usenext Files\wizard\WinRAR 5.30 Beta 2 Registered Version by Tallguy29\WinRAR 5.30 Beta 2 (x64).exe"=0x53414350010000000000000007000000280000006AF41F00000000000100000000000000000003060001000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000026740000000000000100000001000000
"C:\Users\Steve\Downloads\Support-LogMeInRescue(1).exe"=0x53414350010000000000000007000000280000002850180015E9180001000000000000000000000A0021000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000025630C00000000000100000001000000
"C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe"=0x5341435001000000000000000500000010000000000000000000000000000000000000000700000028000000E0759700E487970001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000D9291F00000000000500000005000000
"C:\Program Files (x86)\Broderbund\The Print Shop\ps.exe"=0x534143500100000000000000070000002800000000406B00000000000100000000000000000001057120000033504C2B57DFD10100000000000000000200000028000000000000000000000000040200000000000000000000000000D46D1301000000000200000002000000
"C:\Users\Steve\Downloads\mvt(1).exe"=0x53414350010000000000000007000000280000007039030006B703000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000062F0200000000000100000001000000
"C:\Users\Steve\Downloads\mvt(2).exe"=0x53414350010000000000000007000000280000007039030006B703000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000028890600000000000100000001000000
"C:\Users\Steve\Downloads\mvt(3).exe"=0x53414350010000000000000007000000280000007039030006B703000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D5510100000000000100000001000000
"C:\Users\Steve\Downloads\mvt(4).exe"=0x53414350010000000000000007000000280000007039030006B703000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CA972B00000000000100000001000000
"C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0002.tmp\lmi_rescue.exe"=0x534143500100000000000000070000002800000010D73C002F3A3D0001000000000000000000000A0021000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000039060000000000000100000001000000
"C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet\LMIR0003.tmp\lmi_rescue.exe"=0x534143500100000000000000070000002800000010D73C002F3A3D0001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000EB050000000000000100000001000000
"C:\Program Files\McAfee Security Scan\uninstall.exe"=0x5341435001000000000000000700000028000000407C05001BA805000300000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A42B0000000000000100000001000000
"C:\Program Files\McAfee\MSC\mcuihost.exe"=0x534143500100000000000000070000002800000018B10E00E0AB0F0003000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000050630300000000000100000001000000
"SIGN.IE=07EF508 McAfeeSetup-AutoLogin.exe"=0x534143500100000000000000070000002800000008F57E00C5297F0001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D40C0600000000000100000001000000
"C:\Users\Steve\Downloads\getnzb-setup-v742581.exe"=0x534143500100000000000000070000002800000090999F002680A0000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000063931303000000000100000001000000
"C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe"=0x5341435001000000000000000700000028000000D0767608D53B770801000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D67DE400000000000800000008000000
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8E6100028D3110001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC530000000000000100000001000000
"C:\Program Files\Adobe\Adobe InDesign CC 2015\InDesign.exe"=0x5341435001000000000000000700000028000000D00E5C008D665C0001000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000060635500000000000200000002000000
"C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe"=0x5341435001000000000000000700000028000000C04C2300C564230001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000007FD15100000000000400000004000000
"C:\Windows\SysWOW64\Macromed\Temp\{AA15560B-B1C1-4AE0-A540-AE196E039413}\InstallFlashPlayer.exe"=0x5341435001000000000000000700000028000000C0089B00FA4F9B0001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000057160000000000000100000001000000
"C:\Users\Steve\Downloads\mbae_premium.exe"=0x5341435001000000000000000700000028000000089D1C00580C1D000100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000F6900000000000000100000001000000
"C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"=0x5341435001000000000000000700000028000000D0252800659A280001000000000000000000000A7122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000BD050000000000000100000001000000
"SIGN.MEDIA=1750764 Autorun.exe"=0x534143500100000000000000070000002800000048A70600B4E206000100000000000000000001067120000019B4C529E312D1010000000000000000020000002800000000000000800800400000000000000000000000000000000021703100000000000200000002000000
"C:\Users\Steve\Desktop\Usenext Files\wizard\The Beatles Abbey Road 1969 Stereo Remaster 2014 -\The Beatles Abbey Road 1969 Stereo Remaster 2014.exe"=0x5341435001000000000000000700000028000000B7F00E06000000000100000000000000000001067102000019B4C529E312D10100000000000000000200000028000000000000000000000000000200000000000000000000000000B41EEA01000000000200000002000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0BA02005C1F030001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000033504C2B57DFD1010000000100000000
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02001930030001000000010000000000000A7122000033504C2B57DFD1010000000000000000
"C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe"=0x5341435001000000000000000700000028000000089F37002B04380001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E2040000000000000200000002000000
"C:\Program Files\McAfee.com\Agent\mcagent.exe"=0x5341435001000000000000000700000028000000F0241100BE14120001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000021050000000000000200000002000000
"C:\Program Files\WinRAR\Uninstall.exe"=0x5341435001000000000000000700000028000000909D03003B21040001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5010000000000000100000001000000
"C:\Users\Steve\Downloads\R266194.exe"=0x53414350010000000000000007000000280000008844EA04A04AEA040100000000000000000000067102000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A5D40000000000000100000001000000
"C:\Program Files (x86)\Java\jre1.8.0_66\bin\javacpl.exe"=0x5341435001000000000000000700000028000000600A01008EA301000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000065040000000000000100000001000000
"C:\Users\Steve\Downloads\JavaUninstallTool.exe"=0x534143500100000000000000070000002800000018AA1100D6E4110001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000BA9F0000000000000100000001000000
"C:\Users\Steve\Downloads\JavaSetup8u111.exe"=0x534143500100000000000000070000002800000040400B00A6CF0B0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000CDEB1900000000000100000001000000
"C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe"=0x534143500100000000000000070000002800000078DF1000C751110001000000000000000000000AF1220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FA560000000000002600000026000000
"C:\Users\Steve\Downloads\burnsetup.exe"=0x534143500100000000000000070000002800000010970D0099AB0D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000068760A00000000000100000001000000
"C:\Users\Steve\Downloads\cdbxp_setup_4.5.7.6521_minimal.exe"=0x5341435001000000000000000700000028000000402F52007D9852000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ADBD7B00000000000100000001000000
"C:\Users\Steve\Downloads\TurboTax_Deluxe_2015_Federal__State_Taxes_-_Tax_Preparation_Software_-_PC_Download_Old_Version.exe"=0x53414350010000000000000007000000280000004064140711CE14070100000000000000000000067100000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D9C8E51E000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe"=0x5341435001000000000000000700000028000000508C1C0096501D0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000000000000000000000000000000000000000FF591A08000000000200000002000000
"C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe"=0x534143500100000000000000070000002800000070B41A00795F1B0001000000000000000000000A8021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C8E30000000000000100000001000000
"C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe"=0x5341435001000000000000000700000028000000507A0900D5C309000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000055AC0500000000000100000001000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000C0A61D00BD9F1E0001000000000000000000000A0021000033504C2B57DFD1010000009100000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE"=0x5341435001000000000000000700000028000000C0DA1902D8661A0201000000000000000000000A0021000033504C2B57DFD1010000009100000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000C8EA3D0045E03E0001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000010FB7901000000000700000007000000
"C:\Users\Steve\Downloads\FRST.exe"=0x534143500100000000000000070000002800000000221B00484D1B0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BE170000000000000100000001000000
"C:\Program Files\Dell\SupportAssist\pcdlauncher.exe"=0x5341435001000000000000000700000028000000D81307000279070001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000068060000000000000100000001000000
"C:\Users\Steve\Downloads\FRST64.exe"=0x5341435001000000000000000700000028000000005A240093E4240001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000000DD0700000000000100000001000000
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"=0x5341435001000000000000000700000028000000C8F3070014AF080001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\Downloads\aswmbr.exe"=0x5341435001000000000000000700000028000000005A4F000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F9FD0300000000000400000004000000
"C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000090AB1700BE9B180001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004B6A1002000000000A0000000A000000
"C:\Users\Steve\Downloads\Desktop\FRST64.exe"=0x5341435001000000000000000700000028000000005A240093E4240001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000
"C:\Users\Steve\Downloads\esetonlinescanner_enu.exe"=0x534143500100000000000000070000002800000080126700FBD7670001000000000000000000000A0021000033504C2B57DFD1010000000000000000
"C:\Users\Steve\Downloads\Adware Removal Tool by TSA(1).exe"=0x5341435001000000000000000700000028000000A87A0B0004E60B0001000000000000000000000AF122000033504C2B57DFD1010000000000000000
"C:\Users\Steve\Downloads\Desktop\aswmbr(1).exe"=0x5341435001000000000000000700000028000000005A4F000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000089A0B00000000000100000001000000
"C:\Users\Steve\Downloads\RogueKiller_portable64.exe"=0x534143500100000000000000070000002800000048EE9301DE3D940101000000000000000000000A00210000D5B3B31A57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000052A16900000000000100000001000000
"C:\Users\Steve\Downloads\JRT.exe"=0x534143500100000000000000070000002800000048501B0027F11B000100000000000000000001067102000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004C811900000000000100000001000000
"C:\Users\Steve\Downloads\adwcleaner_7.0.0.0.exe"=0x5341435001000000000000000700000028000000C88B7C006CAA7C0001000000000000000000000A7122000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040040000000000000000000000000000000D3A0300000000000100000001000000
"C:\Users\Steve\Downloads\ZHPDiag3.exe"=0x534143500100000000000000070000002800000080912A00AAAC2A000100000000000000000003060001000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000A45D1D00000000000100000001000000
"C:\Users\Steve\Downloads\ZHPDiag3(1).exe"=0x534143500100000000000000070000002800000080912A00AAAC2A000100000000000000000003060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000044220200000000000200000002000000
"C:\Users\Steve\Downloads\ZHPDiag3(2).exe"=0x534143500100000000000000070000002800000080912A00AAAC2A000100000000000000000003060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006CD20800000000000200000002000000
"C:\Users\Steve\Downloads\ZHPDiag3(3).exe"=0x534143500100000000000000070000002800000080912A00AAAC2A000100000000000000000003060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000006F310A00000000000200000002000000
"C:\Users\Steve\Downloads\ccsetup532.exe"=0x534143500100000000000000070000002800000038BC940091CD940001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000003CB70300000000000100000001000000
"C:\Users\Steve\Downloads\ZHPCleaner(1).exe"=0x5341435001000000000000000700000028000000803D2B00F7A52B000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000006C4D0F00000000000100000001000000
"C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup.exe"=0x5341435001000000000000000700000028000000908D640002B9733B01000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000B773C900000000000100000001000000
"C:\Windows\System32\UNPUXWorker.exe"=0x534143500100000000000000070000002800000060570100D7A3010001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000004F000000000000000200000002000000
"C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe"=0x53414350010000000000000007000000280000009038ED00C927EE0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000033020000000000000100000001000000
"C:\Users\Steve\Desktop\ZHPFix(2).exe"=0x534143500100000000000000070000002800000051BC35000000000001000000000000000000000A41220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000633B0000000000000200000002000000
"C:\Users\Steve\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000803D2B00F7A52B0001000000000000000000030600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000322A3A00000000000200000002000000
"C:\Users\Steve\Downloads\PatchMyPC(1).exe"=0x5341435001000000000000000700000028000000203F090082330A0001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E0778A00000000000100000001000000
"C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000E0F5A701CC87A80101000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000100000000000000000000000000000000021050000000000000100000001000000
"C:\Program Files\Notepad++\notepad++.exe"=0x5341435001000000000000000700000028000000B05A2D0009742D0001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008E1F0000000000000100000001000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000787C03003765040001000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D05E9301F3E9930101000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D09A0300AA58040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\Desktop\HiJackThis.exe"=0x534143500100000000000000070000002800000050841100A385110001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000DF300C02000000000100000001000000
"C:\Users\Steve\Downloads\Zemana.AntiMalware.Setup(1).exe"=0x5341435001000000000000000700000028000000908D640002B9733B01000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D9DE8E02000000000100000001000000
"C:\Users\Steve\Downloads\zoek(1).exe"=0x534143500100000000000000070000002800000000FA13000000000001000000000000000000010671020000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100000000000000000000000000000122B8800000000000200000002000000
"C:\Users\Steve\Downloads\ZHPFix\ZHPFix(2).exe"=0x534143500100000000000000070000002800000051BC35000000000001000000000000000000000A41220000E63F486B2AA0D201000000000000000002000000500000000000000000000040000000000000000000000000000000003B5900000000000002000000010000000000000000000000000000000000000000000000000000003B470000000000000200000000000000
"C:\Program Files (x86)\ZHPFix\ZHPhep.exe"=0x534143500100000000000000070000002800000000421D000000000001000000000000000000020671220000E63F486B2AA0D201000000000000000002000000500000000000000000000040000000000000000000000000000000007D631700000000000200000001000000000000000000000000000000000000000000000000000000145D0000000000000200000000000000
"C:\Users\Steve\Downloads\SecurityCheck.exe"=0x534143500100000000000000070000002800000037DE070065BC010001000000000000000000010600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000947B0100000000000100000001000000
"C:\Users\Steve\Downloads\JavaSetup8u144.exe"=0x534143500100000000000000070000002800000040460B009AF30B0001000000000000000000000A71220000E63F486B2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000021B00100000000000100000001000000
"C:\Program Files\Internet Explorer\iexplore.exe"=0x534143500100000000000000070000002800000040930C00D5A10C0001000000010000000000000A00210000E78E163C2AA0D2010000000000000000
"C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssvagent.exe"=0x534143500100000000000000070000002800000040D00000706A010001000000000000000000010600010000E63F486B2AA0D201000000000000000002000000280000000000000000000000000000000000000000000000000000004E000000000000000200000002000000
"C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C8524300FD12440001000000000000000000000A00210000E78E163C2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000099530100000000000100000001000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000D0F2A6017F93A70101000000000000000000000A00210000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000D0960300F48A040001000000000000000000000A71200000E63F486B2AA0D2010000000100000000
"C:\Users\Steve\Downloads\JavaSetup8u144(1).exe"=0x534143500100000000000000070000002800000040460B009AF30B0001000000000000000000000A71220000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D15C0100000000000100000001000000
"C:\Program Files\WindowsApps\DriverToaster_1.3.0.0_x86__rqs2nt378nwsp\DriverToaster.exe"=0x5341435001000000000000000700000028000000009200000000000001000000000000000000000AF5220000E63F486B2AA0D2010000000000000000020000002800000000000000000000000000000000000000000000000000000028090000000000000200000002000000
"C:\Users\Steve\Downloads\zoek(2).exe"=0x534143500100000000000000070000002800000000FA13000000000001000000000000000000010671020000E63F486B2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000001CED2C01000000000200000002000000
"C:\Users\Steve\AppData\Local\Temp\A737.tmp\zoek-delete.bat"=0x5341435001000000000000000700000028000000008A03001380040001000000000000000000010500100000E63F486B2AA0D2010000000000000000
"C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE"=0x534143500100000000000000070000002800000030409601D091960101000000000000000000000A00210000E63F486B2AA0D2010000009100000000
"C:\Users\Steve\Downloads\PatchMyPC(2).exe"=0x5341435001000000000000000700000028000000203F090082330A0001000000000000000000000AF5220000E78E163C2AA0D2010000000000000000020000002800000000000000000000400000000000000000000000000000000011860800000000000100000001000000
"C:\Users\Steve\Downloads\jre-8u144-windows-x64(1).exe"=0x53414350010000000000000007000000280000004064E503EAB4E50301000000000000000000000A73220000E78E163C2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000A4320100000000000100000001000000
"C:\Users\Steve\Downloads\SecurityCheck(1).exe"=0x534143500100000000000000070000002800000037DE070065BC010001000000000000000000010600010000E63F486B2AA0D20100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000BD001000000000000200000002000000
"C:\Users\Steve\Downloads\FRST64(1).exe"=0x534143500100000000000000070000002800000000562400C318250001000000000000000000000A00210000E78E163C2AA0D201000000000000000002000000280000000000000000000040000000000000000000000000000000003B7C8205000000000300000003000000
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x534143500100000000000000070000002800000058531500F107160001000000000000000000000A00210000E78E163C2AA0D2010000000100000000
"C:\Users\Steve\Desktop\SupRestric.exe"=0x534143500100000000000000070000002800000000501200CE49130001000000000000000000000A00210000E63F486B2AA0D201000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004C2A0000000000000100000001000000
"C:\Users\Steve\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A83547001933480001000000000000000000000A00210000E63F486B2AA0D20100000000000000000200000028000000000000000000004000000000000000000000000000000000D13B0000000000000100000001000000

---------- | IFEO

---------- | Mountpoints2

---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"Beep"=#USR:Control Panel\Sound
"CoolSwitch"=USR:Control Panel\Desktop
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"DoubleClickHeight"=#USR:Control Panel\Mouse
"DoubleClickSpeed"=#USR:Control Panel\Mouse
"DoubleClickWidth"=#USR:Control Panel\Mouse
"DragFullWindows"=USR:Control Panel\Desktop
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard
"LowPowerActive"=#USR:Control Panel\Desktop
"LowPowerTimeOut"=#USR:Control Panel\Desktop
"MouseSpeed"=#USR:Control Panel\Mouse
"MouseThreshold1"=#USR:Control Panel\Mouse
"MouseThreshold2"=#USR:Control Panel\Mouse
"PowerOffActive"=#USR:Control Panel\Desktop
"PowerOffTimeOut"=#USR:Control Panel\Desktop
"ScreenSaveActive"=#USR:Control Panel\Desktop
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop
"SnapToDefaultButton"=#USR:Control Panel\Mouse
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS
"SwapMouseButtons"=#USR:Control Panel\Mouse
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
"ScreenSaverActive"=USR:Control Panel\Desktop
"ScreenSaverIsSecure"=USR:Control Panel\Desktop
"SCRNSAVE.EXE"=USR:Control Panel\Desktop
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=131455394471959679

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
"ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
"ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
"RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
"DisableAntiSpyware"=1
"ProductType"=2
"ManagedDefenderProductType"=0
"ProductStatus"=0
"InstallTime"=0x78EACE00A9FDD001
"DisableAntiVirus"=1
"InstallLocation"=C:\Program Files\Windows Defender\
"PassiveMode"=0
"LastEnabledTime"=0xDB3729F93E08D301

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1

---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetSetupSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]

---------- | Winsock (Whitelist)

---------- | Hosts

#
#
#
#
#
127.0.0.1 localhost

---------- | Ping

Pinging google.com [2607:f8b0:4009:813::200e] with 32 bytes of data:
Request timed out.
Reply from 2607:f8b0:4009:813::200e: time=31ms
Reply from 2607:f8b0:4009:813::200e: time=40ms
Reply from 2607:f8b0:4009:813::200e: time=42ms

Ping statistics for 2607:f8b0:4009:813::200e:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 42ms, Average = 37ms

---------- | @

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Internet Explorer\Main]
"Anchor Underline"=yes
"Disable Script Debugger"=yes
"DisableScriptDebuggerIE"=yes
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"UseClearType"=no
"XMLHTTP"=1
"Local Page"=C:\WINDOWS\system32\blank.htm
"Cache_Update_Frequency"=Once_Per_Session
"Search Page"=http://www.google.com
"NoUpdateCheck"=0
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"DisableFirstRunCustomize"=0
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8D0100001E00000088060000AF020000
"Use FormSuggest"=yes
"NotifyDownloadComplete"=yes
"Error Dlg Displayed On Every Error"=no
"IconCache"=0xiih2c
"DownloadWindowPlacement"=0x2C0000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF0E010000AF000000E60500008F020000
"AutoHide"=yes
"OperationalData"=13
"ImageStoreRandomFolder"=fm9o54e
"IE10TourNoShow"=1
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"ScriptDebugger_EnableHiddenTabs"=0
"StatusBarWeb"=1
"ForceGDIPlus"=0
"AlwaysShowMenus"=0
"ShutdownWaitForOnUnload"=0
"DNSPreresolution"=8
"SpellChecking"=1
"LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
"DisablePasswordReveal"=0
"DisableRequiresActiveXPrompt"=
"GotoIntranetSiteForSingleWordEntry"=0
"AutoSearch"=1
"SuppressScriptDebuggerDialog"=0
"PredictedViewExpansion"=100
"PredictedViewChangeThreshold"=10
"PredictedViewChangeThresholdPaint"=10
"ContentLayerCacheExpansion"=300
"RenderingLoopMaxTime"=250
"NscSingleExpand"=0
"Friendly http errors"=yes
"CSS_Compat"=doctype
"Expand Alt Text"=no
"Display Inline Videos"=1
"Use Stylesheets"=1
"SmoothScroll"=1
"Show image placeholders"=0
"Disable Diagnostics Mode"=no
"Move System Caret"=no
"Enable AutoImageResize"=yes
"UseThemes"=1
"UseHR"=0
"Q300829"=0
"Cleanup HTCs"=0
"XDomainRequest"=1
"DOMStorage"=1
"EnableAlternativeCodec"=yes
"JScriptProfileCacheEventDelay"=5000
"CrossfadeMinTimeoutInMS"=30000
"CrossfadeMaxTimeoutInMS"=30000
"CrossfadeCurrentTimeoutInMS"=30000
"ScrollTimeoutInMS"=6000
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0xE5DD9C591A07D301
"IE10RunOncePerInstallCompleted"=1
"IE10TourShown"=0
"IE10RecommendedSettingsNo"=0
"FrameTabWindow"=1
"AdminTabProcs"=1
"SessionMerging"=1
"FrameMerging"=1
"HangRecovery"=1
"DesktopTransparentCoverWindowTime"=8
"TSEnable"=1
"Isolation64Bit"=0
"IsolationImmersive"=PMEM
"TabShutdownDelay"=60000
"FrameShutdownDelay"=0
"MinIEEnabled"=1
"RunSpartanBrowser"=0
"RefcountTracker"=0
"TabDragOnSingleProc"=0
"ForceBFCacheCandidacyPass"=0
"Fasterback"=1
"BackForwardInstrumentation"=0
"EdgeSwitchingOSBuildNumber"=10586.th2_release.160906-1759
"First Home Page"=http://g.msn.com/1me10IE11ENUS/MCM_WCP
"Start Page_TIMESTAMP"=0x72C4D1B6856ED201
"SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
"IE10RunOnceCompletionTime"=0xBD4A7BC6B510D201
"IE11EdgeNotifyTime"=0xF576C92E2007D301
"EdgeReminderRemainingCount"=5

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"DisableCachingOfSSLPages"=0
"IE5_UA_Backup_Flag"=5.0
"PrivacyAdvanced"=1
"SecureProtocols"=2688
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"ProxyHttp1.1"=1
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=IEUser@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"ZonesSecurityUpgrade"=0xA9C9808FB605D301
"WarnonZoneCrossing"=0
"EnableAutodial"=0
"NoNetAutodial"=0
"GlobalUserOffline"=1
"EnableHTTP2"=1
"BackgroundConnections"=1
"SyncMode5"=4
"EnableSSL3Fallback"=1
"EnablePunycode"=1
"ShowPunycode"=0
"CreateUriCacheSize"=80
"CoInternetCombineIUriCacheSize"=80
"SecurityIdIUriCacheSize"=30
"SpecialFoldersCacheSize"=8

[HKLM\Software\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\System32\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"DisableRandomFlighting"=0
"EnableLegacyEdgeSwitching"=1
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"TabProcGrowth"=Medium
"Print_Background"=0
"AlwaysShowMenus"=0
"StatusBarWeb"=1
"Check_Associations"=yes
"FrameAuto"=1

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://
"gopher"=gopher://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"AutoHide"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\Windows\SysWOW64\blank.htm
"Placeholder_Height"=0x1A000000
"Placeholder_Width"=0x1A000000
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Use_Async_DNS"=yes
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"Home"=270
"InPrivate"=res://ieframe.dll/inprivate.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"PostNotCached"=res://ieframe.dll/repost.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"ftp"=ftp://
"home"=http://
"mosaic"=http://
"www"=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"ActiveXCache"=C:\Windows\Downloaded Program Files
"CodeBaseSearchPath"=CODEBASE
"EnablePunycode"=1
"MinorVersion"=0
"WarnOnIntranet"=1

---------- | Proxy

[HKLM\System\CurrentControlSet\Services\NLASVC\Parameters\Internet\Manualproxies]

---------- | reparsepoint

---------- | Detection of offsets

---------- | Notify

---------- | Execution FileExts

---------- | SIOI | SEH | URLSH

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSynced] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ GoogleDriveSyncing] - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} -- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [21/03/2017 08:15:16]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco1] - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco2] - {853B7E05-C47D-4985-909A-D0DC5C6D7303} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ AccExtIco3] - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [22/05/2016 19:33:48]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)] - {8BA85C75-763B-4103-94EB-9470F12FE0F7} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)] - {CD55129A-B1A1-438E-A425-CEBC7DC684EE} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)] - {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [23/02/2016 14:16:40]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [18/03/2017 16:57:23]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive6] - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} --

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=

---------- | Toolbar

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=1

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000030000000100000000000000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}
"DownloadRetries"=4
"Version"=5
"UpgradeTime"=0xA9C9808FB605D301
"ShowSearchSuggestionsInAddressGlobal"=1
"DefaultPackCorrection"=1
"KnownProvidersUpgradeTime"=0xA9C9808FB605D301

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=0x00

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}

---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{0000036B-C524-4050-81A0-243669A86B9F}] : () - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}] : (@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{48A61126-9A19-4C50-A214-FF08CB94995C}] : (McAfee WebAdvisor) - []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - []

---------- | SearchScopes

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66}] - (Google) - http://www.google.com/search?q={searchTerms} :
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 :
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0C755E98-7D34-4B11-A63A-5F01EB9ABAE7}] - (Bing) - http://www.bing.com/search?FORM=U220DF&PC=U220&q={searchTerms}&src=IE-SearchBox :
[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{AB62CE37-C53F-4D77-9489-308327D58331}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox :

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor BHO) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [27/07/2017 16:37:02]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) :
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [03/01/2017 16:16:24]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}] -> (Windows Live Messenger Companion Helper) : C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [08/03/2012 18:14:38]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] -> (Adobe Acrobat Create PDF Helper) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] -> (McAfee WebAdvisor BHO) : c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll [27/07/2017 16:37:02]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}] -> (Microsoft Web Test Recorder 10.0 Helper) : c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [19/03/2010 15:02:22]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] -> (Adobe Acrobat Create PDF from Selection) : C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [18/12/2015 11:42:36]
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}] -> (Adblock Plus for IE Browser Helper Object) : C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [03/01/2017 16:16:24]

---------- | Chrome

C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepaooicaho = : McAfee® WebAdvisor - McAfee® WebAdvisor - permissions:[tabs\u003Call_urls>downloadsnativeMessagingwebRequest] - https://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

[HKLM\Software\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\efaidnbmnnnibpcajpcglclefindmkaj]
[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho]

---------- | Opera

---------- | Firefox

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\jor6jyfq.default\Extensions\djziggy@gmail.com : : <em:internalName>LavaFox_V1-Blue</em:internalName> - : http://zigboom.com/
C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\jor6jyfq.default\Extensions\html5notifications@paxal.net.xpi

[HKLM\Software\mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
[HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
"web2pdfextension.15@web2pdf.adobedotcom"=C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll
[HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.144.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.144.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll
[HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL
[HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll
[HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect] - () : C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 26.0.0.137 Plugin) : C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer] - (Adobe Shockwave Player) : C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@mcafee.com/MVT] - (McAfee Virtual Technician Plugin) : C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0] - (Ag Player Plugin) : C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308] - (WLPG Install MIME type) : C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Acrobat] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect] - () : C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\adobe.com/AdobeExManDetect] - () : C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\jor6jyfq.default\Prefs.js

user_pref("browser.startup.homepage", "https://www.facebook.com/");
user_pref("browser.startup.homepage_override.buildID", "20170628075643");
user_pref("browser.startup.homepage_override.mstone", "54.0.1");
user_pref("extensions.blocklist.pingCountTotal", 47);
user_pref("extensions.blocklist.pingCountVersion", 8);
user_pref("extensions.bootstrappedAddons", "{\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\followonsearch@mozilla.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\shield-recipe-client@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"e10srollout@mozilla.org\":{\"version\":\"1.85\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\e10srollout@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"firefox@getpocket.com\":{\"version\":\"1.0.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"webcompat@mozilla.org\":{\"version\":\"1.1\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"aushelper@mozilla.org\":{\"version\":\"2.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false},\"screenshots@mozilla.org\":{\"version\":\"6.6.0\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"multiprocessCompatible\":true,\"runInSafeMode\":true,\"dependencies\":[],\"hasEmbeddedWebExtension\":false}}");
user_pref("extensions.databaseSchema", 19);
user_pref("extensions.e10s.rollout.blocklist", "");
user_pref("extensions.e10s.rollout.hasAddon", false);
user_pref("extensions.e10s.rollout.policy", "50allmpc");
user_pref("extensions.e10sBlockedByAddons", true);
user_pref("extensions.e10sMultiBlockedByAddons", true);
user_pref("extensions.enabledAddons", "html5notifications%40paxal.net:1.2.2.1-signed.1-signed,%7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:5.0.559.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:54.0.1");
user_pref("extensions.followonsearch.cohortSample", "0.370093");
user_pref("extensions.getAddons.cache.lastUpdate", 1501714642);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20170302.01");
user_pref("extensions.lastAppVersion", "54.0.1");
user_pref("extensions.lastPlatformVersion", "54.0.1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shield-recipe-client.api_url", "https://normandy.cdn.mozilla.net/api/v1");
user_pref("extensions.shield-recipe-client.dev_mode", false);
user_pref("extensions.shield-recipe-client.enabled", true);
user_pref("extensions.shield-recipe-client.logging.level", 50);
user_pref("extensions.shield-recipe-client.startup_delay_seconds", 300);
user_pref("extensions.shield-recipe-client.user_id", "88603497-a800-459d-ba8d-04eaa46aa1db");
user_pref("extensions.systemAddonSet", "{\"schema\":1,\"directory\":\"{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\",\"addons\":{\"followonsearch@mozilla.com\":{\"version\":\"0.9.1\"},\"shield-recipe-client@mozilla.org\":{\"version\":\"1.0.0\"},\"e10srollout@mozilla.org\":{\"version\":\"1.85\"}}}");
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.experiment.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://updates/recent");
user_pref("extensions.ui.locale.hidden", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"djziggy@gmail.com\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\extensions\\\\djziggy@gmail.com\",\"e\":false,\"v\":\"2.5.2\",\"st\":1472525803824,\"mt\":1501620122288},\"html5notifications@paxal.net\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\extensions\\\\html5notifications@paxal.net.xpi\",\"e\":true,\"v\":\"1.2.2.1-signed.1-signed\",\"st\":1462041409246}},\"app-system-addons\":{\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\e10srollout@mozilla.org.xpi\",\"e\":true,\"v\":\"1.85\",\"st\":1501016039572},\"followonsearch@mozilla.com\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\followonsearch@mozilla.com.xpi\",\"e\":true,\"v\":\"0.9.1\",\"st\":1501016039483},\"shield-recipe-client@mozilla.org\":{\"d\":\"C:\\\\Users\\\\Steve\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\jor6jyfq.default\\\\features\\\\{9ceac2f2-d6e9-4988-8742-dc8df3ba128e}\\\\shield-recipe-client@mozilla.org.xpi\",\"e\":true,\"v\":\"1.0.0\",\"st\":1501016039532}},\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\aushelper@mozilla.org.xpi\",\"e\":true,\"v\":\"2.0\",\"st\":1500796756761},\"e10srollout@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\e10srollout@mozilla.org.xpi\",\"e\":false,\"v\":\"1.50\",\"st\":1500796756761},\"firefox@getpocket.com\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\firefox@getpocket.com.xpi\",\"e\":true,\"v\":\"1.0.5\",\"st\":1500796756745},\"screenshots@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\screenshots@mozilla.org.xpi\",\"e\":true,\"v\":\"6.6.0\",\"st\":1500796756886},\"webcompat@mozilla.org\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\features\\\\webcompat@mozilla.org.xpi\",\"e\":true,\"v\":\"1.1\",\"st\":1500796756698}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi\",\"e\":false,\"v\":\"54.0.1\",\"st\":1500796756776}},\"winreg-app-global\":{\"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}\":{\"d\":\"C:\\\\Program Files (x86)\\\\McAfee\\\\SiteAdvisor\\\\saffplg.xpi\",\"e\":true,\"v\":\"5.0.559.0\",\"st\":1500583462000},\"web2pdfextension.15@web2pdf.adobedotcom\":{\"d\":\"C:\\\\Program Files (x86)\\\\Adobe\\\\Acrobat DC\\\\Acrobat\\\\Browser\\\\WCFirefoxExtn\",\"e\":false,\"v\":\"15.01.03\",\"st\":1463157154745,\"mt\":1491352710000}}}");

C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\jor6jyfq.default

[Profile0] - Name=default -> Profiles/jor6jyfq.default

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=209.18.47.62 209.18.47.61
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3a1b2148-2a78-4084-ac04-ccbabaddbe37}]
"DhcpNameServer"=209.18.47.62 209.18.47.61
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3a1b2148-2a78-4084-ac04-ccbabaddbe37}]
"DhcpNameServer"=209.18.47.62 209.18.47.61

---------- | Applications

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Classes\Applications\firefox.exe] : "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" "%1"
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Classes\Applications\opera.exe] : "C:\Users\Steve\AppData\Local\Programs\Opera\Launcher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\Adobe Audition CC.exe] : "C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\devenv.exe] : "c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\dreamweaver.exe] : "C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\dreamweaver.exe", "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\Classes\Applications\Illustrator.exe] : "C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ImageReady.exe] : "C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\Classes\Applications\VSLauncher.exe] : "c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Acrobat.exe] : "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Adobe Audition CC.exe] : "C:\Program Files\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\devenv.exe] : "c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\devenv.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\dreamweaver.exe] : "C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\dreamweaver.exe", "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\expressburn.exe] : "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\foobar2000.exe] : "C:\Program Files (x86)\foobar2000\foobar2000.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Illustrator.exe] : "C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ImageReady.exe] : "C:\Program Files (x86)\Adobe\Photoshop CS\ImageReady.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MovieMaker.exe] : "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\Photoshop.exe] : "C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" /source ShellOpen
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\VSLauncher.exe] : "c:\Program Files (x86)\Common Files\Microsoft Shared\MSEnv\VSLauncher.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\WLXPhotoViewer.dll] : "C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | SvcHost (Whitelist)

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=Power
LSM
BrokerInfrastructure
PlugPlay
DcomLaunch
DeviceInstall
SystemEventsBroker
"rdxgroup"=RetailDemo
"Camera"=FrameS
"DevicesFlow"=DevicesFlowUserSvc
"smbsvcs"=lanmanserver
browser
"iissvcs"=w3svc
was

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
"DcomLaunch"=PlugPlay
DcomLaunch
DeviceInstall
"smbsvcs"=lanmanserver
"iissvcs"=w3svc
was

---------- | SvcHost - Netsvcs (Whitelist)

TokenBroker - %SystemRoot%\System32\TokenBroker.dll : %SystemRoot%\system32\svchost.exe -k netsvcs

---------- | Software

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AdblockPlus]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Adobe]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AppDataLow]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Avant Browser]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\AVS4YOU]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Broderbund Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Canneverbe Limited]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Caphyon]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Clients]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Companion Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Creative Tech]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Dell]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\DivXNetworks]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\e-academy Inc.]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\EffectMgr]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ej-technologies]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Eyeball]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Freeware]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Geek Uninstaller]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\GetNZB]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Google]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\GRETECH]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Hewlett-Packard]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\IM Providers]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\InstallShield]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Intuit]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\JavaSoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Kivuto Solutions Inc.]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\LG Electronics Inc]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Licenses]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Local AppWizard-Generated Applications]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\LowRegistry]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Macromedia]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Macrovision]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Malwarebytes]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Martin Prikryl]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\McAfee]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mindscape]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mine]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Mozilla]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\MozillaPlugins]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\MusicBrainz]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NCH Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NCH Swift Sound]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Netscape]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Newsoft Folder Selector]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\NVIDIA Corporation]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ODBC]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Opera Software]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Parsons Technology]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Piriform]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Policies]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\PrivaZer]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Quark]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Realtek]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\RegisteredApplications]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Roxio]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Shemes]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Siber Systems]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\SimonTatham]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Skype]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Sonic]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\sysinternals]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\The Learning Company]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Trolltech]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Windows Live Writer]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\WinRAR]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\WinRAR SFX]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Wow6432Node]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ZebHelpProcess Helper]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Zemana]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\ZHP]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Adobe]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Macromedia]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Roaming]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\Winlogon]
[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\Adblock Plus for IE]
[HKLM\Software\Adobe]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\ATI Technologies]
[HKLM\Software\AVS4YOU]
[HKLM\Software\Canneverbe Limited]
[HKLM\Software\Clients]
[HKLM\Software\Creative Tech]
[HKLM\Software\Dell]
[HKLM\Software\Dell Inc.]
[HKLM\Software\DellShared]
[HKLM\Software\ESET]
[HKLM\Software\Fingertapps]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\Hewlett-Packard]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\Intel Security]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Macromedia]
[HKLM\Software\Martin Prikryl]
[HKLM\Software\McAfee]
[HKLM\Software\McAfee.com]
[HKLM\Software\McAfee.logging]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\Microsoft]
[HKLM\Software\Minnetonka Audio Software]
[HKLM\Software\Motorola]
[HKLM\Software\Motorola Mobility]
[HKLM\Software\Mozilla]
[HKLM\Software\mozilla.org]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Network Associates]
[HKLM\Software\Notepad++]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\OEM]
[HKLM\Software\Partner]
[HKLM\Software\Patch My PC]
[HKLM\Software\PC-Doctor]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\SiteAdvisor]
[HKLM\Software\Sonic]
[HKLM\Software\SRS Labs]
[HKLM\Software\sysinternals]
[HKLM\Software\TrendMicro]
[HKLM\Software\Waves Audio]
[HKLM\Software\Windows]
[HKLM\Software\WinRAR]
[HKLM\Software\WOW6432Node]
[HKLM\Software\Zemana]
[HKLM\Software\ZmnGlobalSDK]
[HKLM\Software\Microsoft\Windows\ClickNote]
[HKLM\Software\Microsoft\Windows\Configuration]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\Dwm]
[HKLM\Software\Microsoft\Windows\DynamicManagement]
[HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\Microsoft\Windows\Heat]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\PrivacySettingsBeforeCreatorsUpdate]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Shell]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\apphost]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DevicesFlow]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\rdxgroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
[HKLM\Software\WOW6432Node\Adobe]
[HKLM\Software\WOW6432Node\Adobe Systems]
[HKLM\Software\WOW6432Node\Adware Removal Tool by TSA]
[HKLM\Software\WOW6432Node\AdwCleaner]
[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Aimersoft]
[HKLM\Software\WOW6432Node\AppDataLow]
[HKLM\Software\WOW6432Node\Apple Computer, Inc.]
[HKLM\Software\WOW6432Node\Aspell]
[HKLM\Software\WOW6432Node\Aspell-en]
[HKLM\Software\WOW6432Node\AVS4YOU]
[HKLM\Software\WOW6432Node\Broderbund Software]
[HKLM\Software\WOW6432Node\Canneverbe Limited]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Companion Software]
[HKLM\Software\WOW6432Node\Creative Tech]
[HKLM\Software\WOW6432Node\Cyberlink]
[HKLM\Software\WOW6432Node\Debug]
[HKLM\Software\WOW6432Node\Dell]
[HKLM\Software\WOW6432Node\DellShared]
[HKLM\Software\WOW6432Node\Digital Camera]
[HKLM\Software\WOW6432Node\ej-technologies]
[HKLM\Software\WOW6432Node\foobar2000]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\GRETECH]
[HKLM\Software\WOW6432Node\illiminable]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\Intel Corporation]
[HKLM\Software\WOW6432Node\Intuit]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\LG Electronics]
[HKLM\Software\WOW6432Node\LogMeIn Rescue]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Macrovision]
[HKLM\Software\WOW6432Node\Malwarebytes Anti-Exploit]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\Martin Prikryl]
[HKLM\Software\WOW6432Node\MAXSOFT-OCRON]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\McAfee.com]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\MicroVision]
[HKLM\Software\WOW6432Node\MicroWorld]
[HKLM\Software\WOW6432Node\MimarSinan]
[HKLM\Software\WOW6432Node\Motorola]
[HKLM\Software\WOW6432Node\Motorola Mobility]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MusicBrainz]
[HKLM\Software\WOW6432Node\NCH Software]
[HKLM\Software\WOW6432Node\Nero]
[HKLM\Software\WOW6432Node\NETGEAR]
[HKLM\Software\WOW6432Node\Network Associates]
[HKLM\Software\WOW6432Node\NewSoft]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\OldTimer Tools]
[HKLM\Software\WOW6432Node\Parsons Technology]
[HKLM\Software\WOW6432Node\Quark]
[HKLM\Software\WOW6432Node\Razer]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Roxio]
[HKLM\Software\WOW6432Node\SERCOMM]
[HKLM\Software\WOW6432Node\SiteAdvisor]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\Software]
[HKLM\Software\WOW6432Node\Sonic]
[HKLM\Software\WOW6432Node\SyncIntegrationClients]
[HKLM\Software\WOW6432Node\TLC]
[HKLM\Software\WOW6432Node\TrendMicro]
[HKLM\Software\WOW6432Node\Verizon Wireless]
[HKLM\Software\WOW6432Node\Windows]
[HKLM\Software\WOW6432Node\WOW6432Node]
[HKLM\Software\WOW6432Node\WSWNA3100]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Dwm]
[HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Heat]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\iissvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceHttp]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestrictedDhcpLmHosts]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetworkFirewall]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceDnsNla]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]

---------- | Drives

---------- | C:

[28/07/2017 03:34:38] - |SHD| - [258] - C:\$RECYCLE.BIN
[21/02/2016 00:46:29] - |HD| - [49501] - C:\$SysReset
[18/03/2017 23:20:18] - |HD| - [2522787547] - C:\$WINDOWS.~BT
[21/02/2016 11:51:23] - |HD| - [490503] - C:\$Windows.~WS
[16/12/2013 04:01:25] - |D| - [90708896] - C:\4e6b2952c54768d61a29e4323e29e2
[17/02/2014 04:05:57] - |D| - [88567024] - C:\7cde3e97728e3fc0584dd4d71a
[14/11/2013 04:02:15] - |D| - [82896128] - C:\8f65be0b8cdecedb22c086c913db9a81
[25/04/2011 10:00:15] - |D| - [12927334] - C:\AA Golf and frey
[09/05/2015 19:43:32] - |D| - [2006015] - C:\AdwCleaner
[17/06/2011 08:05:30] - |D| - [15925255] - C:\art
[18/05/2011 13:43:39] - |D| - [77369] - C:\bank statements
[MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/07/2015 18:48:30] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
[09/10/2013 03:02:32] - |SHD| - [40438544] - C:\Config.Msi
[17/02/2011 03:03:28] - |D| - [427171187] - C:\dell
[MD5.A039B1CD58719F893F7C3FBE0A2B4A69] - [17/02/2011 03:27:00] - |RAH| - (.-.) - [54108] - (0.0.0.0) - C:\dell.sdr
[30/07/2015 17:51:49] - |SHD| - [0] - C:\Documents and Settings
[25/04/2011 09:12:33] - |D| - [10938997] - C:\Dolls
[17/02/2011 03:09:27] - |D| - [176041553] - C:\Drivers
[10/07/2011 18:23:35] - |D| - [497434] - C:\Enoch
[21/02/2016 12:15:41] - |D| - [3269516968] - C:\ESD
[23/07/2017 04:57:51] - |D| - [356894031] - C:\FRST
[MD5.62CD92CCE6312C40FE9FB0906435EF04] - [06/07/2015 05:30:48] - |A| - (.-.) - [327] - (0.0.0.0) - C:\ftconfig.ini
[15/05/2016 07:54:58] - |D| - [0] - C:\GetNZB Downloads
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2017 06:24:49] - |ASH| - (.-.) - [6435311616] - (0.0.0.0) - C:\hiberfil.sys
[26/07/2017 09:29:12] - |D| - [779770] - C:\inetpub
[17/02/2011 01:40:07] - |D| - [97878] - C:\Intel
[02/06/2015 07:46:22] - |D| - [12966323] - C:\LGMobileUpgrade
[03/05/2013 20:22:08] - |D| - [914139] - C:\lj1300
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [08/04/2013 09:25:03] - |A| - (.-.) - [0] - (0.0.0.0) - C:\log.txt
[10/09/2015 01:42:33] - |D| - [0] - C:\Logs
[MD5.800B746FDC4D80469AFC7E5E9B510C9C] - [01/12/2006 23:37:14] - |A| - (.© Microsoft Corporation. - Microsoft® Debug Information Accessor.) - [904704] - (8.0.50727.762) - C:\msdia80.dll
[27/03/2011 09:32:53] - |RHD| - [629004367] - C:\MSOCache
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [17/02/2011 03:03:29] - |ASH| - (.-.) - [536870912] - (0.0.0.0) - C:\pagefile.sys
[18/03/2017 17:03:28] - |D| - [0] - C:\PerfLogs
[25/02/2011 19:52:50] - |D| - [0] - C:\Photos
[18/03/2017 17:03:28] - |RD| - [24309076914] - C:\Program Files
[18/03/2017 17:03:28] - |RD| - [20675332957] - C:\Program Files (x86)
[18/03/2017 17:03:29] - |HD| - [7014722679] - C:\ProgramData
[03/08/2017 16:06:37] - |D| - [262062] - C:\QuickDiag
[MD5.4DBE4EA0D99E0044F751619992BCCF7E] - [03/08/2017 16:07:19] - |A| - (.-.) - [228708] - (0.0.0.0) - C:\QuickDiag.txt
[26/07/2017 06:44:54] - |SHD| - [0] - C:\Recovery
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [21/02/2016 00:47:10] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Recovery.txt
[MD5.DCD359948D402BED91E76EEB336552F1] - [01/05/2016 17:46:55] - |A| - (.-.) - [248] - (0.0.0.0) - C:\rescue.info
[MD5.EC88306499A81C7FF6E0C9D2BFEFF03E] - [06/05/2013 21:55:56] - |A| - (.-.) - [27474] - (0.0.0.0) - C:\RPSetup.exe.log
[27/07/2017 16:35:49] - |D| - [12832] - C:\SecurityCheck
[MD5.B74ADB85C4EFE01BC55EB323A09ED196] - [01/05/2016 17:46:55] - |A| - (.-.) - [2559] - (0.0.0.0) - C:\session.log
[MD5.FF36DCCF0000A420A9D06C421CB0ED78] - [25/07/2017 16:43:46] - |A| - (.-.) - [1705] - (0.0.0.0) - C:\STEVE-PC.rtf
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [03/10/2015 02:32:14] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys
[17/02/2011 03:32:09] - |SHD| - [0] - C:\System Volume Information
[17/02/2011 01:45:28] - |D| - [0] - C:\Temp
[18/03/2017 07:40:20] - |RD| - [133134940075] - C:\Users
[MD5.F9161FA127754A54D7367DA4D93C4AE8] - [19/03/2010 19:58:20] - |A| - (.-.) - [551424] - (0.0.0.0) - C:\VS_EXPBSLN_x64_enu.MSI
[18/03/2017 07:40:20] - |D| - [61548339805] - C:\Windows
[26/07/2017 09:51:26] - |D| - [34245694016] - C:\Windows.old
[MD5.CC83D7D0C43AD1349EC2950D6A46166F] - [26/07/2017 16:30:40] - |A| - (.-.) - [7889] - (0.0.0.0) - C:\zoek-results.log
[MD5.530E012BF6308D22DD43618DFF87F143] - [27/07/2017 22:04:16] - |A| - (.-.) - [125479] - (0.0.0.0) - C:\zoek-results2017-07-26-212745.log
[26/07/2017 16:27:17] - |D| - [402353736] - C:\zoek_backup

---------- | C:\WINDOWS

[18/03/2017 17:03:29] - |D| - [802] - C:\WINDOWS\addins
[18/03/2017 17:03:29] - |D| - [45029507] - C:\WINDOWS\appcompat
[18/03/2017 17:03:29] - |D| - [12417120] - C:\WINDOWS\AppPatch
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\AppReadiness
[18/03/2017 17:03:28] - |RD| - [1103366716] - C:\WINDOWS\assembly
[25/02/2011 09:40:08] - |D| - [932] - C:\WINDOWS\BBSTORE
[18/03/2017 17:03:29] - |D| - [639657] - C:\WINDOWS\bcastdvr
[MD5.293283CF350E00AF8C4A2770BDBF4D50] - [26/07/2017 09:38:59] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [64512] - (10.0.15063.413) - C:\WINDOWS\bfsvc.exe
[18/03/2017 17:03:29] - |D| - [38058315] - C:\WINDOWS\Boot
[MD5.66AC02EE76A4659E515A085C5C817676] - [26/07/2017 05:57:39] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
[18/03/2017 17:03:29] - |D| - [2447448] - C:\WINDOWS\Branding
[MD5.51E88C02A2150BC3B69B32F839209A62] - [17/03/2011 15:01:56] - |A| - (.-.) - [1878] - (0.0.0.0) - C:\WINDOWS\Ca536a.ini
[18/03/2017 16:51:24] - |D| - [0] - C:\WINDOWS\CbsTemp
[MD5.6B99374BD7BD2A78BF610FC52C499ED6] - [26/07/2017 06:29:12] - |A| - (.-.) - [26158] - (0.0.0.0) - C:\WINDOWS\comsetup.log
[MD5.F471CF70EE6D49C5650A4D5295531435] - [18/03/2017 22:31:53] - |A| - (.-.) - [34390] - (0.0.0.0) - C:\WINDOWS\Core.xml
[MD5.D28C91EAF16A2EF538268D1179801416] - [17/02/2011 03:26:59] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt
[MD5.CE7EA4FD479F7E540EDB01931ED77193] - [17/02/2011 01:46:30] - |RAH| - (.-.) - [159] - (0.0.0.0) - C:\WINDOWS\ctfile.rfc
[18/03/2017 17:03:29] - |D| - [8970858] - C:\WINDOWS\Cursors
[18/03/2017 17:03:29] - |D| - [3] - C:\WINDOWS\debug
[MD5.64533FF57D88EECC2A3FF8DFEC69B687] - [17/03/2011 15:01:56] - |A| - (.-.) - [423] - (0.0.0.0) - C:\WINDOWS\dext536.ini
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/07/2017 06:41:45] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
[18/03/2017 17:03:29] - |D| - [4404396] - C:\WINDOWS\diagnostics
[MD5.0E359EF178B73AAAE2C6D6AC11B4FE15] - [26/07/2017 06:41:45] - |A| - (.-.) - [11433] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
[18/03/2017 22:29:16] - |D| - [0] - C:\WINDOWS\DigitalLocker
[10/04/2012 06:58:49] - |D| - [0] - C:\WINDOWS\Downloaded Installations
[18/03/2017 17:03:29] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
[MD5.3E2DE0B043057BF7C53F4EC1377F232B] - [02/10/2015 23:57:05] - |A| - (.-.) - [68182] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG
[MD5.773AF4403D04EA34DEEE71A6F6B63C5B] - [18/03/2017 17:05:44] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
[14/07/2009 03:45:02] - |D| - [0] - C:\WINDOWS\ehome
[18/03/2017 17:03:29] - |HD| - [44632] - C:\WINDOWS\ELAMBKUP
[15/04/2012 15:39:01] - |D| - [106864] - C:\WINDOWS\en
[18/03/2017 22:29:16] - |D| - [96256] - C:\WINDOWS\en-US
[MD5.35BA8929C6584405ECB150BEF40721DD] - [09/05/2015 15:23:45] - |A| - (.-.) - [9119] - (0.0.0.0) - C:\WINDOWS\ESCAN.LOG
[MD5.CA3BF0F15BA4F24D511BFEE725CC89BD] - [26/07/2017 09:48:47] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4847424] - (10.0.15063.447) - C:\WINDOWS\explorer.exe
[18/03/2017 17:03:29] - |RSD| - [618805560] - C:\WINDOWS\Fonts
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
[MD5.C6FCFB2F65B0C54CE7A3F32266812F1C] - [09/05/2015 15:23:12] - |A| - (.-.) - [1586] - (0.0.0.0) - C:\WINDOWS\general.log
[18/03/2017 17:03:29] - |D| - [54115823] - C:\WINDOWS\Globalization
[18/03/2017 17:03:29] - |D| - [52523884] - C:\WINDOWS\Help
[MD5.E064A38A807C83ADC8AD9E1B54C85CF9] - [26/07/2017 09:38:59] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975360] - (10.0.15063.413) - C:\WINDOWS\HelpPane.exe
[MD5.40CBB6FF53388188A2CDA538D5F26A59] - [18/03/2017 16:57:33] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.15063.0) - C:\WINDOWS\hh.exe
[18/03/2017 22:31:25] - |D| - [14070424] - C:\WINDOWS\HoloShell
[MD5.4031BA464F7E3CDE54A73E4612CD7141] - [26/07/2017 06:00:23] - |A| - (.-.) - [28414] - (0.0.0.0) - C:\WINDOWS\iis.log
[MD5.4A3D2DDEEE12A918871D737BD219D4BF] - [26/07/2017 06:05:26] - |A| - (.-.) - [31684] - (0.0.0.0) - C:\WINDOWS\iis_gather.log
[18/03/2017 17:03:29] - |D| - [173056368] - C:\WINDOWS\IME
[18/03/2017 17:03:29] - |RD| - [8335288] - C:\WINDOWS\ImmersiveControlPanel
[18/03/2017 17:01:21] - |D| - [190192805] - C:\WINDOWS\INF
[18/03/2017 17:03:29] - |D| - [1367431565] - C:\WINDOWS\InfusedApps
[18/03/2017 17:03:29] - |D| - [38340109] - C:\WINDOWS\InputMethod
[18/03/2017 17:03:29] - |SHDC| - [39302349683] - C:\WINDOWS\Installer
[MD5.515E4684008E955DE0C81E6A7AEA1C2A] - [17/03/2011 15:03:38] - |A| - (.Copyright InstallShield Corporation, Inc. 1990-1997 - InstallShield® unInstaller.) - [306688] - (5.51.138.0) - C:\WINDOWS\IsUninst.exe
[18/03/2017 17:03:29] - |D| - [94096] - C:\WINDOWS\L2Schemas
[MD5.8DDEB4A9F4665D98F2867852CCCC0C15] - [09/05/2015 15:23:12] - |A| - (.-.) - [56] - (0.0.0.0) - C:\WINDOWS\Lic.xxx
[18/03/2017 17:03:29] - |D| - [3833380] - C:\WINDOWS\LiveKernelReports
[18/03/2017 07:40:24] - |D| - [21835519] - C:\WINDOWS\Logs
[18/03/2017 17:03:29] - |RSD| - [27807331] - C:\WINDOWS\Media
[MD5.D29393CA2D21713419826AEEABCB2FE9] - [20/02/2016 22:02:48] - |A| - (.-.) - [1253355818] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [18/03/2017 16:57:03] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
[18/03/2017 17:03:28] - |RD| - [887972402] - C:\WINDOWS\Microsoft.NET
[18/03/2017 17:03:29] - |D| - [2938] - C:\WINDOWS\Migration
[18/03/2017 17:03:29] - |RD| - [487308] - C:\WINDOWS\MiracastView
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\ModemLogs
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 22:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\WINDOWS\msdfmap.ini
[17/02/2011 01:48:27] - |HD| - [0] - C:\WINDOWS\msdownld.tmp
[MD5.98E5FFFE6FC7D659E0B83F85547EB980] - [19/08/2015 03:00:36] - |A| - (.-.) - [263458] - (0.0.0.0) - C:\WINDOWS\msxml4-KB2758694-enu.LOG
[MD5.F60A9D3A9461F68DE0FCCEBB0C6CB31A] - [18/03/2017 16:58:25] - |A| - (.© Microsoft Corporation. - Notepad.) - [246784] - (10.0.15063.0) - C:\WINDOWS\notepad.exe
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [23/02/2011 18:56:42] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\nsreg.dat
[18/03/2017 22:30:43] - |D| - [219754] - C:\WINDOWS\OCR
[18/03/2017 17:03:29] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
[25/07/2017 19:26:22] - |DC| - [521140498] - C:\WINDOWS\Panther
[27/07/2017 22:01:28] - |D| - [0] - C:\WINDOWS\PCHEALTH
[18/03/2017 17:03:29] - |D| - [30147209] - C:\WINDOWS\Performance
[MD5.C1278A801B3524D5C677A0B575491C2E] - [17/09/2016 04:46:59] - |A| - (.-.) - [43992] - (0.0.0.0) - C:\WINDOWS\PFRO.log
[18/03/2017 17:03:29] - |D| - [1121835] - C:\WINDOWS\PLA
[18/03/2017 17:03:29] - |D| - [2580605] - C:\WINDOWS\PolicyDefinitions
[26/07/2017 05:56:39] - |D| - [14935757] - C:\WINDOWS\Prefetch
[18/03/2017 17:03:29] - |RD| - [2168600] - C:\WINDOWS\PrintDialog
[18/03/2017 17:03:29] - |D| - [2884514] - C:\WINDOWS\Provisioning
[15/04/2013 15:56:33] - |D| - [3609] - C:\WINDOWS\pss
[MD5.A3B1FC6C72EA944C2E1B359A19CB40AB] - [18/03/2017 16:57:08] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [321024] - (10.0.15063.0) - C:\WINDOWS\regedit.exe
[18/03/2017 17:03:29] - |D| - [1139988] - C:\WINDOWS\Registration
[18/03/2017 17:03:29] - |D| - [5690630] - C:\WINDOWS\rescache
[18/03/2017 17:03:29] - |D| - [3660232] - C:\WINDOWS\Resources
[MD5.DD336E295FA5EFF115F7ED1A83AE55EF] - [24/12/2016 07:31:07] - |A| - (.Realtek Semiconductor Corp. Copyright (C) 2010 - RtlExUpd DLL for setup utility function.) - [1247776] - (1.0.2.0) - C:\WINDOWS\RtlExUpd.dll
[MD5.8421150D61873FF1E7A86B2FA4C1D98D] - [26/04/2016 10:12:36] - |A| - (.(c) Realtek Semiconductor Corp. - Realtek USB Audio Installation Extenstion.) - [208600] - (0.0.0.1) - C:\WINDOWS\RUAudExD.DLL
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\SchCache
[18/03/2017 17:03:29] - |D| - [121229] - C:\WINDOWS\schemas
[18/03/2017 17:03:29] - |D| - [9291474] - C:\WINDOWS\security
[26/07/2017 09:33:06] - |D| - [47563768] - C:\WINDOWS\ServiceProfiles
[18/03/2017 07:40:20] - |D| - [71879723] - C:\WINDOWS\servicing
[18/03/2017 17:06:43] - |D| - [42] - C:\WINDOWS\Setup
[MD5.46219271328615214495A244DDC5A50F] - [26/07/2017 05:58:56] - |A| - (.-.) - [40019] - (0.0.0.0) - C:\WINDOWS\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2017 05:58:56] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
[18/03/2017 17:03:29] - |D| - [41940992] - C:\WINDOWS\ShellExperiences
[30/10/2015 05:07:13] - |D| - [180224] - C:\WINDOWS\ShellNew
[18/03/2017 22:30:18] - |D| - [3757408] - C:\WINDOWS\SKB
[17/02/2011 01:40:59] - |D| - [134394420] - C:\WINDOWS\SoftwareDistribution
[18/03/2017 17:03:29] - |D| - [107844082] - C:\WINDOWS\Speech
[18/03/2017 17:03:29] - |D| - [64451109] - C:\WINDOWS\Speech_OneCore
[MD5.31F324879B791EBF76E0005D1ABDE10E] - [18/03/2017 16:58:24] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.15063.0) - C:\WINDOWS\splwow64.exe
[MD5.2664EEEE55F34BC4FAAA8EE41393D2CD] - [30/07/2015 18:25:21] - |A| - (.-.) - [31856] - (0.0.0.0) - C:\WINDOWS\Starter.xml
[MD5.F11B376A27E94E5F2A0E34A4FCC70A88] - [06/07/2012 07:17:53] - |A| - (.Copyright© 2011 McAfee, Inc. - McAfee Labs® GetSusp™ Utility Driver.) - [16200] - (3.0.0.224) - C:\WINDOWS\stinger.sys
[01/04/2012 10:30:04] - |D| - [0] - C:\WINDOWS\Sun
[29/01/2014 21:35:38] - |D| - [354137600] - C:\WINDOWS\symbols
[18/03/2017 17:03:29] - |D| - [31039] - C:\WINDOWS\System
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 22:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
[18/03/2017 07:40:20] - |D| - [6144810118] - C:\WINDOWS\System32
[18/03/2017 17:03:29] - |D| - [189863988] - C:\WINDOWS\SystemApps
[18/03/2017 17:03:29] - |D| - [19345839] - C:\WINDOWS\SystemResources
[18/03/2017 07:40:24] - |AD| - [1620126383] - C:\WINDOWS\SysWOW64
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\TAPI
[13/07/2009 23:20:14] - |D| - [6] - C:\WINDOWS\Tasks
[27/07/2017 23:21:27] - |D| - [1169315] - C:\WINDOWS\Temp
[MD5.80914E8DE687BFA8DE765E5090B82590] - [17/02/2011 01:46:35] - |A| - (.-.) - [1247] - (0.0.0.0) - C:\WINDOWS\THXCfg_APOIM.ini
[MD5.7E7FBA46533FA06B640102A4F534C0E5] - [17/02/2011 01:46:35] - |A| - (.-.) - [1247] - (0.0.0.0) - C:\WINDOWS\THXCfg_HP_APOIM.ini
[MD5.DB447A583C4B5225A257F281B0F1F427] - [17/02/2011 01:46:35] - |A| - (.-.) - [1264] - (0.0.0.0) - C:\WINDOWS\THXCfg_SP_APOIM.ini
[18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\tracing
[18/03/2017 17:03:29] - |D| - [7680] - C:\WINDOWS\twain_32
[MD5.C0792EA1BA08CA6E6420C9BB8E14CB3E] - [18/03/2017 16:58:54] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [65536] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
[25/07/2017 19:11:29] - |SD| - [0] - C:\WINDOWS\UpdateAssistantV2
[MD5.ADCB4772E89D6C8EBF8B05AD140D6DBA] - [09/05/2015 15:30:40] - |A| - (.-.) - [5814] - (0.0.0.0) - C:\WINDOWS\UPDLL.LOG
[MD5.C419DF63E0121D72411285780C2FC6CC] - [17/02/2011 01:46:30] - |A| - (.Copyright (c) Creative Technology Ltd. 2000 - Creative UpdReg.) - [90112] - (1.0.2.0) - C:\WINDOWS\Updreg.EXE
[18/03/2017 17:03:29] - |D| - [12420] - C:\WINDOWS\Vss
[18/03/2017 17:03:30] - |D| - [19203458] - C:\WINDOWS\Web
[MD5.DF2DCEFB63BD5C4E837249ADF7FA4AC9] - [13/07/2009 22:34:57] - |A| - (.-.) - [926] - (0.0.0.0) - C:\WINDOWS\win.ini
[MD5.C844CA459F3B209329984772269B6E56] - [18/03/2017 16:58:27] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
[MD5.038356387332650843BCB352BB89A101] - [14/07/2009 01:10:55] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
[MD5.6E6947D6368FA11E9146C4767F31286E] - [18/03/2017 16:58:42] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.15063.0) - C:\WINDOWS\winhlp32.exe
[18/03/2017 07:40:20] - |D| - [6891926266] - C:\WINDOWS\WinSxS
[MD5.4860944ABF2F8EAB74039A3A132B9995] - [08/03/2012 18:37:20] - |A| - (.© 2010 Microsoft Corporation. - Windows Live Photos Screen Saver.) - [302448] - (15.4.3555.308) - C:\WINDOWS\WLXPGSS.SCR
[MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [18/03/2017 16:56:51] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
[MD5.ECEB16331FDDE0EBD7BE30BE085AD3D9] - [18/03/2017 16:58:25] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.15063.0) - C:\WINDOWS\write.exe
[MD5.B214C571D960D44AF3065D7533BAC423] - [24/07/2017 17:44:01] - |A| - (.-.) - [272574] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
[MD5.89EE65AB0F999B8C7FA35E97E96F8B72] - [24/07/2017 17:44:01] - |A| - (.-.) - [56070] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace
[MD5.CC7AA7B42CF418FC3D926913490048F8] - [27/07/2017 23:21:28] - |A| - (.-.) - [24064] - (5.0.0.0) - C:\WINDOWS\zoek-delete.exe
[MD5.18556ED6EA953C31F1C4953D2F210C78] - [17/03/2011 15:04:35] - |A| - (.Copyright© 1990-1998 InstallShield Software Corporation, Phone: (847) 240-9111 - InstallShield Resources.) - [129536] - (5.50.131.0) - C:\WINDOWS\_isres.dll

---------- | C:\WINDOWS\System32\GroupPolicy

---------- | Systemroot\System

---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[06/11/2003 01:36:34] - C:\WINDOWS\Installer\199c36a.msi : (Intell® Integrated Performance Primitives RTI 4.0 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/12/2015 14:49:15] - C:\WINDOWS\Installer\1a3f34c8.msi : (Installers - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2012 02:42:50] - C:\WINDOWS\Installer\1a52c06f.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/08/2012 02:42:56] - C:\WINDOWS\Installer\1a52c081.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/03/2011 04:29:12] - C:\WINDOWS\Installer\1b9d3c39.msi : (PreEmptive Solutions' post-build instrumentation services provide obfuscation, tamper defense, shelf life, and runtime intelligence functionality. - PreEmptive Solutions LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[04/01/2010 00:55:26] - C:\WINDOWS\Installer\1e391e.msi : (Crystal Reports for Visual Studio Setup - SAP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2007 06:59:56] - C:\WINDOWS\Installer\22da218.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 23:43:40] - C:\WINDOWS\Installer\22da21e.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2007 08:24:02] - C:\WINDOWS\Installer\22da224.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 08:02:54] - C:\WINDOWS\Installer\22da22a.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/03/2007 00:12:02] - C:\WINDOWS\Installer\22da230.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 09:37:04] - C:\WINDOWS\Installer\22da236.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/03/2007 22:15:02] - C:\WINDOWS\Installer\22da23c.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:06:16] - C:\WINDOWS\Installer\22da243.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 22:57:10] - C:\WINDOWS\Installer\22da249.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/03/2007 06:06:48] - C:\WINDOWS\Installer\22da250.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[13/03/2007 02:39:28] - C:\WINDOWS\Installer\22da256.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[23/02/2007 03:38:34] - C:\WINDOWS\Installer\22da25c.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:29:22] - C:\WINDOWS\Installer\22da262.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[20/02/2007 10:40:52] - C:\WINDOWS\Installer\22da268.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/03/2007 11:37:22] - C:\WINDOWS\Installer\22da26e.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/03/2007 05:08:54] - C:\WINDOWS\Installer\22da274.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2007 06:56:00] - C:\WINDOWS\Installer\22da27b.msi : ( - Adobe Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cd6.msi : (Update Service - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cd9.msi : (Program Updates - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879cdc.msi : (Federal Tax Forms - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879ce0.msi : (Help and Support - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/10/2015 05:08:40] - C:\WINDOWS\Installer\25879ce3.msi : (Fuego Tax Forms - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2016 00:05:08] - C:\WINDOWS\Installer\25e4cc9d.msi : (New York - Intuit Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812c72.msi : (Nero 2016 Content Pack - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:58] - C:\WINDOWS\Installer\27812cef.msi : (Nero 12 Disc Menus Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:57] - C:\WINDOWS\Installer\27812dd8.msi : (Nero 12 Kwik Themes Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812dde.msi : (Nero 12 Image Samples - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:07] - C:\WINDOWS\Installer\27812eac.msi : (Nero 12 Effects Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812eb2.msi : (Nero Family and Events Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812eb8.msi : (Nero Football (Soccer) Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812ebe.msi : (Nero Retro Film Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:47] - C:\WINDOWS\Installer\27812fa1.msi : (Nero 12 PiP Effects Basic - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fa7.msi : (Nero 12 PiP Effects 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fad.msi : (Nero Platinum Effects 12 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fb3.msi : (Nero Prerequisites - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fb9.msi : (Nero 12 Video Transitions 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:07] - C:\WINDOWS\Installer\27812fc0.msi : (Nero 12 Cliparts - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:06] - C:\WINDOWS\Installer\27812fc6.msi : (Nero 12 Disc Menus 1 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:23:01] - C:\WINDOWS\Installer\27812fcc.msi : (Nero 12 Disc Menus 2 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:58] - C:\WINDOWS\Installer\27812fd2.msi : (Nero 12 Disc Menus 3 - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:57] - C:\WINDOWS\Installer\27812fd8.msi : (Nero Abstract Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:52] - C:\WINDOWS\Installer\27812fde.msi : (Nero Holiday and Sports Themes - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fe4.msi : (Nero 12 Video Samples - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/03/2016 12:22:46] - C:\WINDOWS\Installer\27812fe9.msi : (Nero Update - Nero AG) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/10/2015 23:55:50] - C:\WINDOWS\Installer\287610.msi : (Emily - Razer Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/11/2011 22:54:06] - C:\WINDOWS\Installer\366a0ed.msi : ( -) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/06/2015 07:44:17] - C:\WINDOWS\Installer\37063.msi : (LG Verizon UnitedDrivers - LG Electronics) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/04/2017 06:09:50] - C:\WINDOWS\Installer\3b4f5c24.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/01/2014 18:52:30] - C:\WINDOWS\Installer\3d9707.msi : ( - Kivuto Solutions Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2014 19:08:10] - C:\WINDOWS\Installer\3dba7d07.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/10/2010 10:40:44] - C:\WINDOWS\Installer\3dd136.msi : (RBVirtualFolder 64 bit installer - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/02/2017 19:28:34] - C:\WINDOWS\Installer\424db953.msi : (Dell Customer Connect Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/07/2017 11:56:06] - C:\WINDOWS\Installer\4310b834.msi : (Dell Update Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/02/2013 18:20:36] - C:\WINDOWS\Installer\4e46971.msi : (Adobe Download Assistant - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 16:33:59] - C:\WINDOWS\Installer\4ecfcb8.msi : (Adobe AIR Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 16:38:19] - C:\WINDOWS\Installer\4ecfe9f.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/07/2017 03:37:39] - C:\WINDOWS\Installer\5280175.msi : (Java SE Runtime Environment 8 Update 144 - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[29/07/2017 03:38:45] - C:\WINDOWS\Installer\5280179.msi : (Java Auto Updater - Oracle Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 18:07:09] - C:\WINDOWS\Installer\5423a69.msi : (Adblock Plus for IE - Eyeo GmbH) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/07/2017 18:07:20] - C:\WINDOWS\Installer\5423a6d.msi : (Adobe Shockwave Player 12.2 - Adobe Systems, Inc) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/04/2012 11:23:58] - C:\WINDOWS\Installer\55d57a2.msi : (Safari Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/08/2011 12:54:52] - C:\WINDOWS\Installer\5eaf26d.msi : ( - McAfee) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/05/2017 16:51:30] - C:\WINDOWS\Installer\61a2983e.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/01/2010 17:59:58] - C:\WINDOWS\Installer\65d6.msi : ( - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[22/11/2010 20:49:46] - C:\WINDOWS\Installer\65e1.msi : ( - eBay Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/10/2010 23:36:02] - C:\WINDOWS\Installer\65f9.msi : (Dell MusicStage - Fingertapps) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/02/2011 01:48:20] - C:\WINDOWS\Installer\6600.msi : (DELLST~1|Dell Stage - ArcSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:48] - C:\WINDOWS\Installer\66c9.msi : (Blank Project Template - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:41:52] - C:\WINDOWS\Installer\66d0.msi : (Roxio Easy Media Creator 8 - ¹«Ë¾Ãû³Æ) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:54] - C:\WINDOWS\Installer\66e4.msi : (Roxio Creator Starter - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:50] - C:\WINDOWS\Installer\66f3.msi : (PhotoShowTouch - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:40:18] - C:\WINDOWS\Installer\66fa.msi : (Roxio Express Labeler 3 - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:22] - C:\WINDOWS\Installer\6701.msi : (Sonic CinePlayer Decoder Pack - Sonic Solutions) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:10] - C:\WINDOWS\Installer\6719.msi : (Roxio File Backup - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:39:04] - C:\WINDOWS\Installer\6732.msi : (Roxio BackOnTrack - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[14/09/2010 21:38:52] - C:\WINDOWS\Installer\6752.msi : (Roxio Activation Module - Roxio, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/10/2010 16:11:50] - C:\WINDOWS\Installer\6776.msi : (Dell Getting Started Guide - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/11/2015 17:22:06] - C:\WINDOWS\Installer\795ee502.msi : ( - Motorola Mobility) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/01/2002 19:36:16] - C:\WINDOWS\Installer\9ea208.msi : (QuarkXPress - Quark, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[02/05/2017 22:08:24] - C:\WINDOWS\Installer\a117539a.msi : (Dell Update - SupportAssist Update Plugin - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[21/03/2017 12:59:36] - C:\WINDOWS\Installer\b571c269.msi : (Google Drive - Google, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[31/12/2014 11:17:54] - C:\WINDOWS\Installer\c8338.msi : ( - Motorola Mobility LLC) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/05/2013 09:35:53] - C:\WINDOWS\Installer\cd18c7d.msi : (Adobe Widget Browser - Adobe Systems Incorporated.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/05/2013 09:36:28] - C:\WINDOWS\Installer\cd18c83.msi : (Adobe Help - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:20] - C:\WINDOWS\Installer\d8ad4c2.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:20] - C:\WINDOWS\Installer\d8ad4ca.msi : (Blank Project Template - Adobe) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/04/2012 16:58:18] - C:\WINDOWS\Installer\d8ad4f0.msi : (PDF Settings CS6 - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/10/2013 11:35:41] - C:\WINDOWS\Installer\e6fe240.msi : (Adobe Content Viewer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[03/07/2017 21:20:38] - C:\WINDOWS\Installer\e862cb60.msi : (Dell SupportAssist Agent - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[17/03/2015 04:42:22] - C:\WINDOWS\Installer\fc2a5.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]

---------- | %System%\*.in*

[18/03/2017 16:56:50] - [3458] - C:\WINDOWS\System32\ieuinit.inf
[17/02/2011 01:46:35] - [5262] - C:\WINDOWS\System32\MBEptMon.ini
[17/02/2011 01:46:35] - [5262] - C:\WINDOWS\System32\MCEptMon.ini
[26/07/2017 06:00:56] - [1202892] - C:\WINDOWS\System32\PerfStringBackup.INI
[18/03/2017 16:58:24] - [60124] - C:\WINDOWS\System32\tcpmon.ini
[17/02/2011 01:46:35] - [6507] - C:\WINDOWS\System32\THXCfg64.ini
[18/03/2017 16:57:50] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
[17/03/2011 15:01:56] - [423] - C:\WINDOWS\Syswow64\dext536.ini
[18/03/2017 16:59:49] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
[10/07/2012 21:13:45] - [2395] - C:\WINDOWS\Syswow64\lgAxconfig.ini
[26/07/2017 06:00:44] - [975864] - C:\WINDOWS\Syswow64\PerfStringBackup.INI
[18/03/2017 16:58:48] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini

---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan

[MD5.A681527B9F23DD5F1A6C8D3F621E814E] - |A| - [18/03/2017 16:57:20] - (.-.) - [14.73 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
[MD5.5FDD24FAC55C4D679046EE4ECA3F7D46] - |A| - [26/07/2017 09:48:47] - (.-.) - [552.6 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
[MD5.094CC83DED57C0364C03D70C5187AC70] - |N| - [15/04/2013 15:56:33] - (.-.) - [2.26 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\Adobe Gamma Loader.lnk.CommonStartup
[MD5.5700476B03FB5996A3A3AFF1C7A86DB3] - |N| - [15/04/2013 15:56:33] - (.-.) - [1.27 Ko] - (0.0.0.0) - C:\WINDOWS\PSS\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
[MD5.72AD8158696FD270EDB234929C18AC94] - |A| - [02/08/2017 18:43:21] - (.-.) - [28.65 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\adobegc.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [02/08/2017 18:44:46] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\CMcUploader.log
[MD5.00000000000000000000000000000000] - |D| - [02/08/2017 18:43:20] - [6.9 Ko] - C:\WINDOWS\Temp\CreativeCloud
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 04:13:44] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSAPIDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 04:13:43] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\FXSTIFFDebugLogFile.txt
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [03/08/2017 16:04:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\JET96E2.tmp
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |AT| - [02/08/2017 18:46:52] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\JETDC67.tmp
[MD5.822C5DCBD567E2B2CA51BF4696B326A0] - |A| - [02/08/2017 18:36:34] - (.-.) - [2.14 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
[MD5.00000000000000000000000000000000] - |D| - [02/08/2017 18:41:47] - [1084 Ko] - C:\WINDOWS\Temp\NVIDIA Corporation
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |A| - [03/08/2017 16:01:12] - (.-.) - [0 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\officeclicktorun.exe_streamserver(20170803160112DEC).log
[MD5.39A906B659BC11D6EAB5ABE59660E896] - |A| - [03/08/2017 03:57:59] - (.-.) - [12.09 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\STEVE-PC-20170803-0357.log
[MD5.D67BB34659876CC89B368C7BC7C32AD1] - |A| - [03/08/2017 16:01:10] - (.-.) - [10 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\STEVE-PC-20170803-1601.log
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:16] - [0 Ko] - C:\WINDOWS\System32\0409
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:42:47] - [338.16 Ko] - C:\WINDOWS\System32\1033
[MD5.9DF265FDB32441BB6ECB7065B24F1294] - |AH| - [14/07/2009 00:45:49] - (.-.) - [21.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.9DF265FDB32441BB6ECB7065B24F1294] - |AH| - [14/07/2009 00:45:49] - (.-.) - [21.94 Ko] - (0.0.0.0) - C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 16:57:42] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
[MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [18/03/2017 16:58:18] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
[MD5.3937359E324E15F6A7A7092D4DAEBD64] - |A| - [18/03/2017 16:57:25] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@bitlockertoastimage.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 16:58:17] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
[MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [18/03/2017 16:58:29] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
[MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [18/03/2017 16:58:29] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 16:58:21] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
[MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [18/03/2017 16:58:18] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
[MD5.13EF2C8D799F7B6E9D8E3D6BACB9C779] - |A| - [18/03/2017 16:57:53] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
[MD5.F553B252FEC3134D4F5303D9B25298B3] - |A| - [18/03/2017 16:56:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsUpdateToastIcon.png
[MD5.D0FCF781D0801ABF5F74B54E98076A5B] - |A| - [18/03/2017 16:58:13] - (.-.) - [0.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanNotificationIcon.png
[MD5.85D91E478AF18125007C531227FF6E59] - |A| - [18/03/2017 16:58:13] - (.-.) - [0.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WwanSimLockIcon.png
[MD5.E21E74D118E16FF9BA42A6F87F34E9B0] - |A| - [18/03/2017 16:57:00] - (.-.) - [435.67 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
[MD5.6EFDA8DB98B0C9100D79680C0B6C7FFF] - |A| - [17/02/2011 01:46:30] - (.-.) - [225.5 Ko] - (1.0.262.0) - C:\WINDOWS\System32\APOMgr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [2480.52 Ko] - C:\WINDOWS\System32\appraiser
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273.5 Ko] - C:\WINDOWS\System32\ar-SA
[MD5.EFFD0ABB4DDD2CCDD511F903D042AD5B] - |A| - [18/03/2017 16:57:05] - (.-.) - [77.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AverageRoom.bin
[MD5.B13766AFE48C3CF775F53CE90488F7DE] - |A| - [18/03/2017 16:57:03] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [90.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
[MD5.4B307488C9D3D1030DEC61FA4DAC7EE0] - |RA| - [18/03/2017 16:59:10] - (.-.) - [116.23 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureBrackets.hcp
[MD5.DC112F4CFDF23AAF5CB0F46BE92CB1CE] - |RA| - [18/03/2017 16:59:10] - (.-.) - [122.08 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureCountdown.hcp
[MD5.F80C2CB1D5A28528D662B0DDF440F0F3] - |RA| - [18/03/2017 16:59:10] - (.-.) - [17.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\CaptureToast.hcp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [76609.74 Ko] - C:\WINDOWS\System32\CatRoot
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [30944.78 Ko] - C:\WINDOWS\System32\catroot2
[MD5.505F03C9B60B104107C83A3402850E19] - |A| - [17/02/2011 01:46:30] - (.-.) - [87 Ko] - (1.0.62.0) - C:\WINDOWS\System32\CmdRtr64.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [3068.72 Ko] - C:\WINDOWS\System32\CodeIntegrity
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [357.5 Ko] - C:\WINDOWS\System32\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [336023.91 Ko] - C:\WINDOWS\System32\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300.5 Ko] - C:\WINDOWS\System32\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [295 Ko] - C:\WINDOWS\System32\da-DK
[MD5.75BC227ACD70C906785DB11F853165E4] - |A| - [18/03/2017 16:58:29] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DataStoreCacheDumpTool.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [190.86 Ko] - C:\WINDOWS\System32\DDFs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [333 Ko] - C:\WINDOWS\System32\de-DE
[MD5.618BA9E529EAB7E11DBA43469481835F] - |A| - [18/03/2017 16:57:05] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
[MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [18/03/2017 17:03:37] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
[MD5.46BBA24DEED94A68F244D5DBA4161948] - |A| - [30/07/2015 17:55:12] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DESKTOP-VRKVT78_Administrator_HistoryPrediction.bin
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [870 Ko] - C:\WINDOWS\System32\DiagSvcs
[MD5.E82380D30048D73E4D4CB8C925F6E721] - |A| - [18/03/2017 16:57:58] - (.-.) - [90.03 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [7492.54 Ko] - C:\WINDOWS\System32\Dism
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [1126.54 Ko] - C:\WINDOWS\System32\downlevel
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:02:55] - [99494.42 Ko] - C:\WINDOWS\System32\drivers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [2489007.1 Ko] - C:\WINDOWS\System32\DriverStore
[MD5.00000000000000000000000000000000] - |DC| - [17/03/2012 20:43:19] - [0 Ko] - C:\WINDOWS\System32\DRVSTORE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [149 Ko] - C:\WINDOWS\System32\dsc
[MD5.DE6E5B926B9610EF56BDE4D0C786D5BD] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Bass Enhancement COM DLL.) - [492.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBassEnhancementDLL64.dll
[MD5.D18563EACBA8F6A2A72D2F0E5FB2BA85] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Boost COM DLL.) - [1084.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSBoostDLL64.dll
[MD5.B507F4F5B3511AF5CC3C5B25F350553C] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Gain Compensator COM DLL.) - [259.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGainCompensatorDLL64.dll
[MD5.8166DC224B2A94F6AFDF679830EBA6E1] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS GFX APO.) - [120.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSGFXAPO64.dll
[MD5.AF4C3EF86948E6C29AC0AAC90A35961B] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS LFX APO.) - [120.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLFXAPO64.dll
[MD5.2BBA69E37995CD5F7B55EAB7E2C0585F] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Limiter COM DLL.) - [262.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSLimiterDLL64.dll
[MD5.7C13EC4E581AF7AA8807DE3B6E131440] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS NEO

C COM DLL.) - [307.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSNeoPCDLL64.dll
[MD5.1DA288F5CE50BAF239B3DB2FFE406403] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Surround Sensation Headphone COM DLL.) - [1150.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2HeadphoneDLL64.dll
[MD5.02D7167E5E263D2F3BA549D257911450] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Surround Sensation Speaker COM DLL.) - [1294.27 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSS2SpeakerDLL64.dll
[MD5.789C3C3FDCA799F905861961F39BE174] - |A| - [17/02/2011 03:12:39] - (.(c) DTS. - DTS Voice Clarity COM DLL.) - [463.77 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DTSVoiceClarityDLL64.dll
[MD5.B438E6C7A6C395E0C2B31E80112C3ACE] - |A| - [26/07/2017 09:48:36] - (.-.) - [31.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\edgehtmlpluginpolicy.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [329.5 Ko] - C:\WINDOWS\System32\el-GR
[MD5.6D56926413AB840FABEFDB68FD939DED] - |A| - [03/10/2015 02:58:07] - (.-.) - [22.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:16] - [3368.5 Ko] - C:\WINDOWS\System32\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [242.5 Ko] - C:\WINDOWS\System32\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [41439.11 Ko] - C:\WINDOWS\System32\en-US
[MD5.044EEC41BB39C3F8FC6175DAEAADDB35] - |A| - [17/02/2011 01:46:35] - (.Copyright (C) 2009 -.) - [21 Ko] - (1.0.0.2) - C:\WINDOWS\System32\EptMon64.dll
[MD5.D5ACF04BA5A9D7D92387CA1D5C8E8A6D] - |A| - [17/02/2011 01:46:35] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [138 Ko] - (0.0.0.6) - C:\WINDOWS\System32\EptMon64.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [322 Ko] - C:\WINDOWS\System32\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [266 Ko] - C:\WINDOWS\System32\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [239 Ko] - C:\WINDOWS\System32\et-EE
[MD5.00000000000000000000000000000000] - |D| - [03/05/2011 07:24:17] - [154.5 Ko] - C:\WINDOWS\System32\EventProviders
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [28407.16 Ko] - C:\WINDOWS\System32\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300.5 Ko] - C:\WINDOWS\System32\fi-FI
[MD5.B2FBC7C854CD32622D3AC2C22DFF6657] - |A| - [26/07/2017 05:55:55] - (.-.) - [5102.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273 Ko] - C:\WINDOWS\System32\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [330 Ko] - C:\WINDOWS\System32\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
[MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [18/03/2017 16:57:02] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
[MD5.00000000000000000000000000000000] - |HD| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [260.5 Ko] - C:\WINDOWS\System32\he-IL
[MD5.762F865F75F21FCB260E7C95404B5110] - |A| - [18/03/2017 16:58:18] - (.-.) - [122.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HeatCore.dll
[MD5.7B7859030FF4D38A912A7BCC4A1B3B5E] - |A| - [18/03/2017 16:59:09] - (.-.) - [14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HolographicShareInterop.ProxyStub.dll
[MD5.BA287DEB65C43E5EDD24A49871C0A3B2] - |A| - [07/05/2008 20:59:36] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HPEACLHN.HPI
[MD5.C835670705596AE67EE7E0AE92A12071] - |A| - [07/05/2008 20:59:34] - (.Copyright (C) 1999 - LanguageMonitor.) - [47.5 Ko] - (61.53.25.9) - C:\WINDOWS\System32\HPZLLLHN.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [249 Ko] - C:\WINDOWS\System32\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [304.5 Ko] - C:\WINDOWS\System32\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:31:25] - [31.52 Ko] - C:\WINDOWS\System32\Hydrogen
[MD5.A565537F1580872AE5B95D0CA457D780] - |A| - [18/03/2017 16:58:01] - (.-.) - [44.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5.36 Ko] - C:\WINDOWS\System32\ias
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
[MD5.6DF9BA3AD0CD866EE939C4C49CEA7B30] - |A| - [18/03/2017 16:57:35] - (.-.) - [188.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [25951.17 Ko] - C:\WINDOWS\System32\IME
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5848.46 Ko] - C:\WINDOWS\System32\inetsrv
[MD5.479B7966309A411BF4FC34898AC96557] - |A| - [18/03/2017 16:58:10] - (.-.) - [134.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6446.5 Ko] - C:\WINDOWS\System32\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [326.5 Ko] - C:\WINDOWS\System32\it-IT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [236 Ko] - C:\WINDOWS\System32\ja-jp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [233.5 Ko] - C:\WINDOWS\System32\ko-KR
[MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [18/03/2017 16:57:05] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [79.18 Ko] - C:\WINDOWS\System32\Licenses
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [15906.33 Ko] - C:\WINDOWS\System32\LogFiles
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [244.5 Ko] - C:\WINDOWS\System32\lt-LT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [246.5 Ko] - C:\WINDOWS\System32\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [58707.89 Ko] - C:\WINDOWS\System32\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:11] - [0 Ko] - C:\WINDOWS\System32\manifeststore
[MD5.0ECBE652DF11AFF8629225DE4497956B] - |A| - [17/02/2011 03:12:40] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [318.27 Ko] - (2.2.7.0) - C:\WINDOWS\System32\MaxxAudioAPO20.dll
[MD5.87B5AB256A5A068EDDA0F4B4FAC728CC] - |A| - [17/02/2011 03:12:40] - (.Copyright © 1996-2007 -.) - [2145.77 Ko] - (5.9.7.0) - C:\WINDOWS\System32\MaxxAudioEQ.dll
[MD5.25D74864274539330DCC4234140D11AF] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [593.59 Ko] - (1.0.19.0) - C:\WINDOWS\System32\MBAPO64.dll
[MD5.51ABC892625A3643312EED429891E51F] - |A| - [17/02/2011 01:46:35] - (.-.) - [5.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBEptMon.ini
[MD5.E8B2CB14CA0238566BDB20BD2A06D733] - |A| - [26/07/2017 09:38:59] - (.-.) - [760 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MBR2GPT.EXE
[MD5.4398FC24DCF85FD2B6BA3D042B41C136] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [386.59 Ko] - (1.0.15.106) - C:\WINDOWS\System32\MBTHX64.dll
[MD5.04CFE870C30640C9A369E0FE8C654B98] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2008 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [77.09 Ko] - (1.0.0.110) - C:\WINDOWS\System32\MBWrp64.dll
[MD5.A5C2F411EB72515B727BF13655B63910] - |A| - [17/02/2011 01:46:35] - (.-.) - [5.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MCEptMon.ini
[MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [18/03/2017 16:57:05] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
[MD5.31E7520068D87A40E7E5BA247A961A1E] - |A| - [01/05/2016 18:12:28] - (.Copyright© 1995-2017 McAfee, Inc. - McAfee Process Validation Service.) - [335.49 Ko] - (15.6.0.2180) - C:\WINDOWS\System32\mfevtps.exe
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:33:06] - [1141.29 Ko] - C:\WINDOWS\System32\Microsoft
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6389.46 Ko] - C:\WINDOWS\System32\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [47456.11 Ko] - C:\WINDOWS\System32\migwiz
[MD5.BFCAC401B7FB654756E39BB4A536B934] - |A| - [23/07/2013 14:25:50] - (.Copyright (C) Motorola Inc 2006 - Class-Installer DLL for Motorola USB Devices.) - [15.25 Ko] - (1.1.0.0) - C:\WINDOWS\System32\mot_ci.dll
[MD5.00000000000000000000000000000000] - |D| - [15/07/2013 03:00:49] - [0 Ko] - C:\WINDOWS\System32\MRT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4308.28 Ko] - C:\WINDOWS\System32\MsDtc
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:29:13] - [12308.28 Ko] - C:\WINDOWS\System32\msmq
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [18/03/2017 16:56:51] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [18/03/2017 16:56:51] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [18/03/2017 16:56:51] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\System32\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6 Ko] - C:\WINDOWS\System32\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290 Ko] - C:\WINDOWS\System32\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [640 Ko] - C:\WINDOWS\System32\NDF
[MD5.6EF71C58C8E923B1F07A875755932328] - |A| - [26/07/2017 05:56:07] - (.-.) - [30.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
[MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [18/03/2017 16:57:02] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [85 Ko] - C:\WINDOWS\System32\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311.5 Ko] - C:\WINDOWS\System32\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
[MD5.04653A68FFC7EAD514D6FDDB20328872] - |A| - [13/01/2010 20:52:32] - (.-.) - [248.11 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvApps.xml
[MD5.E62F8C2605B246BAF65ADE943D9F4397] - |A| - [26/07/2017 05:59:50] - (.-.) - [7337.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvcoproc.bin
[MD5.D2F97628565A5682B5BA22A468220178] - |A| - [17/02/2011 03:12:12] - (.-.) - [21.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvdisp.nvu
[MD5.EB811062A64AE9B418DC03EE2EFC9D40] - |A| - [14/11/2016 05:30:58] - (.-.) - [25.54 Ko] - (0.0.0.0) - C:\WINDOWS\System32\nvinfo.pb
[MD5.0BE0B15C2653804118B767D8117A72B4] - |A| - [13/01/2010 20:52:32] - (.-.) - [66.98 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NvwsApps.xml
[MD5.C9246EF96F14CB2F0C393F73A20590D8] - |A| - [18/03/2017 17:03:38] - (.-.) - [15.57 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
[MD5.2901049544FDF863362FABA2363EB647] - |A| - [18/03/2017 16:57:12] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [14299.16 Ko] - C:\WINDOWS\System32\oobe
[MD5.42D2360079B1DF3230024AE920737367] - |A| - [18/03/2017 16:57:05] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
[MD5.F19AF6C2D43F1541046A2A8E0849EB05] - |A| - [18/03/2017 17:05:34] - (.-.) - [215.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
[MD5.1E60BC5E525063B96078DF17FBD3C4E1] - |A| - [18/03/2017 17:05:34] - (.-.) - [32.64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
[MD5.213D7CAA56B096B79CADDEF40730DD08] - |A| - [18/03/2017 17:05:34] - (.-.) - [955.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
[MD5.27A6232B60603C969353A004958034EC] - |A| - [26/07/2017 06:00:56] - (.-.) - [1174.7 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [310 Ko] - C:\WINDOWS\System32\pl-PL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [634 Ko] - C:\WINDOWS\System32\PointOfService
[MD5.007893E8374C766471239EB291BA8C17] - |A| - [18/03/2017 16:57:54] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311.5 Ko] - C:\WINDOWS\System32\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [307 Ko] - C:\WINDOWS\System32\pt-PT
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [23.75 Ko] - C:\WINDOWS\System32\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\System32\RasToast
[MD5.E374D08058345975D8767670F79C4A4C] - |A| - [27/07/2015 09:21:08] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [87.02 Ko] - (0.0.0.5) - C:\WINDOWS\System32\RazerCoinstaller.dll
[MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [18/03/2017 16:58:01] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
[MD5.D9DF00023703568AE6B4303E3C5C90BB] - |A| - [18/03/2017 16:57:47] - (.-.) - [8.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
[MD5.99C7924C7268BABB5C4E3CFD2EE03331] - |A| - [18/03/2017 16:57:47] - (.-.) - [8.28 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.07 Ko] - C:\WINDOWS\System32\restore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [251.5 Ko] - C:\WINDOWS\System32\ro-RO
[MD5.5245E1443EE4DC110DF9217E1D0AEB0A] - |A| - [17/02/2011 03:12:40] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [300.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DAA64.dll
[MD5.95A95297D5689F61F1FBC6A328075356] - |A| - [17/02/2011 03:12:40] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [300.7 Ko] - (6.0.6001.18) - C:\WINDOWS\System32\RP3DHT64.dll
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:43:38] - [0 Ko] - C:\WINDOWS\System32\RsFx
[MD5.483849E481652C22BAFC8052414B3099] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [197.2 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEED64A.dll
[MD5.CDB380C1138EDCDC5BE166DE887D581C] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [74.7 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEG64A.dll
[MD5.CB3CF9915ED7888FDBAF3694775DCCC7] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [96.7 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEL64A.dll
[MD5.6B0EBD56951F62D4E86B7CBE8613B05A] - |A| - [17/02/2011 03:12:40] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [364.2 Ko] - (6.1.6001.33) - C:\WINDOWS\System32\RTEEP64A.dll
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [18/03/2017 16:59:52] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
[MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [18/03/2017 16:58:03] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [253 Ko] - C:\WINDOWS\System32\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [249 Ko] - C:\WINDOWS\System32\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 05:56:01] - [3744.76 Ko] - C:\WINDOWS\System32\SleepStudy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
[MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [18/03/2017 16:57:05] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:20] - [12617.02 Ko] - C:\WINDOWS\System32\SMI
[MD5.76F8BDA4D4AA4AA4C4D84C2E2660E6FF] - |A| - [18/03/2017 16:57:05] - (.-.) - [36.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SpectrumSyncClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [7480.91 Ko] - C:\WINDOWS\System32\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [11493.63 Ko] - C:\WINDOWS\System32\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [135546.68 Ko] - C:\WINDOWS\System32\spool
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [9848.58 Ko] - C:\WINDOWS\System32\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [31.88 Ko] - C:\WINDOWS\System32\sppui
[MD5.00000000000000000000000000000000] - |D| - [03/05/2011 07:25:18] - [1775.5 Ko] - C:\WINDOWS\System32\SPReview
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\System32\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [251.5 Ko] - C:\WINDOWS\System32\sr-Latn-RS
[MD5.5128BC123224124D67397A1BE698431C] - |A| - [18/03/2017 16:57:16] - (.-.) - [56.63 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |A| - [17/02/2011 03:12:41] - (.(c) 2007 SRS Labs, Inc. - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\WINDOWS\System32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |A| - [17/02/2011 03:12:41] - (.Copyright (c) 2006 SRS Labs, Inc.. - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\WINDOWS\System32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |A| - [17/02/2011 03:12:41] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\WINDOWS\System32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |A| - [17/02/2011 03:12:41] - (.(c) 2006 SRS Labs, Inc. - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\WINDOWS\System32\SRSWOW64.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [10008 Ko] - C:\WINDOWS\System32\sru
[MD5.E042A078EDE878E1F489D08F045D2205] - |A| - [18/03/2017 16:57:05] - (.-.) - [368.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [296 Ko] - C:\WINDOWS\System32\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:22] - [1595.52 Ko] - C:\WINDOWS\System32\Sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [905.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [590.1 Ko] - C:\WINDOWS\System32\Tasks
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [693.46 Ko] - C:\WINDOWS\System32\Tasks_Migrated
[MD5.D602CA245CC6774A0981B607F0675609] - |A| - [18/03/2017 16:58:24] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [234 Ko] - C:\WINDOWS\System32\th-TH
[MD5.76B59C460C95503032E35F00BE125F7D] - |A| - [17/02/2011 01:46:35] - (.Copyright (C) 2009 -.) - [17.5 Ko] - (1.3.0.0) - C:\WINDOWS\System32\THXCfg64.dll
[MD5.D5ACF04BA5A9D7D92387CA1D5C8E8A6D] - |A| - [17/02/2011 01:46:35] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [138 Ko] - (0.0.0.6) - C:\WINDOWS\System32\THXCfg64.exe
[MD5.3121A832B0E95BBEF7A40CA68789F65D] - |A| - [17/02/2011 01:46:35] - (.-.) - [6.35 Ko] - (0.0.0.0) - C:\WINDOWS\System32\THXCfg64.ini
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [293 Ko] - C:\WINDOWS\System32\tr-TR
[MD5.B88B8D017386A00D7724519F475317A0] - |A| - [18/03/2017 16:58:18] - (.-.) - [10.33 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
[MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [18/03/2017 16:58:18] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [247 Ko] - C:\WINDOWS\System32\uk-UA
[MD5.00000000000000000000000000000000] - |D| - [21/07/2017 12:11:41] - [2199.72 Ko] - C:\WINDOWS\System32\UNP
[MD5.00000000000000000000000000000000] - |D| - [24/02/2011 11:43:30] - [0 Ko] - C:\WINDOWS\System32\Wat
[MD5.80007E259BCB3C0534AF73E9E1DB81EC] - |A| - [17/02/2011 03:12:41] - (.Copyright © 1996-2007 - General Library for Plug-Ins.) - [2655.77 Ko] - (1.2.3.4) - C:\WINDOWS\System32\WavesGUILib.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [77869.99 Ko] - C:\WINDOWS\System32\wbem
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [0 Ko] - C:\WINDOWS\System32\WCN
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [95375.75 Ko] - C:\WINDOWS\System32\WDI
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [18/03/2017 16:57:19] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
[MD5.00000000000000000000000000000000] - |D| - [30/07/2015 18:42:06] - [0 Ko] - C:\WINDOWS\System32\wfp
[MD5.39958498B29E8AFB975A5C813BD07151] - |A| - [10/09/2015 01:45:10] - (.-.) - [15.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WIN-NNT08T7CH0A_Administrator_HistoryPrediction.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1.12 Ko] - C:\WINDOWS\System32\WinBioDatabase
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [76166.44 Ko] - C:\WINDOWS\System32\WinBioPlugIns
[MD5.E074DCD31BA803167EDED069D3943391] - |A| - [29/07/2017 03:38:25] - (.Copyright © 2017 - Java(TM) Platform SE binary.) - [107.56 Ko] - (8.0.1440.1) - C:\WINDOWS\System32\WindowsAccessBridge-64.dll
[MD5.558D9282D5CEA82B2253B88017552F33] - |A| - [18/03/2017 16:58:18] - (.-.) - [96 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [9623.75 Ko] - C:\WINDOWS\System32\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [69684 Ko] - C:\WINDOWS\System32\winevt
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4744.09 Ko] - C:\WINDOWS\System32\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [100.11 Ko] - C:\WINDOWS\System32\winrm
[MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [18/03/2017 16:58:17] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
[MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [18/03/2017 16:58:01] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
[MD5.19820EEC2D1A4D264F051B789F79D51A] - |A| - [26/07/2017 09:38:59] - (.-.) - [84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [208 Ko] - C:\WINDOWS\System32\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [3 Ko] - C:\WINDOWS\System32\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [203 Ko] - C:\WINDOWS\System32\zh-TW
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
[MD5.00000000000000000000000000000000] - |D| - [29/01/2014 21:42:47] - [338.66 Ko] - C:\WINDOWS\SysWOW64\1033
[MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [18/03/2017 16:58:44] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
[MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [18/03/2017 16:58:54] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
[MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [18/03/2017 16:58:51] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
[MD5.00000000000000000000000000000000] - |AD| - [25/07/2017 18:07:22] - [33877.48 Ko] - C:\WINDOWS\SysWOW64\Adobe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 07:40:24] - [1998.91 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
[MD5.0318EF37B87CE585BAFB81FCE93D7D1F] - |A| - [17/02/2011 01:46:30] - (.-.) - [173.5 Ko] - (1.0.262.0) - C:\WINDOWS\SysWOW64\APOMngr.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [255 Ko] - C:\WINDOWS\SysWOW64\ar-SA
[MD5.00000000000000000000000000000000] - |D| - [26/07/2017 09:29:13] - [12.45 Ko] - C:\WINDOWS\SysWOW64\BestPractices
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [234 Ko] - C:\WINDOWS\SysWOW64\bg-BG
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot2
[MD5.FE02416988970A924C302C8E448BB703] - |A| - [17/02/2011 01:46:30] - (.-.) - [72 Ko] - (1.0.62.0) - C:\WINDOWS\SysWOW64\CmdRtr.DLL
[MD5.00000000000000000000000000000000] - |D| - [17/06/2011 10:22:25] - [1966.15 Ko] - C:\WINDOWS\SysWOW64\Color
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [314 Ko] - C:\WINDOWS\SysWOW64\Com
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [298.59 Ko] - C:\WINDOWS\SysWOW64\config
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration
[MD5.1CF0529D445499506E9DDD3103891352] - |A| - [25/02/2011 09:32:25] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Connection Manager Control.) - [80 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\CONNMGR.OCX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [275 Ko] - C:\WINDOWS\SysWOW64\da-DK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [311 Ko] - C:\WINDOWS\SysWOW64\de-DE
[MD5.00000000000000000000000000000000] - |D| - [16/02/2017 19:28:42] - [0 Ko] - C:\WINDOWS\SysWOW64\Dell
[MD5.64533FF57D88EECC2A3FF8DFEC69B687] - |A| - [17/03/2011 15:01:56] - (.-.) - [0.41 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\dext536.ini
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [201.5 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [5895.52 Ko] - C:\WINDOWS\SysWOW64\Dism
[MD5.926BCC297B7F9C3F484F84C83AD88773] - |A| - [09/05/2015 15:21:21] - (.Copyright © MicroWorld Technologies Inc. - eScan Empty Container.) - [152.73 Ko] - (2.0.0.8) - C:\WINDOWS\SysWOW64\eEmpty.exe
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [306.5 Ko] - C:\WINDOWS\SysWOW64\el-GR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:18] - [3117.5 Ko] - C:\WINDOWS\SysWOW64\en
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [223 Ko] - C:\WINDOWS\SysWOW64\en-GB
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [34366.38 Ko] - C:\WINDOWS\SysWOW64\en-US
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [300 Ko] - C:\WINDOWS\SysWOW64\es-ES
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [244.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [220 Ko] - C:\WINDOWS\SysWOW64\et-EE
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [24114.66 Ko] - C:\WINDOWS\SysWOW64\F12
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [279.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
[MD5.00B63254CADD65A267437C699A1FBA95] - |A| - [16/06/2015 16:31:08] - (.- Microsoft® Forms DLL.) - [1218.66 Ko] - (15.0.4737.1000) - C:\WINDOWS\SysWOW64\FM20.DLL
[MD5.2E3D0E3185C825AFE912F19FFE5B1CDD] - |A| - [01/10/2012 21:34:38] - (.- Microsoft® Forms International DLL.) - [31.14 Ko] - (15.0.4420.1017) - C:\WINDOWS\SysWOW64\FM20ENU.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [250.5 Ko] - C:\WINDOWS\SysWOW64\fr-CA
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [307 Ko] - C:\WINDOWS\SysWOW64\fr-FR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [243 Ko] - C:\WINDOWS\SysWOW64\he-IL
[MD5.2927ADFC93821B344BA524BCF9889A51] - |A| - [18/03/2017 16:58:54] - (.-.) - [109.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\HeatCore.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [229 Ko] - C:\WINDOWS\SysWOW64\hr-HR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [283 Ko] - C:\WINDOWS\SysWOW64\hu-HU
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
[MD5.5219029E9DF510AC03C5BE92A6B72D7A] - |A| - [25/02/2011 09:32:30] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Application Support File.) - [88 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\ImageServerMI.dll
[MD5.90AAEEF5B19E2C4A54CE8390B442CE01] - |A| - [25/02/2011 09:32:25] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - Application Support File.) - [44 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\ImportClient.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [8338.94 Ko] - C:\WINDOWS\SysWOW64\inetsrv
[MD5.98E24B48D08BB4C26D00F6877AB92F31] - |A| - [17/03/2011 15:01:56] - (.-.) - [32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\infcpy.dll
[MD5.24E1434E899B3EC4E3CD4CA56AA63BC6] - |A| - [18/03/2017 16:58:54] - (.-.) - [114.09 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\InputHost.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [221.5 Ko] - C:\WINDOWS\SysWOW64\InputMethod
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
[MD5.00000000000000000000000000000000] - |D| - [17/03/2011 15:04:54] - [16216 Ko] - C:\WINDOWS\SysWOW64\ipp20
[MD5.007407AB49924B40750B3976FD657B98] - |A| - [17/03/2011 15:03:40] - (.-.) - [40 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\IPPCPUID.DLL
[MD5.F5828E28301A6BB0F8953387DF68DCDC] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [36 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfbmp11n.dll
[MD5.FB8EA3C207B13E11431382FC3888DDDA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [278.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\LFCMP11n.DLL
[MD5.BBEC3A597A6A7603D86E13E3634093C3] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [30.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfeps11n.dll
[MD5.11DE62A50DFC9B0A5FAE1ABFAFF71A1C] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [79.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lffax11n.dll
[MD5.987F202D2EDD56F00147ACD0CBACCB2A] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [40.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfgif11n.dll
[MD5.8D3CDD3ABB133526407FE57CD5505AC4] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [25.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpcd11n.dll
[MD5.C8A32AA8830DEF259794C90F7ADCB930] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [32.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpcx11n.dll
[MD5.E2320435BE26E03EBB1FD9256886AC72] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [168 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\Lfpng11n.dll
[MD5.0F76CD55A9CC3013F244A6DB88790367] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [55 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfpsd11n.dll
[MD5.C66F8220234603EC8ADEA942042376DF] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [148.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lftif11n.dll
[MD5.09F4129675CE57F2B14D647ED91C9EC6] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [58 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfwmf11n.dll
[MD5.A90A15A0BF7328C75040D94349B2AD8D] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [27 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\lfwpg11n.dll
[MD5.70CB93BC4219F83AA3F16FF4194EE01E] - |A| - [10/07/2012 21:13:45] - (.-.) - [2.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\lgAxconfig.ini
[MD5.B70E2C66006328D0FD087549B0648511] - |A| - [21/02/2003 11:01:32] - (.Copyright © 2001 - Guide Runtime Library.) - [176 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\libguide40.dll
[MD5.ABD99C090DC8DE24311769827095CCA8] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [256.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\LTDIS11n.dll
[MD5.68FE12C5785B30B360BACE26A867FBAA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [116 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltfil11n.DLL
[MD5.824C1F22548A2A949CD1F77DA4253221] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [124.5 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltimg11n.dll
[MD5.0268E31EA510A41900B2A3CDC25E6520] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Win32.) - [383 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltkrn11n.dll
[MD5.B782098F7ADC4AD566D1602E8E0A9EFA] - |A| - [25/02/2011 09:32:30] - (.Copyright© LEAD Technologies,Inc.1991-1999 - LEADTOOLS(r) DLL for Windows.) - [44.86 Ko] - (11.5.0.12) - C:\WINDOWS\SysWOW64\ltvdd11w.drv
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [226.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [75366.79 Ko] - C:\WINDOWS\SysWOW64\Macromed
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
[MD5.00000000000000000000000000000000] - |D| - [13/07/2009 23:20:14] - [0 Ko] - C:\WINDOWS\SysWOW64\manifeststore
[MD5.53407BDDFBB93BFBC2F2E7948F05A7AC] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [518.59 Ko] - (1.0.19.0) - C:\WINDOWS\SysWOW64\MBAPO32.dll
[MD5.326495339BBAC1A334457831EBD39EA0] - |A| - [17/02/2011 03:12:40] - (.Copyright (c) 2006-2009 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [300.59 Ko] - (1.0.15.106) - C:\WINDOWS\SysWOW64\MBTHX32.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [3813.72 Ko] - C:\WINDOWS\SysWOW64\migration
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [814.41 Ko] - C:\WINDOWS\SysWOW64\migwiz
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
[MD5.18403DE4979A328F21279DECB2E4298F] - |A| - [18/03/2017 16:59:50] - (.-.) - [3.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqpub.mof
[MD5.E0640DE5407EEE4C6E16D839243B71F9] - |A| - [18/03/2017 16:59:50] - (.-.) - [8.88 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrc.mof
[MD5.3ED9AC3EE11EE2C16E2E41F0DC4BAD42] - |A| - [18/03/2017 16:59:50] - (.-.) - [0.87 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\msmqtrcRemove.mof
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [271 Ko] - C:\WINDOWS\SysWOW64\nb-NO
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290 Ko] - C:\WINDOWS\SysWOW64\nl-NL
[MD5.00000000000000000000000000000000] - |SD| - [18/03/2017 17:03:29] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
[MD5.F19EF622B44422E5DDB75D0AE1ACB427] - |A| - [29/08/2016 22:34:25] - (.Copyright © 2005-2009 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - packet.dll (Vista) Dynamic Link Library.) - [94.52 Ko] - (4.1.0.1753) - C:\WINDOWS\SysWOW64\Packet.dll
[MD5.D63A50478341E027570E806B8253B9B3] - |A| - [26/07/2017 06:00:44] - (.-.) - [952.99 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\PerfStringBackup.INI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [288 Ko] - C:\WINDOWS\SysWOW64\pl-PL
[MD5.343236A65DAADED872E57646EAD06D5A] - |A| - [25/02/2011 09:32:28] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PMAppBuilder Module.) - [776 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PMAppBuilder.dll
[MD5.338B076F59DFD9CE5DFDC50EBD1BE0F9] - |A| - [25/02/2011 09:32:28] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PMovieServer Module.) - [100 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PMovieServer.dll
[MD5.7F292D50B164D82303BC329DB3377399] - |A| - [25/02/2011 09:32:30] - (.© 2001, TLC Productivity Properties LLC, and its licensors. - PretzelSpellCheck Module.) - [52 Ko] - (3.5.0.921) - C:\WINDOWS\SysWOW64\PretzelSpellCheck.dll
[MD5.F5D9ACA163DEEA9DCF42B29C60CD17F6] - |A| - [25/02/2011 09:39:52] - (.(c) 1999 Broderbund - ExpressIt.com Graphics Display Plugin v,2,2,5,0.) - [188 Ko] - (2.2.5.0) - C:\WINDOWS\SysWOW64\PretzlDn.dll
[MD5.0C118EFBB4F7A0E5B83FB238B6A0B972] - |A| - [25/02/2011 09:39:52] - (.Copyright (c) 1999 Broderbund - ExpressIt Upload Plugin v,2,5,4,0.) - [240 Ko] - (2.5.4.0) - C:\WINDOWS\SysWOW64\PretzlUp.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [550.35 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [290.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [285.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
[MD5.12BDA5627846E7BB34BE67314FDC7158] - |A| - [25/02/2011 09:32:28] - (.- PTABIMP3 MFC Application.) - [29.38 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\Ptabimp3.exe
[MD5.F04A90F917BA10AE2DCBE859870F4DEA] - |A| - [29/08/2016 22:34:25] - (.-.) - [52.05 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\pthreadVC.dll
[MD5.D9244612ED58ECB77B4F486FBCEA9D24] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [21.33 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\PTSAAB30.DLL
[MD5.53F4D179EE4DCBED53BB1BB6DE783CA5] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [99 Ko] - (4.0.2.0) - C:\WINDOWS\SysWOW64\Ptsaab32.dll
[MD5.1D17C5755D9DBC72771C0A031F224D7B] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [48.88 Ko] - (4.0.2.0) - C:\WINDOWS\SysWOW64\PTSAABDB.DLL
[MD5.034120E269F8B3AAD07BC108598BC538] - |A| - [25/02/2011 09:32:28] - (.-.) - [113.91 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\Ptsaci40.dll
[MD5.E62669815BF1C131EDFDF5ADEAAA8F10] - |A| - [25/02/2011 09:32:28] - (.Copyright © 1994, Parsons Technology, Inc. - DLL Version Verification Tool.) - [94.5 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\Ptsacx40.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0.82 Ko] - C:\WINDOWS\SysWOW64\Recovery
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
[MD5.388A2B0896FB788B292B1D5B0E893AD4] - |A| - [15/05/2015 22:44:13] - (.-.) - [32.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\rnd_chunk.bin
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [230.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
[MD5.51DC4F92C235FE68BE59ED16E64AD42C] - |A| - [26/04/2016 10:12:33] - (.-.) - [1.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\RtkMsgs.dll
[MD5.0BE719C4DE682B6521535F229D6B9E5E] - |A| - [11/08/2015 07:08:40] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer Audio Manager.) - [412 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzaudiodll.dll
[MD5.99BBCF6B6648D0751B905419B534BD97] - |A| - [11/08/2015 07:08:42] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [1169.5 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdevicedll.dll
[MD5.035CCFD1566C717CE4C1A1C4C1CE79DB] - |A| - [11/08/2015 07:08:52] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDeviceDLL Manager.) - [88 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdevinfo.dll
[MD5.4FE516F1AFAD6DE8AC0CC13CC86E1D68] - |A| - [11/08/2015 07:08:46] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzDisplayDLL Manager.) - [114.5 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rzdisplaydll.dll
[MD5.FDF599C8B3A35AAF41CFB86B1D056727] - |A| - [08/07/2015 02:58:28] - (.Copyright (C) 2014 - Razer Analytics IPC.) - [9.5 Ko] - (1.0.0.5) - C:\WINDOWS\SysWOW64\RzStats.IPC.dll
[MD5.6EC9BA3CC7A422C90E0739D836FDB456] - |A| - [11/08/2015 07:08:52] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzTouchDll.) - [152 Ko] - (1.0.38.0) - C:\WINDOWS\SysWOW64\rztouchdll.dll
[MD5.604E07596BAA1C7DE760DAF5A84DE910] - |A| - [15/07/2015 23:13:46] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzVirtualDev Manager.) - [85.5 Ko] - (1.0.37.0) - C:\WINDOWS\SysWOW64\rzvirtualdev.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [231 Ko] - C:\WINDOWS\SysWOW64\sk-SK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [228.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
[MD5.6513A2A5631F1C79BDC6968000C4A624] - |A| - [17/03/2011 15:01:56] - (.Copyright @ 2001~2002 - SP5X_32.) - [128 Ko] - (1.2.2.1) - C:\WINDOWS\SysWOW64\SP5X_32.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4125.41 Ko] - C:\WINDOWS\SysWOW64\Speech
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [8255.15 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [1271.66 Ko] - C:\WINDOWS\SysWOW64\spp
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [231.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
[MD5.FA4B7023057BF988816AC7FB33450B5B] - |A| - [25/02/2011 09:32:30] - (.Copyright © 1995 Wintertree Software Inc. - Sentry Spelling-Checker Engine.) - [111.5 Ko] - (4.0.0.0) - C:\WINDOWS\SysWOW64\SSCE4132.DLL
[MD5.1291A61F0F4A49E5F4C869E677F67C57] - |A| - [18/03/2017 16:58:39] - (.-.) - [300 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ssdm.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [276.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [215 Ko] - C:\WINDOWS\SysWOW64\th-TH
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [273.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
[MD5.0819D1B753573B8B471893A5754FC09A] - |A| - [17/03/2011 15:03:40] - (.-.) - [148.01 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UninstIPP.isu
[MD5.475DBB32B37621219C81120420225F74] - |A| - [25/02/2011 09:39:52] - (.Copyright © 1999 - Player File.) - [472 Ko] - (2.0.0.4764) - C:\WINDOWS\SysWOW64\vroom.dll
[MD5.17B939C710CD6A12B1AC16263C32D95A] - |A| - [25/02/2011 09:39:52] - (.Copyright © 2000 - vroomlib.) - [172 Ko] - (1.0.0.392) - C:\WINDOWS\SysWOW64\vroomlib.dll
[MD5.B38E8159A7E6CB979BF704E8652278B4] - |A| - [25/02/2011 09:39:52] - (.Copyright © 2001 - Stand alone player.) - [68 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\vroomsap.exe
[MD5.BC15DBC1257C1478393DF2B4FBB169D0] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine Resources.) - [4.18 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBT32RES.DLL
[MD5.4A4D0D055D1E26426AA56897AAD84103] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine.) - [309.68 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTR32.EXE
[MD5.AA18E74BCACA1D8F64383D5F4E4AA685] - |A| - [25/02/2011 09:32:29] - (.Copyright (c) 1982-1994 Btrieve Technologies, Inc. - Btrieve Requester.) - [16.11 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTRCALL.DLL
[MD5.ACDC7F5F927DD048A578AE1547003E06] - |A| - [25/02/2011 09:32:29] - (.Copyright 1989-1994, Btrieve Technologies, Inc. - Microkernel Database Engine Interface.) - [17.29 Ko] - (6.15.2.0) - C:\WINDOWS\SysWOW64\WBTRLOCL.DLL
[MD5.39B116A1A555B8FED12B90BC0A6E6F89] - |A| - [25/02/2011 09:32:29] - (.Copyright 1982-1994 Btrieve Technologies, Inc. - Btrieve Requester Resource DLL.) - [4.03 Ko] - (6.15.1.0) - C:\WINDOWS\SysWOW64\WBTRVRES.DLL
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
[MD5.D676BC75BD566BC91BFEC3D4EDA42655] - |A| - [18/03/2017 16:58:54] - (.-.) - [84.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\WindowsDefaultHeatProcessor.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [7792.81 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [4744.1 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 22:29:19] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
[MD5.DAE5F233818083AF69E2E5133A50A2CB] - |A| - [29/08/2016 22:34:25] - (.Copyright © 2005-2009 CACE Technologies. Copyright © 1999-2005 NetGroup, Politecnico di Torino. - wpcap.dll Dynamic Link Library - based on libpcap 1.0rel0b branch (20091008).) - [274.52 Ko] - (4.1.0.1753) - C:\WINDOWS\SysWOW64\wpcap.dll
[MD5.B6F89F4C37052969C0E5A8CF47C103D5] - |A| - [26/07/2017 09:39:25] - (.-.) - [58.5 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [197.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
[MD5.00000000000000000000000000000000] - |D| - [16/07/2016 07:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\zh-HK
[MD5.00000000000000000000000000000000] - |D| - [18/03/2017 17:03:29] - [192 Ko] - C:\WINDOWS\SysWOW64\zh-TW

---------- | Shell Folders

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead
"AppData"=C:\Users\Steve\AppData\Roaming [26/07/2017 06:02:18]
"Local AppData"=C:\Users\Steve\AppData\Local [26/07/2017 06:02:18]
"{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Libraries [23/02/2011 17:45:15]
"My Video"=C:\Users\Steve\Videos [23/02/2011 17:40:16]
"My Pictures"=C:\Users\Steve\Pictures [23/02/2011 17:40:16]
"Desktop"=C:\Users\Steve\Desktop [23/02/2011 17:40:16]
"History"=C:\Users\Steve\AppData\Local\Microsoft\Windows\History [23/02/2011 17:40:16]
"NetHood"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Network Shortcuts [26/07/2017 06:02:18]
"{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\Steve\Contacts [23/02/2011 17:45:07]
"{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\Steve\AppData\Local\Microsoft\Windows\RoamingTiles [03/10/2015 12:09:29]
"Cookies"=C:\Users\Steve\AppData\Local\Microsoft\Windows\INetCookies [23/02/2011 17:40:16]
"Favorites"=C:\Users\Steve\Favorites [23/02/2011 17:40:16]
"SendTo"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\SendTo [17/09/2016 04:25:05]
"Start Menu"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu [17/09/2016 04:25:05]
"My Music"=C:\Users\Steve\Music [23/02/2011 17:40:16]
"Programs"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [17/09/2016 04:25:05]
"Recent"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Recent [23/02/2011 17:40:16]
"CD Burning"=C:\Users\Steve\AppData\Local\Microsoft\Windows\Burn\Burn [26/07/2017 06:48:38]
"PrintHood"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [26/07/2017 06:02:18]
"{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\Steve\Searches [23/02/2011 17:45:15]
"{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\Steve\Downloads [23/02/2011 17:40:16]
"{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\Steve\AppData\LocalLow [23/02/2011 17:40:16]
"Startup"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [23/02/2011 17:45:15]
"Administrative Tools"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [23/02/2011 17:45:15]
"Personal"=C:\Users\Steve\Downloads\Documents [23/02/2011 17:40:16]
"{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\Steve\Links [23/02/2011 17:40:16]
"Cache"=C:\Users\Steve\AppData\Local\Microsoft\Windows\INetCache [26/07/2017 06:02:18]
"Templates"=C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Templates [26/07/2017 06:02:18]
"{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\Steve\Saved Games [23/02/2011 17:40:16]
"Fonts"=C:\WINDOWS\Fonts [18/03/2017 17:03:29]

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=%USERPROFILE%\AppData\Roaming
"Cache"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
"Cookies"=%USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
"Desktop"=%USERPROFILE%\Desktop
"Favorites"=%USERPROFILE%\Favorites
"History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History
"Local AppData"=%USERPROFILE%\AppData\Local
"My Music"=%USERPROFILE%\Music
"My Pictures"=%USERPROFILE%\Pictures
"My Video"=%USERPROFILE%\Videos
"NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
"PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
"Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
"Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
"SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
"Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
"Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
"Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
"{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads
"Personal"=C:\Users\Steve\Downloads\Documents [23/02/2011 17:40:16]
"{F42EE2D3-909F-4907-8871-4C22FC0BF756}"=%USERPROFILE%\Downloads\Documents

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 17:03:29]
"Common AppData"=C:\ProgramData [18/03/2017 17:03:29]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 23:20:08]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 23:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 17:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 17:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 17:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 23:20:08]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 23:20:08]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 23:20:08]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 23:20:08]
"OEM Links"=C:\ProgramData\OEM\Links

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [18/03/2017 17:03:29]
"Common AppData"=C:\ProgramData [18/03/2017 17:03:29]
"Common Desktop"=C:\Users\Public\Desktop [13/07/2009 23:20:08]
"Common Documents"=C:\Users\Public\Documents [13/07/2009 23:20:08]
"Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/03/2017 17:03:29]
"Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [18/03/2017 17:03:29]
"Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [18/03/2017 17:03:29]
"Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [13/07/2009 23:20:08]
"CommonMusic"=C:\Users\Public\Music [13/07/2009 23:20:08]
"CommonPictures"=C:\Users\Public\Pictures [13/07/2009 23:20:08]
"CommonVideo"=C:\Users\Public\Videos [13/07/2009 23:20:08]
"OEM Links"=C:\ProgramData\OEM\Links

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common AppData"=%ProgramData%
"Common Desktop"=%PUBLIC%\Desktop
"Common Documents"=%PUBLIC%\Documents
"Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs
"Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu
"Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
"Common Templates"=%ProgramData%\Microsoft\Windows\Templates
"CommonMusic"=%PUBLIC%\Music
"CommonPictures"=%PUBLIC%\Pictures
"CommonVideo"=%PUBLIC%\Videos
"{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads

---------- | [Public]

---------- | [Steve]

[26/07/2017 06:02:18] - |D| - [11140807459] - C:\Users\Steve\AppData\Local
[23/02/2011 17:40:16] - |D| - [61697209] - C:\Users\Steve\AppData\LocalLow
[26/07/2017 06:02:18] - |D| - [834659129] - C:\Users\Steve\AppData\Roaming
[24/02/2011 10:47:42] - |D| - [302070292] - C:\Users\Steve\AppData\Local\Adobe
[24/01/2016 14:12:16] - |D| - [2331] - C:\Users\Steve\AppData\Local\Adobe_Systems_Incorporate
[26/07/2017 06:02:18] - |SHD| - [124796305832] - C:\Users\Steve\AppData\Local\Application Data
[15/05/2015 22:50:12] - |D| - [2844786] - C:\Users\Steve\AppData\Local\Apps
[02/06/2016 18:03:52] - |D| - [0] - C:\Users\Steve\AppData\Local\CEF
[14/10/2013 21:59:34] - |D| - [2094146] - C:\Users\Steve\AppData\Local\Citrix
[09/10/2015 11:55:50] - |D| - [30105680] - C:\Users\Steve\AppData\Local\Comms
[17/09/2016 15:09:09] - |D| - [2628900] - C:\Users\Steve\AppData\Local\ConnectedDevicesPlatform
[29/07/2017 03:50:18] - |D| - [0] - C:\Users\Steve\AppData\Local\DBG
[23/02/2011 17:46:05] - |D| - [12288] - C:\Users\Steve\AppData\Local\Dell
[01/03/2011 16:32:13] - |D| - [25412] - C:\Users\Steve\AppData\Local\Dell Edoc Viewer
[06/05/2011 10:37:39] - |D| - [1067475] - C:\Users\Steve\AppData\Local\Diagnostics
[29/01/2014 18:53:17] - |D| - [970240] - C:\Users\Steve\AppData\Local\e-academy Inc
[15/01/2013 23:26:36] - |D| - [0] - C:\Users\Steve\AppData\Local\ElevatedDiagnostics
[14/03/2015 10:06:21] - |SHD| - [0] - C:\Users\Steve\AppData\Local\EmieBrowserModeList
[09/05/2015 15:23:31] - |A| - [149128] - C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
[15/05/2016 07:54:36] - |D| - [41486] - C:\Users\Steve\AppData\Local\GetNZB
[04/10/2012 20:09:58] - |D| - [124594924] - C:\Users\Steve\AppData\Local\Google
[26/07/2017 06:02:18] - |SHD| - [130] - C:\Users\Steve\AppData\Local\History
[02/08/2017 18:41:49] - |AH| - [153517] - C:\Users\Steve\AppData\Local\IconCache.db
[10/03/2017 18:31:57] - |D| - [2818] - C:\Users\Steve\AppData\Local\IsolatedStorage
[13/11/2015 19:15:49] - |D| - [13301631] - C:\Users\Steve\AppData\Local\LogMeIn Rescue Applet
[14/06/2012 06:58:52] - |D| - [0] - C:\Users\Steve\AppData\Local\Macromedia
[26/07/2017 06:02:18] - |D| - [821122552] - C:\Users\Steve\AppData\Local\Microsoft
[23/02/2011 19:22:35] - |D| - [276216] - C:\Users\Steve\AppData\Local\Microsoft Games
[30/01/2012 19:41:56] - |D| - [0] - C:\Users\Steve\AppData\Local\Microsoft Help
[03/10/2015 12:48:41] - |D| - [79107] - C:\Users\Steve\AppData\Local\MicrosoftEdge
[23/02/2011 18:56:38] - |D| - [155163776] - C:\Users\Steve\AppData\Local\Mozilla
[12/09/2015 15:33:57] - |D| - [24387089] - C:\Users\Steve\AppData\Local\MusicBrainz
[24/03/2012 18:27:24] - |D| - [125145] - C:\Users\Steve\AppData\Local\Nero
[24/03/2012 18:27:32] - |D| - [2354] - C:\Users\Steve\AppData\Local\Nero_AG
[28/07/2017 00:50:52] - |D| - [0] - C:\Users\Steve\AppData\Local\NetworkTiles
[17/03/2011 15:12:25] - |D| - [94046] - C:\Users\Steve\AppData\Local\NewSoft
[03/10/2015 21:45:29] - |D| - [3408] - C:\Users\Steve\AppData\Local\NVIDIA
[03/10/2015 12:09:27] - |D| - [296494038] - C:\Users\Steve\AppData\Local\Packages
[09/05/2015 11:23:20] - |D| - [1186348] - C:\Users\Steve\AppData\Local\PrivaZer
[09/09/2013 20:28:10] - |D| - [130878455] - C:\Users\Steve\AppData\Local\Programs
[03/10/2015 12:10:06] - |D| - [0] - C:\Users\Steve\AppData\Local\Publishers
[03/10/2015 00:02:56] - |D| - [294] - C:\Users\Steve\AppData\Local\Razer
[03/10/2015 00:02:54] - |D| - [864] - C:\Users\Steve\AppData\Local\Razer_Inc
[27/03/2011 09:27:49] - |D| - [4341760] - C:\Users\Steve\AppData\Local\SoftGrid Client
[23/02/2011 17:40:16] - |D| - [20916] - C:\Users\Steve\AppData\Local\SoftThinks
[29/07/2017 03:32:30] - |D| - [10173007] - C:\Users\Steve\AppData\Local\Temp
[26/07/2017 06:02:18] - |SHD| - [476532] - C:\Users\Steve\AppData\Local\Temporary Internet Files
[03/10/2015 12:09:24] - |D| - [15425536] - C:\Users\Steve\AppData\Local\TileDataLayer
[23/07/2017 03:34:18] - |D| - [0] - C:\Users\Steve\AppData\Local\UNP
[23/02/2011 17:45:05] - |D| - [9135238734] - C:\Users\Steve\AppData\Local\VirtualStore
[27/02/2011 08:06:16] - |D| - [118784] - C:\Users\Steve\AppData\Local\Windows Live
[27/02/2011 08:05:51] - |D| - [651503] - C:\Users\Steve\AppData\Local\Windows Live Writer
[24/07/2017 17:42:46] - |D| - [64619142] - C:\Users\Steve\AppData\Local\Zemana
[23/07/2017 22:45:21] - |D| - [556201] - C:\Users\Steve\AppData\Local\ZHP
[25/07/2017 18:07:11] - |AD| - [6419843] - C:\Users\Steve\AppData\LocalLow\Adblock Plus for IE
[01/03/2011 19:11:08] - |D| - [1447552] - C:\Users\Steve\AppData\LocalLow\Adobe
[02/12/2014 14:35:54] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieBrowserModeList
[21/05/2014 09:09:36] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieSiteList
[02/06/2014 12:02:53] - |SHD| - [0] - C:\Users\Steve\AppData\LocalLow\EmieUserList
[23/02/2011 17:40:29] - |SD| - [1808677] - C:\Users\Steve\AppData\LocalLow\Microsoft
[27/11/2016 14:58:13] - |D| - [0] - C:\Users\Steve\AppData\LocalLow\Mozilla
[15/12/2015 21:50:36] - |D| - [22876160] - C:\Users\Steve\AppData\LocalLow\Oracle
[23/02/2011 18:52:04] - |D| - [29144977] - C:\Users\Steve\AppData\LocalLow\Sun
[23/02/2011 17:46:03] - |D| - [302604787] - C:\Users\Steve\AppData\Roaming\Adobe
[04/05/2014 17:03:29] - |D| - [1256826] - C:\Users\Steve\AppData\Roaming\AdobeMuse
[25/07/2017 18:38:07] - |D| - [1527] - C:\Users\Steve\AppData\Roaming\AIMP
[05/09/2015 10:36:56] - |D| - [234760] - C:\Users\Steve\AppData\Roaming\AVS4YOU
[07/09/2015 18:50:52] - |D| - [1800] - C:\Users\Steve\AppData\Roaming\Canneverbe Limited
[26/10/2013 14:47:37] - |D| - [0] - C:\Users\Steve\AppData\Roaming\chc
[12/05/2013 01:56:10] - |D| - [66646] - C:\Users\Steve\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[06/05/2016 20:50:31] - |D| - [0] - C:\Users\Steve\AppData\Roaming\com.adobe.AdobeMuseCC.2015.1
[25/09/2013 19:49:35] - |D| - [35160] - C:\Users\Steve\AppData\Roaming\com.adobe.dmp.contentviewer
[14/02/2013 18:21:33] - |D| - [16513] - C:\Users\Steve\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[04/05/2013 14:01:59] - |D| - [111797036] - C:\Users\Steve\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[23/02/2011 17:45:32] - |D| - [4183] - C:\Users\Steve\AppData\Roaming\Dell
[23/02/2011 17:45:24] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Dell Touch Zone
[04/12/2012 18:03:37] - |D| - [7196] - C:\Users\Steve\AppData\Roaming\e-academy Inc
[17/03/2011 21:08:07] - |D| - [4150] - C:\Users\Steve\AppData\Roaming\EyeballChatAvatars
[16/10/2012 21:41:09] - |D| - [23737] - C:\Users\Steve\AppData\Roaming\FileZilla
[23/07/2017 11:25:27] - |D| - [16230] - C:\Users\Steve\AppData\Roaming\Geek Uninstaller
[21/07/2017 12:42:13] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Google
[12/01/2013 09:15:39] - |D| - [602] - C:\Users\Steve\AppData\Roaming\GrabIt
[25/07/2017 18:39:09] - |D| - [0] - C:\Users\Steve\AppData\Roaming\GRETECH
[23/02/2011 17:45:09] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Identities
[23/04/2011 19:24:06] - |D| - [0] - C:\Users\Steve\AppData\Roaming\InstallShield
[23/02/2011 17:45:25] - |D| - [306] - C:\Users\Steve\AppData\Roaming\Intel Corporation
[10/03/2017 18:30:21] - |D| - [14280494] - C:\Users\Steve\AppData\Roaming\Intuit
[23/02/2011 18:45:24] - |D| - [3727865] - C:\Users\Steve\AppData\Roaming\Macromedia
[23/02/2011 17:56:36] - |D| - [299] - C:\Users\Steve\AppData\Roaming\Macrovision
[25/08/2012 15:33:32] - |D| - [18043179] - C:\Users\Steve\AppData\Roaming\McAfee
[23/02/2011 17:40:16] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Media Center Programs
[26/07/2017 06:02:18] - |SD| - [110586983] - C:\Users\Steve\AppData\Roaming\Microsoft
[18/02/2014 21:10:01] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Microsoft Corporation
[15/08/2015 17:07:39] - |D| - [1505] - C:\Users\Steve\AppData\Roaming\Motorola
[15/08/2015 17:09:51] - |D| - [174] - C:\Users\Steve\AppData\Roaming\Motorola Mobility
[23/02/2011 18:46:57] - |D| - [57761878] - C:\Users\Steve\AppData\Roaming\Mozilla
[12/09/2015 15:33:57] - |D| - [17127] - C:\Users\Steve\AppData\Roaming\MusicBrainz
[03/03/2017 11:51:25] - |D| - [11190795] - C:\Users\Steve\AppData\Roaming\NCH Software
[11/03/2011 18:48:33] - |D| - [2226] - C:\Users\Steve\AppData\Roaming\NCH Swift Sound
[17/03/2012 20:54:07] - |D| - [262978] - C:\Users\Steve\AppData\Roaming\Nero
[11/10/2012 19:12:14] - |AD| - [2360259] - C:\Users\Steve\AppData\Roaming\Notepad++
[15/05/2016 20:24:38] - |D| - [2771885] - C:\Users\Steve\AppData\Roaming\NVIDIA
[30/07/2017 04:43:18] - |D| - [3285915] - C:\Users\Steve\AppData\Roaming\PCDr
[14/02/2013 18:50:40] - |D| - [0] - C:\Users\Steve\AppData\Roaming\PDAppFlex
[24/04/2012 21:06:35] - |D| - [236663] - C:\Users\Steve\AppData\Roaming\Quark
[11/03/2011 18:49:01] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Recordpad
[23/02/2011 17:45:26] - |D| - [111472597] - C:\Users\Steve\AppData\Roaming\Roxio
[23/02/2011 18:41:12] - |D| - [25483884] - C:\Users\Steve\AppData\Roaming\Roxio Log Files
[03/10/2015 00:21:10] - |D| - [2815882] - C:\Users\Steve\AppData\Roaming\Skype
[27/03/2011 09:27:49] - |D| - [926418] - C:\Users\Steve\AppData\Roaming\SoftGrid Client
[15/09/2013 18:31:08] - |D| - [0] - C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[15/12/2015 21:51:49] - |D| - [0] - C:\Users\Steve\AppData\Roaming\Sun
[25/08/2012 11:47:37] - |D| - [387] - C:\Users\Steve\AppData\Roaming\TechCheck
[27/03/2011 09:27:14] - |D| - [0] - C:\Users\Steve\AppData\Roaming\TP
[11/12/2012 20:31:25] - |D| - [44262895] - C:\Users\Steve\AppData\Roaming\UseNeXT
[27/02/2011 08:05:51] - |D| - [295] - C:\Users\Steve\AppData\Roaming\Windows Live Writer
[25/02/2011 20:01:45] - |D| - [12] - C:\Users\Steve\AppData\Roaming\WinRAR
[23/07/2017 22:45:21] - |D| - [9095075] - C:\Users\Steve\AppData\Roaming\ZHP
[23/02/2011 17:45:15] - |ASH| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[17/09/2016 04:25:05] - |RD| - [49246] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[26/07/2017 06:02:18] - |RD| - [3888] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[26/07/2017 06:02:18] - |RD| - [4237] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[23/02/2011 17:45:15] - |RD| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[05/09/2015 14:19:29] - |D| - [1045] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[26/07/2017 06:46:15] - |ASH| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[13/11/2015 19:15:50] - |A| - [2336] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel Security.lnk
[25/02/2011 09:39:48] - |D| - [981] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer
[13/11/2015 19:21:24] - |A| - [2411] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LogMeIn Rescue.lnk
[26/07/2017 06:02:18] - |D| - [170] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[01/02/2016 12:36:18] - |A| - [2336] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
[03/03/2017 11:49:46] - |A| - [2379] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
[03/10/2015 12:13:29] - |A| - [2409] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
[25/07/2017 18:36:14] - |A| - [1394] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
[09/05/2015 11:23:30] - |D| - [3955] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivaZer
[17/06/2011 10:22:26] - |D| - [2334] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuarkXPress Passport
[23/02/2011 17:45:15] - |RD| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[26/07/2017 06:02:18] - |RD| - [3496] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[03/10/2015 14:31:33] - |D| - [3778] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[26/07/2017 06:02:18] - |RD| - [7238] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[19/03/2016 22:08:37] - |D| - [4337] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[23/02/2011 17:45:15] - |A| - [174] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[13/02/2014 10:00:30] - |A| - [0] - C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

---------- | C:\ProgramData

[17/02/2011 01:43:10] - |D| - [2205812079] - C:\ProgramData\Adobe
[25/07/2017 18:36:52] - |D| - [38307184] - C:\ProgramData\Apple Computer
[26/07/2017 06:44:53] - |SHD| - [81276435378] - C:\ProgramData\Application Data
[05/09/2015 10:36:58] - |D| - [0] - C:\ProgramData\AVS4YOU
[19/03/2012 06:53:28] - |D| - [4194316] - C:\ProgramData\boost_interprocess
[07/09/2015 18:51:00] - |D| - [0] - C:\ProgramData\Canneverbe Limited
[17/02/2011 01:46:16] - |D| - [136] - C:\ProgramData\Creative
[17/02/2011 01:48:00] - |D| - [51311130] - C:\ProgramData\Dell
[26/07/2017 06:44:53] - |SHD| - [35996] - C:\ProgramData\Desktop
[26/07/2017 06:44:53] - |SHD| - [278] - C:\ProgramData\Documents
[26/07/2017 06:44:53] - |SHD| - [0] - C:\ProgramData\Favorites
[17/02/2011 01:46:10] - |D| - [28892] - C:\ProgramData\FLEXnet
[01/05/2016 18:16:27] - |D| - [384] - C:\ProgramData\Intel Security
[10/03/2017 18:27:37] - |D| - [49026316] - C:\ProgramData\Intuit
[10/07/2012 21:13:08] - |D| - [3932731] - C:\ProgramData\LGMOBILEAX
[10/04/2012 07:00:00] - |D| - [1701] - C:\ProgramData\Macromedia
[17/02/2011 01:56:03] - |D| - [3264865] - C:\ProgramData\Macrovision
[15/04/2015 12:18:07] - |D| - [372992784] - C:\ProgramData\Malwarebytes
[25/06/2016 11:45:43] - |D| - [20133368] - C:\ProgramData\Malwarebytes Anti-Exploit
[17/02/2011 01:53:07] - |D| - [1632449743] - C:\ProgramData\McAfee
[18/03/2017 17:03:29] - |SD| - [1894589770] - C:\ProgramData\Microsoft
[30/01/2012 19:41:56] - |D| - [318890] - C:\ProgramData\Microsoft Help
[26/07/2017 06:49:04] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[25/03/2014 17:05:49] - |D| - [0] - C:\ProgramData\Microsoft Visual Studio
[02/08/2017 18:46:36] - |A| - [159] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[09/05/2015 15:21:04] - |D| - [46043136] - C:\ProgramData\MicroWorld
[15/08/2015 17:09:53] - |D| - [68610] - C:\ProgramData\Motorola
[02/05/2012 19:55:50] - |D| - [38065] - C:\ProgramData\Mozilla
[03/03/2017 11:49:40] - |D| - [78708] - C:\ProgramData\NCH Software
[11/03/2011 18:48:40] - |D| - [0] - C:\ProgramData\NCH Swift Sound
[19/03/2016 12:23:54] - |D| - [2530441] - C:\ProgramData\Nero
[17/03/2011 15:05:03] - |D| - [2680] - C:\ProgramData\Newsoft
[26/07/2017 05:59:55] - |D| - [2649076] - C:\ProgramData\NVIDIA
[26/07/2017 05:59:35] - |D| - [3646643] - C:\ProgramData\NVIDIA Corporation
[10/11/2013 17:55:46] - |D| - [84018950] - C:\ProgramData\Oracle
[03/07/2017 21:26:33] - |D| - [5443744] - C:\ProgramData\PC-Doctor for Windows
[24/12/2016 17:35:05] - |D| - [0] - C:\ProgramData\PC-Doctor, Inc
[29/07/2017 03:41:59] - |D| - [102416094] - C:\ProgramData\PCDr
[22/06/2014 03:18:34] - |D| - [552130] - C:\ProgramData\PreEmptive Solutions
[09/05/2015 11:23:20] - |D| - [71] - C:\ProgramData\privazer
[17/06/2011 10:16:08] - |D| - [4096] - C:\ProgramData\Quark
[02/10/2015 23:44:35] - |D| - [327187266] - C:\ProgramData\Razer
[14/02/2013 18:47:09] - |D| - [17036] - C:\ProgramData\regid.1986-12.com.adobe
[18/03/2017 17:03:29] - |AD| - [7422] - C:\ProgramData\regid.1991-06.com.microsoft
[23/07/2017 20:09:36] - |D| - [1530361] - C:\ProgramData\RogueKiller
[17/02/2011 01:56:27] - |D| - [19628] - C:\ProgramData\Roxio
[03/10/2015 00:20:32] - |D| - [130363392] - C:\ProgramData\Skype
[17/02/2011 01:57:07] - |D| - [101974] - C:\ProgramData\Sonic
[26/07/2017 06:44:53] - |SHD| - [361843] - C:\ProgramData\Start Menu
[29/07/2017 03:41:58] - |D| - [4876159] - C:\ProgramData\SupportAssist
[17/02/2011 01:47:38] - |D| - [36864] - C:\ProgramData\Temp
[26/07/2017 06:44:53] - |SHD| - [0] - C:\ProgramData\Templates
[17/02/2011 01:58:05] - |D| - [4746336] - C:\ProgramData\Uninstall
[18/03/2017 17:03:29] - |D| - [11845] - C:\ProgramData\USOPrivate
[26/07/2017 06:07:02] - |D| - [593920] - C:\ProgramData\USOShared
[27/03/2011 11:38:29] - |D| - [0] - C:\ProgramData\VirtualizedApplications
[22/06/2014 03:03:29] - |D| - [20662619] - C:\ProgramData\VS
[18/03/2017 22:31:25] - |D| - [0] - C:\ProgramData\WindowsHolographicDevices

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[25/07/2017 18:09:04] - |A| - [1998] - C:\ProgramData\Microsoft\Windows\Start Menu\Avant Browser.lnk
[18/03/2017 17:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[17/02/2011 01:48:23] - |A| - [2074] - C:\ProgramData\Microsoft\Windows\Start Menu\PhotoStage.lnk
[18/03/2017 17:03:29] - |RD| - [357597] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[24/01/2016 01:46:17] - |A| - [2458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[18/03/2017 17:03:29] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
[18/03/2017 17:03:29] - |RD| - [18359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[14/05/2016 10:34:55] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
[18/03/2017 17:03:29] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[11/05/2013 13:03:12] - |D| - [14374] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[06/05/2016 20:41:08] - |A| - [2469] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
[06/05/2016 20:41:09] - |A| - [2116] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
[11/05/2013 13:15:26] - |A| - [1196] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
[06/05/2016 21:00:57] - |A| - [1120] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Audition CC 2015.lnk
[09/04/2012 08:25:43] - |A| - [1101] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS3.lnk
[14/02/2013 18:45:05] - |A| - [1039] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[14/02/2013 18:44:32] - |A| - [1175] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[05/10/2013 11:35:44] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[22/09/2016 18:52:00] - |A| - [1228] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[09/04/2012 08:26:45] - |A| - [1194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS3.lnk
[24/01/2016 14:12:03] - |A| - [2263] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 4.5.lnk
[14/02/2013 18:21:31] - |A| - [1045] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[06/05/2016 21:09:13] - |A| - [1111] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
[09/04/2012 08:30:10] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS3.lnk
[11/05/2013 09:40:00] - |A| - [1237] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CS6.lnk
[09/04/2012 08:26:53] - |A| - [1405] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk
[14/02/2013 18:42:18] - |A| - [1525] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[09/04/2012 08:27:17] - |A| - [1207] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS3.lnk
[14/02/2013 18:42:23] - |A| - [1359] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[11/05/2013 10:00:43] - |A| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Fireworks CS6.lnk
[11/05/2013 09:36:30] - |A| - [999] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[06/05/2016 20:57:16] - |A| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk
[11/05/2013 10:44:18] - |A| - [1520] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6 (64 Bit).lnk
[11/05/2013 10:45:18] - |A| - [1656] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS6.lnk
[01/10/1999 07:56:15] - |A| - [2071] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS.lnk
[06/05/2016 21:52:46] - |A| - [1049] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InCopy CC 2015.lnk
[06/05/2016 20:00:15] - |A| - [1075] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk
[11/05/2013 12:03:24] - |A| - [1201] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CS6.lnk
[06/05/2016 21:20:04] - |A| - [1031] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk
[06/05/2016 21:41:42] - |A| - [1165] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2015.lnk
[11/05/2013 11:59:44] - |A| - [1092] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS6.lnk
[06/05/2016 20:50:32] - |A| - [1031] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Muse CC 2015.lnk
[06/05/2016 19:28:28] - |A| - [1087] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
[01/10/1999 07:56:15] - |A| - [2064] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS.lnk
[14/02/2013 18:47:04] - |A| - [1077] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[14/02/2013 18:46:07] - |A| - [1213] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[06/05/2016 21:32:02] - |A| - [1153] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2015.lnk
[11/05/2013 09:35:55] - |A| - [1099] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[25/07/2017 18:38:10] - |D| - [4055] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP
[11/10/2012 21:08:35] - |D| - [6497] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aspell
[25/07/2017 18:38:25] - |A| - [1094] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[25/07/2017 18:09:04] - |D| - [5194] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avant Browser
[05/09/2015 14:19:01] - |D| - [5784] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[24/07/2017 17:01:30] - |D| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[03/03/2017 12:03:11] - |A| - [1735] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[17/02/2011 01:46:27] - |D| - [4415] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[17/02/2011 01:44:56] - |D| - [8499] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[23/02/2011 17:40:32] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Help Documentation.lnk
[17/02/2011 01:48:01] - |D| - [4150] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Stage
[18/03/2017 17:03:33] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[16/03/2012 23:22:47] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Decrypter
[24/01/2016 01:46:17] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[03/03/2017 11:49:40] - |A| - [1281] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk
[25/07/2017 18:38:32] - |A| - [1188] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
[14/07/2009 01:32:38] - |RD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[15/05/2016 07:54:35] - |D| - [1072] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GetNZB
[27/08/2014 12:30:46] - |A| - [2350] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[17/05/2013 17:00:22] - |D| - [7546] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[12/01/2013 09:11:45] - |D| - [4079] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt
[18/03/2017 16:59:54] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
[17/02/2011 01:41:59] - |RD| - [1624] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[29/07/2017 03:38:24] - |D| - [6626] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[18/03/2017 17:03:29] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[25/07/2017 16:42:24] - |D| - [4042] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[13/02/2016 19:47:21] - |D| - [4428] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[18/02/2013 08:54:29] - |D| - [13682] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[24/01/2016 01:46:17] - |D| - [5109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
[29/08/2012 10:45:28] - |A| - [2543] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint Viewer .lnk
[12/05/2012 03:01:58] - |D| - [2340] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[18/02/2014 14:13:57] - |D| - [1338] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[22/06/2014 03:03:36] - |D| - [868] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[29/01/2014 21:41:41] - |D| - [3727] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
[18/02/2014 14:16:48] - |D| - [134] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[18/02/2014 13:57:26] - |D| - [47036] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[18/03/2017 16:57:42] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
[30/04/2011 09:00:21] - |A| - [1007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[12/09/2015 15:33:13] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBrainz Picard.lnk
[03/03/2017 11:49:40] - |A| - [2171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Suite.lnk
[29/08/2016 22:34:23] - |D| - [3494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Genie
[25/07/2017 16:39:48] - |D| - [885] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[23/12/2016 10:34:49] - |D| - [4998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[24/01/2016 01:46:17] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[24/01/2016 01:46:17] - |A| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
[25/07/2017 18:36:36] - |A| - [968] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pale Moon.lnk
[24/01/2016 01:46:17] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[18/03/2017 16:58:04] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
[09/05/2015 11:23:30] - |A| - [1903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivaZer.lnk
[24/01/2016 01:46:17] - |A| - [2445] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[17/03/2012 11:46:58] - |D| - [4089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RapidShare Manager
[02/10/2015 23:55:59] - |D| - [1967] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[17/02/2011 01:57:17] - |D| - [2164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio Creator Starter
[25/07/2017 18:36:55] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[25/07/2017 16:39:32] - |D| - [2139] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[23/04/2011 19:25:07] - |D| - [129] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony Picture Utility
[18/03/2017 17:03:29] - |RD| - [1102] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[18/03/2017 17:03:29] - |RD| - [1458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
[25/02/2011 09:32:53] - |D| - [6562] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Print Shop
[10/03/2017 18:29:10] - |D| - [2547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
[11/12/2012 20:31:16] - |D| - [1881] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UseNeXT
[16/01/2016 18:11:06] - |D| - [2681] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Wireless Software Upgrade Assistant - Motorola
[25/07/2017 18:37:56] - |A| - [965] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
[22/06/2014 03:03:44] - |D| - [2248] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[17/02/2011 01:52:01] - |RD| - [4582] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[17/02/2011 01:51:45] - |A| - [2488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[17/02/2011 01:52:00] - |A| - [1307] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[17/02/2011 01:51:57] - |A| - [1376] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[26/07/2017 06:21:01] - |A| - [1519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[19/03/2016 22:08:37] - |D| - [4265] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[25/07/2017 16:39:58] - |A| - [1148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
[24/01/2016 01:46:17] - |A| - [2495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[26/07/2017 07:00:31] - |D| - [1241] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
[25/07/2017 16:26:51] - |D| - [1942] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[18/03/2017 17:03:33] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
[29/08/2016 22:34:23] - |A| - [928] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Genie.lnk

---------- | C:\Program Files (x86)

[17/02/2011 01:43:09] - |AD| - [6897593251] - C:\Program Files (x86)\Adobe
[14/02/2013 18:21:31] - |AD| - [3054581] - C:\Program Files (x86)\Adobe Download Assistant
[21/02/2016 21:15:55] - |D| - [1264] - C:\Program Files (x86)\Adware Removal Tool by TSA
[17/03/2012 06:57:06] - |D| - [2034] - C:\Program Files (x86)\Aimersoft
[25/07/2017 18:38:06] - |D| - [41502744] - C:\Program Files (x86)\AIMP
[11/10/2012 21:06:57] - |D| - [7577844] - C:\Program Files (x86)\Aspell
[25/07/2017 18:38:19] - |AD| - [65600375] - C:\Program Files (x86)\Audacity
[25/07/2017 18:09:00] - |AD| - [15407522] - C:\Program Files (x86)\Avant Browser
[05/09/2015 10:36:08] - |D| - [24288909] - C:\Program Files (x86)\AVS4YOU
[25/02/2011 09:32:30] - |D| - [1242637663] - C:\Program Files (x86)\Broderbund
[19/03/2016 10:51:53] - |AD| - [19770345] - C:\Program Files (x86)\CDBurnerXP
[18/03/2017 17:03:28] - |D| - [3512058400] - C:\Program Files (x86)\Common Files
[17/02/2011 01:46:24] - |D| - [5412596] - C:\Program Files (x86)\Creative
[17/02/2011 01:47:51] - |D| - [100531287] - C:\Program Files (x86)\Dell
[16/02/2017 19:28:41] - |AD| - [10108978] - C:\Program Files (x86)\Dell Customer Connect
[17/02/2011 01:48:15] - |D| - [48474866] - C:\Program Files (x86)\Dell Stage
[02/03/2011 19:53:35] - |D| - [291] - C:\Program Files (x86)\Dell Touch Software Suite
[21/07/2017 11:57:30] - |AD| - [2410327] - C:\Program Files (x86)\Dell Update
[18/03/2017 17:03:33] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[25/07/2017 18:38:29] - |AD| - [10689714] - C:\Program Files (x86)\foobar2000
[15/05/2016 07:54:33] - |AD| - [44530621] - C:\Program Files (x86)\GetNZB
[04/10/2012 20:10:01] - |D| - [525595999] - C:\Program Files (x86)\Google
[12/01/2013 09:11:44] - |AD| - [7763102] - C:\Program Files (x86)\GrabIt
[25/07/2017 18:39:03] - |D| - [102344636] - C:\Program Files (x86)\GRETECH
[18/02/2014 13:57:26] - |AD| - [217744] - C:\Program Files (x86)\HTML Help Workshop
[18/02/2014 14:12:09] - |D| - [762806] - C:\Program Files (x86)\IIS
[17/02/2011 01:40:06] - |HD| - [105986607] - C:\Program Files (x86)\InstallShield Installation Information
[17/02/2011 01:40:06] - |D| - [1747837] - C:\Program Files (x86)\Intel
[18/03/2017 17:03:28] - |D| - [2642764] - C:\Program Files (x86)\Internet Explorer
[02/06/2015 07:44:40] - |D| - [8673282] - C:\Program Files (x86)\LG Electronics
[01/05/2016 17:46:55] - |D| - [4404167] - C:\Program Files (x86)\LogMeIn Rescue RC - 29fe62a4-8e94-4e6b-8edc-3dac8b4aaf7d
[26/04/2011 14:49:59] - |D| - [44177749] - C:\Program Files (x86)\McAfee
[13/10/2012 05:56:41] - |D| - [102916319] - C:\Program Files (x86)\Microsoft Analysis Services
[18/02/2014 14:12:13] - |D| - [1361193] - C:\Program Files (x86)\Microsoft ASP.NET
[18/02/2014 13:57:26] - |AD| - [13921187] - C:\Program Files (x86)\Microsoft F#
[17/02/2011 01:47:29] - |AD| - [2487182867] - C:\Program Files (x86)\Microsoft Office
[29/01/2014 21:35:37] - |D| - [672406449] - C:\Program Files (x86)\Microsoft SDKs
[12/05/2012 03:01:10] - |AD| - [42892246] - C:\Program Files (x86)\Microsoft Silverlight
[29/01/2014 21:37:58] - |AD| - [47167096] - C:\Program Files (x86)\Microsoft SQL Server
[17/02/2011 01:51:55] - |AD| - [7523635] - C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[29/01/2014 21:37:45] - |D| - [610104] - C:\Program Files (x86)\Microsoft Synchronization Services
[29/01/2014 21:36:10] - |AD| - [2187322630] - C:\Program Files (x86)\Microsoft Visual Studio 10.0
[29/01/2014 21:43:04] - |AD| - [416343] - C:\Program Files (x86)\Microsoft Visual Studio 9.0
[18/03/2017 17:03:28] - |D| - [8816199] - C:\Program Files (x86)\Microsoft.NET
[15/08/2015 17:09:42] - |D| - [233595] - C:\Program Files (x86)\Motorola
[15/08/2015 17:09:42] - |AD| - [38552595] - C:\Program Files (x86)\Motorola Mobility
[19/11/2016 13:04:58] - |AD| - [93297041] - C:\Program Files (x86)\Mozilla Firefox
[02/05/2012 19:55:50] - |D| - [306679] - C:\Program Files (x86)\Mozilla Maintenance Service
[26/07/2017 09:29:12] - |AD| - [4263062] - C:\Program Files (x86)\MSBuild
[29/08/2012 10:44:51] - |D| - [66395929] - C:\Program Files (x86)\MSECache
[15/08/2015 17:09:35] - |AD| - [154033] - C:\Program Files (x86)\MSXML 4.0
[12/09/2015 15:33:09] - |D| - [33049789] - C:\Program Files (x86)\MusicBrainz Picard
[06/05/2016 21:00:25] - |D| - [0] - C:\Program Files (x86)\My Company Name
[03/03/2017 11:49:39] - |D| - [2866720] - C:\Program Files (x86)\NCH Software
[17/03/2012 20:42:46] - |AD| - [1824747] - C:\Program Files (x86)\Nero
[29/08/2016 22:34:23] - |D| - [35353359] - C:\Program Files (x86)\NETGEAR
[15/05/2015 22:57:48] - |D| - [244902383] - C:\Program Files (x86)\NVIDIA Corporation
[09/05/2015 11:23:20] - |AD| - [20282199] - C:\Program Files (x86)\PrivaZer
[17/06/2011 10:15:47] - |D| - [81535044] - C:\Program Files (x86)\Quark
[17/03/2012 11:46:55] - |AD| - [15228475] - C:\Program Files (x86)\RapidShareManager
[02/10/2015 23:44:31] - |AD| - [282424270] - C:\Program Files (x86)\Razer
[15/05/2015 23:03:13] - |D| - [21135568] - C:\Program Files (x86)\Realtek
[26/07/2017 09:29:12] - |D| - [387624459] - C:\Program Files (x86)\Reference Assemblies
[17/02/2011 01:56:03] - |AD| - [139794537] - C:\Program Files (x86)\Roxio
[25/07/2017 18:36:52] - |AD| - [107588802] - C:\Program Files (x86)\Safari
[25/07/2017 16:39:31] - |RD| - [90056045] - C:\Program Files (x86)\Skype
[24/12/2016 07:31:07] - |HD| - [0] - C:\Program Files (x86)\Temp
[10/03/2017 18:27:51] - |D| - [330241115] - C:\Program Files (x86)\TurboTax
[26/07/2017 05:59:47] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[11/12/2012 20:31:14] - |AD| - [10275581] - C:\Program Files (x86)\UseNeXT
[25/02/2011 09:39:47] - |D| - [123749] - C:\Program Files (x86)\Web Publish
[18/03/2017 17:03:28] - |D| - [1982400] - C:\Program Files (x86)\Windows Defender
[17/02/2011 01:51:35] - |AD| - [153536314] - C:\Program Files (x86)\Windows Live
[18/03/2017 17:03:28] - |D| - [5924864] - C:\Program Files (x86)\Windows Mail
[18/03/2017 22:30:02] - |D| - [3243161] - C:\Program Files (x86)\Windows Media Player
[18/03/2017 17:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Multimedia Platform
[18/03/2017 17:03:28] - |D| - [7450818] - C:\Program Files (x86)\Windows NT
[18/03/2017 17:03:28] - |D| - [5358912] - C:\Program Files (x86)\Windows Photo Viewer
[18/03/2017 17:03:28] - |D| - [42960] - C:\Program Files (x86)\Windows Portable Devices
[18/03/2017 17:03:28] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
[18/03/2017 17:03:28] - |D| - [3075066] - C:\Program Files (x86)\WindowsPowerShell
[14/09/2012 21:08:38] - |AD| - [32988638] - C:\Program Files (x86)\WinSCP
[24/07/2017 17:43:54] - |AD| - [18430346] - C:\Program Files (x86)\Zemana AntiMalware
[25/07/2017 16:26:51] - |AD| - [7240109] - C:\Program Files (x86)\ZHPFix

---------- | C:\Program Files

[25/07/2017 18:07:10] - |AD| - [7343690] - C:\Program Files\Adblock Plus for IE
[14/02/2013 18:44:59] - |AD| - [15838385118] - C:\Program Files\Adobe
[24/07/2017 17:01:29] - |AD| - [21409616] - C:\Program Files\CCleaner
[25/07/2017 16:37:50] - |D| - [21705723] - C:\Program Files\CDBurnerXP
[18/03/2017 17:03:28] - |D| - [1541133129] - C:\Program Files\Common Files
[11/02/2015 20:49:07] - |AD| - [347541581] - C:\Program Files\Dell
[17/02/2011 01:39:02] - |D| - [1533801] - C:\Program Files\Dell Inc
[17/02/2011 01:59:29] - |D| - [12589] - C:\Program Files\dell stage
[03/07/2017 21:26:27] - |D| - [22224764] - C:\Program Files\Dell Support Center
[18/03/2017 17:03:33] - |ASH| - [174] - C:\Program Files\desktop.ini
[14/07/2009 01:32:38] - |D| - [0] - C:\Program Files\DVD Maker
[18/02/2014 14:12:09] - |D| - [2472343] - C:\Program Files\IIS
[18/03/2017 17:03:28] - |D| - [2643703] - C:\Program Files\Internet Explorer
[29/07/2017 03:37:56] - |D| - [187650141] - C:\Program Files\Java
[25/07/2017 16:42:18] - |D| - [209729044] - C:\Program Files\Malwarebytes
[01/05/2016 18:15:21] - |AD| - [221589551] - C:\Program Files\McAfee
[01/05/2016 18:15:21] - |D| - [3638754] - C:\Program Files\McAfee.com
[14/07/2009 01:32:38] - |D| - [184] - C:\Program Files\Microsoft Games
[29/01/2014 21:35:37] - |D| - [68120314] - C:\Program Files\Microsoft Help Viewer
[27/03/2011 09:27:21] - |D| - [17068590] - C:\Program Files\Microsoft Office
[24/01/2016 01:41:45] - |D| - [8836480] - C:\Program Files\Microsoft Office 15
[12/05/2012 03:01:10] - |AD| - [55725526] - C:\Program Files\Microsoft Silverlight
[29/01/2014 21:41:06] - |AD| - [1330619174] - C:\Program Files\Microsoft SQL Server
[29/01/2014 21:37:50] - |AD| - [4421503] - C:\Program Files\Microsoft SQL Server Compact Edition
[18/02/2014 14:16:38] - |D| - [4603442] - C:\Program Files\Microsoft Sync Framework
[29/01/2014 21:37:50] - |D| - [343335] - C:\Program Files\Microsoft Synchronization Services
[29/01/2014 21:35:37] - |D| - [1616966] - C:\Program Files\Microsoft Visual Studio 10.0
[29/01/2014 21:42:58] - |D| - [7674] - C:\Program Files\Microsoft Visual Studio 9.0
[02/10/2015 23:36:41] - |D| - [546664] - C:\Program Files\Microsoft.NET
[15/08/2015 17:08:44] - |D| - [8366] - C:\Program Files\Motorola Mobility LLC
[25/07/2017 18:35:49] - |AD| - [106443300] - C:\Program Files\Mozilla Firefox
[26/07/2017 09:29:12] - |AD| - [44479] - C:\Program Files\MSBuild
[25/07/2017 16:39:44] - |D| - [7514639] - C:\Program Files\Notepad++
[26/07/2017 05:59:26] - |D| - [936532159] - C:\Program Files\NVIDIA Corporation
[25/07/2017 18:36:35] - |AD| - [93561115] - C:\Program Files\Pale Moon
[26/07/2017 05:59:57] - |D| - [15235680] - C:\Program Files\Realtek
[12/09/2015 17:58:00] - |AD| - [10892600] - C:\Program Files\Recuva
[26/07/2017 09:29:12] - |D| - [45899158] - C:\Program Files\Reference Assemblies
[23/02/2011 18:41:56] - |AD| - [987616] - C:\Program Files\Roxio
[30/07/2015 17:52:28] - |HD| - [0] - C:\Program Files\Uninstall Information
[21/07/2017 12:11:41] - |AD| - [6432951] - C:\Program Files\UNP
[25/07/2017 18:37:40] - |AD| - [161946548] - C:\Program Files\Waterfox
[18/03/2017 17:03:28] - |RD| - [16284110] - C:\Program Files\Windows Defender
[17/02/2011 01:51:12] - |D| - [7709639] - C:\Program Files\Windows Live
[18/03/2017 17:03:28] - |D| - [6145536] - C:\Program Files\Windows Mail
[18/03/2017 22:30:02] - |D| - [4763837] - C:\Program Files\Windows Media Player
[18/03/2017 17:03:28] - |D| - [49688] - C:\Program Files\Windows Multimedia Platform
[18/03/2017 17:03:28] - |D| - [7717058] - C:\Program Files\Windows NT
[18/03/2017 17:03:28] - |D| - [6162752] - C:\Program Files\Windows Photo Viewer
[18/03/2017 17:03:28] - |D| - [49696] - C:\Program Files\Windows Portable Devices
[18/03/2017 17:03:28] - |D| - [95352] - C:\Program Files\Windows Security
[18/03/2017 17:03:28] - |SHD| - [0] - C:\Program Files\Windows Sidebar
[18/03/2017 17:03:28] - |HD| - [2944368363] - C:\Program Files\WindowsApps
[18/03/2017 17:03:28] - |D| - [3323870] - C:\Program Files\WindowsPowerShell
[19/03/2016 22:08:24] - |AD| - [6013669] - C:\Program Files\WinRAR

---------- | C:\Program Files (x86)\Common Files

[17/02/2011 01:43:09] - |AD| - [2284149866] - C:\Program Files (x86)\Common Files\Adobe
[14/02/2013 18:21:29] - |AD| - [28735915] - C:\Program Files (x86)\Common Files\Adobe AIR
[01/09/1999 07:29:16] - |D| - [68096] - C:\Program Files (x86)\Common Files\Adobe Systems Shared
[05/09/2015 10:36:11] - |D| - [147726722] - C:\Program Files (x86)\Common Files\AVSMedia
[25/02/2011 09:32:28] - |D| - [72830515] - C:\Program Files (x86)\Common Files\Broderbund
[27/03/2011 09:27:21] - |AD| - [123224] - C:\Program Files (x86)\Common Files\DESIGNER
[17/03/2011 15:01:57] - |D| - [28672] - C:\Program Files (x86)\Common Files\DSC303
[17/02/2011 01:44:57] - |D| - [11786971] - C:\Program Files (x86)\Common Files\InstallShield
[10/03/2017 18:28:20] - |AD| - [115058079] - C:\Program Files (x86)\Common Files\Intuit
[29/07/2017 03:38:46] - |D| - [1942088] - C:\Program Files (x86)\Common Files\Java
[17/02/2011 01:46:04] - |D| - [1045622] - C:\Program Files (x86)\Common Files\Macrovision Shared
[17/02/2011 01:53:09] - |D| - [8772318] - C:\Program Files (x86)\Common Files\mcafee
[18/02/2014 13:57:26] - |AD| - [30030176] - C:\Program Files (x86)\Common Files\Merge Modules
[18/03/2017 17:03:28] - |AD| - [432629379] - C:\Program Files (x86)\Common Files\Microsoft Shared
[16/01/2016 18:11:05] - |D| - [707584] - C:\Program Files (x86)\Common Files\MSSoap
[17/02/2011 01:56:18] - |AD| - [4506416] - C:\Program Files (x86)\Common Files\PX Storage Engine
[17/02/2011 01:55:59] - |AD| - [82576006] - C:\Program Files (x86)\Common Files\Roxio Shared
[18/03/2017 17:03:28] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[25/07/2017 16:39:32] - |AD| - [2574296] - C:\Program Files (x86)\Common Files\Skype
[17/02/2011 01:56:19] - |AD| - [1479374] - C:\Program Files (x86)\Common Files\Sonic Shared
[26/07/2017 06:09:42] - |D| - [41095079] - C:\Program Files (x86)\Common Files\SpeechEngines
[17/02/2011 01:57:31] - |AD| - [732768] - C:\Program Files (x86)\Common Files\SureThing Shared
[18/03/2017 17:03:28] - |D| - [9902379] - C:\Program Files (x86)\Common Files\System
[17/02/2011 01:48:34] - |D| - [233554153] - C:\Program Files (x86)\Common Files\Windows Live

---------- | C:\Program Files\Common files

[14/02/2013 18:40:42] - |D| - [536955122] - C:\Program Files\Common files\Adobe
[01/05/2016 18:15:01] - |D| - [4149329] - C:\Program Files\Common files\AV
[01/05/2016 18:15:09] - |D| - [20640598] - C:\Program Files\Common files\Intel Security
[01/05/2016 18:12:19] - |D| - [799236690] - C:\Program Files\Common files\McAfee
[18/03/2017 17:03:28] - |AD| - [163940390] - C:\Program Files\Common files\microsoft shared
[15/08/2015 17:08:43] - |D| - [5335071] - C:\Program Files\Common files\Motorola Shared
[18/03/2017 17:03:28] - |D| - [2702] - C:\Program Files\Common files\Services
[26/07/2017 06:09:31] - |D| - [599040] - C:\Program Files\Common files\SpeechEngines
[18/03/2017 17:03:28] - |D| - [10274187] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [26/07/2017 06:34:24] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
[MD5.0DE5E566750F8A394D155275F577B574] - [26/07/2017 06:34:21] - |A| - [2220] - C:\WINDOWS\System32\Tasks\CCleanerSkipUAC : "C:\Program Files\CCleaner\CCleaner.exe"
[MD5.D04D2BB4B8DDD39736AC4F6E8C0C5CF1] - [26/07/2017 06:34:21] - |A| - [2590] - C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask : C:\WINDOWS\Explorer.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:21] - |D| - [0] - C:\WINDOWS\System32\Tasks\Event Viewer Tasks
[MD5.C644064EC7A695D945E86CFBA53B9F44] - [26/07/2017 06:34:21] - |A| - [3120] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.B3CDC7D9043D7B724D620CE0761FF975] - [26/07/2017 06:34:21] - |A| - [3344] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
[MD5.257F08CE924A1594DBAABBED2115EA1E] - [26/07/2017 06:34:21] - |A| - [4034] - C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse : C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe
[MD5.61F4601EB8FEEAF995F69A072B075DD4] - [26/07/2017 06:34:21] - |A| - [4222] - C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse : C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:21] - |D| - [4544] - C:\WINDOWS\System32\Tasks\McAfee
[MD5.6A9DCEA5A4B3D1E7CB7D63D964B2D167] - [26/07/2017 06:34:21] - |A| - [2382] - C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare) : C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe
[MD5.7A7BD72C5599AA88240E119D9F59CCA5] - [26/07/2017 06:34:21] - |A| - [2470] - C:\WINDOWS\System32\Tasks\McAfeeLogon : C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
[MD5.00000000000000000000000000000000] - [18/03/2017 17:03:29] - |D| - [563750] - C:\WINDOWS\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Software
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\NCH Swift Sound
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [0] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.BC6896DEB29DA2BFF71E469CA81CCA1C] - [26/07/2017 06:34:24] - |A| - [3576] - C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1501022171 : C:\Users\Steve\AppData\Local\Programs\Opera\launcher.exe
[MD5.256A98468C0BBB973444A5F26F6E142F] - [26/07/2017 06:34:24] - |A| - [4154] - C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BF02009D-C843-4079-8428-ABBD8A451EAB} : C:\WINDOWS\system32\msfeedssync.exe
[MD5.00000000000000000000000000000000] - [26/07/2017 06:34:24] - |D| - [3852] - C:\WINDOWS\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [18/03/2017 17:03:29] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"WCF-NetTcpActivator-In-TCP-64bit"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=808|Svc=NetTcpActivator|Name=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2000|Desc=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2001|EmbedCtxt=@%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelEvents.dll,-2002|
"IIS-WebServerRole-HTTPS-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=443|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30502|Desc=@%windir%\system32\inetsrv\iisres.dll,-30512|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30503|
"IIS-WebServerRole-HTTP-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=80|App=System|Name=@%windir%\system32\inetsrv\iisres.dll,-30500|Desc=@%windir%\system32\inetsrv\iisres.dll,-30510|EmbedCtxt=@%windir%\system32\inetsrv\iisres.dll,-30501|
"MDNS-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"MDNS-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
"WirelessDisplay-Infra-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
"WirelessDisplay-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD

A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
"Netlogon-TCP-RPC-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
"Netlogon-NamedPipe-In"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"DeliveryOptimization-UDP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"DeliveryOptimization-TCP-In"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
"WiFiDirect-KM-Driver-Out-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|App=System|Name=@wlansvc.dll,-37381|Desc=@wlansvc.dll,-37893|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-UDP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=System|Name=@wlansvc.dll,-37380|Desc=@wlansvc.dll,-37892|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-Out-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|App=System|Name=@wlansvc.dll,-37379|Desc=@wlansvc.dll,-37891|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"WiFiDirect-KM-Driver-In-TCP"=v2.27|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=System|Name=@wlansvc.dll,-37378|Desc=@wlansvc.dll,-37890|EmbedCtxt=@wlansvc.dll,-36865|TTK2_27=WFDKmDriver|
"Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
"Wininit-Shutdown-In-Rule-TCP-RPC"=v2.27|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|

---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{146bf252-9f25-4209-a6dd-c45a1180abc4}] : (AndroidUsbDeviceClass) [] -> @oem89.inf,%ClassName%;Android Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem97.inf,%ClassName%;Android Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4fc9541c-0fe6-4480-a4f6-9495a0d17cd2}] : (HidLineDisplay) [] -> @c_linedisplay.inf,%ClassName%;POS Line Display
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5aea001d-9372-4ed7-97f3-b79bf15a53c5}] : (OposLegacyDevice) [] -> @oposdrv.inf,%ClassName%;OPOS Legacy Device
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{645ad99b-1344-4316-837a-08a3e73db222}] : (PerceptionSimulation) [] -> @PerceptionSimulationSixDof.inf,%ClassName%;Perception Simulation Controllers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{87ef9ad1-8f70-49ee-b215-ab1fcadcbe3c}] : (NetDriver) [] -> @c_netdriver.inf,%ClassDesc%;Universal Network Drivers
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] ->
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b6a945de-134c-4279-9a66-61a63c6f0dc5}] : (Network Infrastructure Devices) [] -> @oem31.inf,%ClassName%;Network Infrastructure Devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d612553d-06b1-49ca-8938-e39ef80eb16f}] : (Holographic) [] -> @c_holographic.inf,%ClassName%;Mixed Reality devices
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem8.inf,%ClassName%;ADB Interface
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{feb8d079-0681-11d4-9531-0060089abc08}] : (MOTUSB) [] -> @oem64.inf,%MotDev.ClassName%;Motorola USB Device
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[02/05/2017 11:07:48] - (15.6.0.2180) - (McAfee, Inc. - McAfee Link Driver) - C:\WINDOWS\system32\drivers\mfehidk.sys
[17/02/2011 01:56:39] - (3.1.1.0) - (Corel Corporation - Px Engine Device Driver for 64-bit (x86-64) Windows) - C:\WINDOWS\System32\Drivers\PxHlpa64.sys
[29/08/2016 22:34:23] - (1.0.0.12) - (SerComm Corporation - Customize NDIS User mode I/O Driver) - C:\WINDOWS\system32\DRIVERS\scmndisp.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - Anti-Virus Mini-Firewall Driver) - C:\WINDOWS\system32\drivers\mfewfpk.sys
[24/07/2017 17:43:56] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zamguard64.sys
[24/07/2017 17:43:56] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\WINDOWS\System32\drivers\zam64.sys
[25/07/2017 16:42:22] - (0.0.0.0) - ( -) - C:\WINDOWS\system32\drivers\mbae64.sys
[09/12/2016 12:45:46] - (21.21.13.4201) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 342.01) - C:\WINDOWS\system32\DRIVERS\nvlddmkm.sys
[11/04/2017 10:01:43] - (1.4.2.0) - (Dell Inc. - DDDriver.sys) - C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
[11/04/2017 10:01:43] - (3.0.1.4) - (Dell Computer Corporation - DellProf.sys) - C:\WINDOWS\system32\drivers\DellProf.sys
[09/12/2016 12:39:04] - (1.3.30.1) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - McAfee Arbitrary Access Control Driver) - C:\WINDOWS\system32\drivers\mfeaack.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - Anti-Virus File System Filter Driver) - C:\WINDOWS\system32\drivers\mfeavfk.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - McAfee Core Firewall Engine Driver) - C:\WINDOWS\system32\drivers\mfefirek.sys
[07/04/2017 02:42:02] - (1.5.0.2580) - (McAfee, Inc. - Event Driver) - C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
[20/01/2017 10:07:50] - (15.6.0.2180) - (McAfee, Inc. - AAC Protected Launch Plugin Driver) - C:\WINDOWS\system32\drivers\mfeplk.sys
[03/10/2015 12:12:36] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - IEEE-1284.4-1999 Driver) - C:\WINDOWS\system32\DRIVERS\Dot4.sys
[03/10/2015 12:12:36] - (8.0.0.67) - (Windows (R) Win 7 DDK provider - IEEE-1284.4 Print Class Driver) - C:\WINDOWS\System32\drivers\Dot4Prt.sys
[13/08/2015 11:19:08] - (1.0.38.0) - (Razer Inc - Razer RzEndPt) - C:\WINDOWS\System32\drivers\rzdaendpt.sys
[03/10/2015 12:14:26] - (1.0.39.1) - (Razer Inc - Razer Rzudd Engine) - C:\WINDOWS\System32\drivers\rzudd.sys
[13/08/2015 11:19:08] - (1.0.38.0) - (Razer Inc - Razer Keyboard Device) - C:\WINDOWS\System32\drivers\rzvkeyboard.sys
[02/10/2015 23:58:47] - (1.0.2.6230) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpmgrk.sys
[02/10/2015 23:58:59] - (1.0.12.6087) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpnk.sys
[27/07/2017 16:37:00] - (1.0.0.115) - (McAfee, Inc. - McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
[29/01/2016 07:01:56] - (15.6.0.2180) - (McAfee, Inc. - McAfee Personal Firewall IDS Plugin) - C:\WINDOWS\system32\drivers\cfwids.sys

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - Disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - EhStorTcgDrv (@ehstortcgdrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-101) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - mfeelamk (McAfee Inc. mfeelamk) -> system32\drivers\mfeelamk.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - mfehidk (McAfee Inc. mfehidk) -> system32\drivers\mfehidk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mfewfpk (McAfee Inc. mfewfpk) -> system32\drivers\mfewfpk.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - PxHlpa64 (PxHlpa64) -> System32\Drivers\PxHlpa64.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - SCMNdisP (@oem94.inf,%SCMNDISP_Desc%;General NDIS Protocol Driver) -> system32\DRIVERS\scmndisp.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\drivers\tcpip.sys,-10001) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ESProtectionDriver (Malwarebytes Anti-Exploit) -> \??\C:\WINDOWS\system32\drivers\mbae64.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\WINDOWS\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\WINDOWS\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
S2 - [File System Driver] - CldFlt (Windows Cloud Files Filter Driver) -> system32\drivers\cldflt.sys - AcceptPause: False - AcceptStop: False
R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - MBAMChameleon (MBAMChameleon) -> \SystemRoot\system32\drivers\MBAMChameleon.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rzpmgrk (rzpmgrk) -> \??\C:\Windows\system32\drivers\rzpmgrk.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - rzpnk (rzpnk) -> \??\C:\Windows\system32\drivers\rzpnk.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
R2 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: True
R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True

---------- | System files (Microsoft|Avast|Atheros|Adaptec|Brother|Intel Files whitelisted)

[MD5.2038824260EFDFFA6F78D9BEF767622D] - [17/03/2011 15:01:56] - (.Copyright (C) 2001-2003 - Bulk IO Test Driver.) - [10.79 Ko] - (1.2.0.0) - C:\WINDOWS\Syswow64\Drivers\Bulk536.sys
[MD5.48FED7D4EF20020BC6020200256CB8B3] - [17/03/2011 15:01:56] - (.Copyright (C) 2001-2003 Digital Camera - Digital Camera Driver.) - [502.79 Ko] - (2.2.0.5) - C:\WINDOWS\Syswow64\Drivers\Ca536av.sys

---------- | Uninstall

[HKU\S-1-5-21-3518905376-1918425772-3662548586-1001\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Opera 46.0.2597.57] : (Opera Stable 46.0.2597.57.-.Opera Software) -> "C:\Users\Steve\AppData\Local\Programs\Opera\Launcher.exe" /uninstall
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Branding] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Dell Support Center] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 54.0.1 (x64 en-US)] : (Mozilla Firefox 54.0.1 (x64 en-US).-.Mozilla) -> "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Notepad++] : (Notepad++ (64-bit x64).-.Notepad++ Team) -> C:\Program Files\Notepad++\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Pale Moon 27.4.0 (x64 en-US)] : (Pale Moon 27.4.0 (x64 en-US).-.Moonchild Productions) -> "C:\Program Files\Pale Moon\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PC-Doctor for Windows] : (Dell SupportAssist.-.Dell) -> C:\Program Files\Dell\SupportAssist\uninstaller.exe /arp
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Recuva] : (Recuva.-.Piriform) -> "C:\Program Files\Recuva\uninst.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Waterfox 54.0.1 (x64 en-US)] : (Waterfox 54.0.1 (x64 en-US).-.Waterfox Ltd) -> "C:\Program Files\Waterfox\uninstall\helper.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.40 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0090A87C-3E0E-43D4-AA71-A71B06563A4A}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180144F0}] : (Java 8 Update 144 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180144F0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}] : (Motorola Mobile Drivers Installation 6.4.0.-.Motorola Mobility LLC) -> MsiExec.exe /X{27986EDD-C9EC-4B52-B92F-06D073F0AA52}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.1.2.1733.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}] : (Roxio File Backup.-.Roxio) -> MsiExec.exe /I{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1] : (CDBurnerXP.-.CDBurnerXP) -> "C:\Program Files\CDBurnerXP\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{90881C8E-6C4F-4662-9923-85AFCA058C44}] : (Dell SupportAssistAgent.-.Dell) -> MsiExec.exe /X{90881C8E-6C4F-4662-9923-85AFCA058C44}
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}] : (RBVirtualFolder64Inst.-.Roxio, Inc.) -> MsiExec.exe /I{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA 3D Vision Driver 342.01.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 342.01.-.NVIDIA Corporation) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 342.01.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA 3D Vision Controller Driver 270.57.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.NVIRUSB
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.17.0524.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 10.4.0.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Update
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA HD Audio Driver 1.3.30.1.-.NVIDIA Corporation) -> "C:\WINDOWS\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}] : (.-.) ->
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}] : (Dell Update - SupportAssist Update Plugin.-.Dell Inc.) -> MsiExec.exe /I{EEA45885-F3E3-4E7D-8435-E9C21D36C141}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}] : (Shared C Run-time for x64.-.McAfee) -> MsiExec.exe /I{EF79C448-6946-4D71-8134-03407888C054}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F6FCA281-09CC-4753-990C-937B93A52C94}] : (Adblock Plus for IE (32-bit and 64-bit).-.Eyeo GmbH) -> MsiExec.exe /X{F6FCA281-09CC-4753-990C-937B93A52C94}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\6103-4188-8184-5707] : (RapidShare Manager 2.-.RapidShare AG) -> C:\Program Files (x86)\RapidShareManager\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe AIR] : (Adobe AIR.-.Adobe Systems Incorporated) -> c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Creative Cloud] : (Adobe Creative Cloud.-.Adobe Systems Incorporated) -> "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Digital Editions 4.5] : (Adobe Digital Editions 4.5.-.Adobe Systems Incorporated) -> "C:\Program Files (x86)\Adobe\Adobe Digital Editions 4.5\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 26 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AdobeMuse] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe_7328fdfcb73660ec8b11d5a3d5c6232] : (Adobe Dreamweaver CS3.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AIMP] : (AIMP.-.AIMP DevTeam) -> C:\Program Files (x86)\AIMP\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Aspell English Dictionary_is1] : (Aspell English Dictionary-0.50-2.-.GNU) -> "C:\Program Files (x86)\Aspell\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.3.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AvantBrowser] : (Avant Browser (remove only).-.Avant Force) -> "C:\Program Files (x86)\Avant Browser\uninst.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AVS Audio Converter_is1] : (AVS Audio Converter version 7.-.Online Media Technologies Ltd.) -> "C:\Program Files (x86)\AVS4YOU\AVSAudioConverter\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1] : (Adobe Help Manager.-.Adobe Systems Incorporated) -> msiexec /qb /x {AF37176A-78CA-545B-34EF-8B6A21514DD1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\com.adobe.dmp.contentviewer] : (Adobe® Content Viewer.-.Adobe Systems Incorporated) -> msiexec /qb /x {92094051-CDDB-D9BA-426C-975526525429}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\com.adobe.downloadassistant.AdobeDownloadAssistant] : (Adobe Download Assistant.-.Adobe Systems Incorporated) -> msiexec /qb /x {5E21B617-F52E-BB10-92F9-C8AB2C799A8A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\com.adobe.WidgetBrowser] : (Adobe Widget Browser.-.Adobe Systems Incorporated.) -> msiexec /qb /x {EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ExpressBurn] : (Express Burn Disc Burning Software.-.NCH Software) -> "C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe" -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\foobar2000] : (foobar2000 v1.3.16.-.Peter Pawlowski) -> "C:\Program Files (x86)\foobar2000\uninstall.exe" _?=C:\Program Files (x86)\foobar2000
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GetNZB_is1] : (GetNZB version 1.401.-.) -> "C:\Program Files (x86)\GetNZB\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GNU Aspell_is1] : (GNU Aspell 0.50-3.-.GNU) -> "C:\Program Files (x86)\Aspell\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GOM Player] : (GOM Player.-.GOM & Company) -> "C:\Program Files (x86)\GRETECH\GOMPlayer\Uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.78\Installer\setup.exe" --uninstall --system-level
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\GrabIt_is1] : (GrabIt 1.7.2 Beta 6 (build 1008).-.Ilan Shemes) -> "C:\Program Files (x86)\GrabIt\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ILST_19_2_1] : (Adobe Illustrator CC 2015.-.Adobe Systems Incorporated) -> "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HDCore\Uninstaller.exe" --uninstall=1 --sapCode=ILST --productVersion=19.2.1 --productAdobeCode={ILST-19.2.1-ADBEADBEADBEADBEADBEADBE} --productName="Adobe Illustrator CC 2015" --mode=2
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Intel® Integrated Performance Primitives 1.1] : (.-.) -> C:\Windows\IsUninst.exe -fC:\Windows\system32\UninstIPP.isu
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\McAfee Virtual Technician] : (McAfee Virtual Technician.-.McAfee, Inc.) -> C:\Program Files (x86)\McAfee\Supportability\MVT\MVTInstaller.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 54.0.1 (x86 en-US)] : (Mozilla Firefox 54.0.1 (x86 en-US).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MSC] : (McAfee AntiVirus Plus.-.McAfee, Inc.) -> C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MusicBrainz Picard] : (MusicBrainz Picard.-.MusicBrainz) -> C:\Program Files (x86)\MusicBrainz Picard\uninst.exe
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIA StereoUSB Driver] : (NVIDIA 3D Vision Controller Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{714B9C6C-70FC-4750-98E2-61520B906C45}\setup.exe" -runfromtemp -l0x0009 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PrivaZer] : (PrivaZer.-.Goversoft LLC) -> C:\Program Files (x86)\PrivaZer\privazer_remover.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Shockwave] : (Shockwave.-.) -> C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\INSTALL.LOG
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\THX TruStudio PC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\THXAudioCP] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9 /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TurboTax 2015] : (TurboTax 2015.-.Intuit, Inc) -> C:\Program Files (x86)\TurboTax\Deluxe 2015\Installer\TurboTax 2015 Installer.exe /u /t /a
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\UseNeXT by Tangysoft_is1] : (UseNeXT by Tangysoft.-.Tangysoft Ltd.) -> "C:\Program Files (x86)\UseNeXT\unins001.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\winscp3_is1] : (WinSCP 5.9.6.-.Martin Prikryl) -> "C:\Program Files (x86)\WinSCP\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ZHPFix_is1] : (ZHPFix 2015.-.Nicolas Coolman) -> "C:\Program Files (x86)\ZHPFix\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}] : (Nero 2016 Content Pack.-.Nero AG) -> MsiExec.exe /I{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{010A785B-F920-4350-821B-6309909C20BB}] : (THX TruStudio PC.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{010A785B-F920-4350-821B-6309909C20BB}\setup.exe" -l0x9 /remove
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{04AF207D-9A77-465A-8B76-991F6AB66245}] : (Adobe Help Viewer CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{05C6B128-1B40-4495-9CB9-090B368BFA0A}] : (Nero Video Samples.-.Nero AG) -> MsiExec.exe /X{05C6B128-1B40-4495-9CB9-090B368BFA0A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0650BB10-BCF4-400A-85EE-04097E3046C6}] : (Adobe Setup.-.Adobe Systems Incorporated) -> MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08B32819-6EEF-4057-AEDA-5AB681A36A23}] : (Adobe Bridge Start Meeting.-.Adobe Systems Incorporated) -> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}] : (TurboTax 2015 WinPerFedFormset.-.Intuit Inc.) -> MsiExec.exe /I{08D0C864-211B-4095-8C3E-2D2CAB64CDA9}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{08D2E121-7F6A-43EB-97FD-629B44903403}] : (Microsoft_VC90_CRT_x86.-.Adobe) -> MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0A46A65D-89AC-464C-8026-3CD44960BD04}] : (Realtek USB Audio.-.Realtek Semiconductor Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{0A46A65D-89AC-464C-8026-3CD44960BD04}\Setup.exe" -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}] : (Razer Synapse.-.Razer Inc.) -> MsiExec.exe /I{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0FAC7130-BEC5-47A5-8813-1D339B8326ED}] : (Adobe Media Encoder CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{0FAC7130-BEC5-47A5-8813-1D339B8326ED}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{150D88F1-40AF-4678-A39D-BCE2332F34E5}] : (Nero Abstract Themes.-.Nero AG) -> MsiExec.exe /X{150D88F1-40AF-4678-A39D-BCE2332F34E5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{185F9795-9663-4F13-9EF9-307A282ADB5A}] : (ph.-.Your Company Name) -> MsiExec.exe /I{185F9795-9663-4F13-9EF9-307A282ADB5A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A3ADB5A-2491-4F7A-BD6D-5F8C9B4714B0}] : (Digital Camera3.0M.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1A3ADB5A-2491-4F7A-BD6D-5F8C9B4714B0}\Setup.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1AA5BD63-6614-44B2-88A7-605191EDB835}] : (Dotfuscator Software Services - Community Edition.-.PreEmptive Solutions) -> MsiExec.exe /X{1AA5BD63-6614-44B2-88A7-605191EDB835}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1B6F5E51-575E-4693-BCA2-7543570D076D}] : (Nero Kwik Themes Basic.-.Nero AG) -> MsiExec.exe /X{1B6F5E51-575E-4693-BCA2-7543570D076D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}] : (Nero Video Transitions 1.-.Nero AG) -> MsiExec.exe /X{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217065FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216024FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216026FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216029FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217009FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217011FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217021FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217051FB}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83217055FB}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}] : (Nero Cliparts.-.Nero AG) -> MsiExec.exe /X{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{29F67D84-3A70-456E-806A-52301B02070B}] : (Nero Effects Basic.-.Nero AG) -> MsiExec.exe /X{29F67D84-3A70-456E-806A-52301B02070B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}] : (bl.-.Your Company Name) -> MsiExec.exe /I{2A075BB4-E976-4278-BF3F-E5C6945D84C0}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3250260C-7A95-4632-893B-89657EB5545B}] : (PhotoShowExpress.-.Sonic Solutions) -> MsiExec.exe /I{3250260C-7A95-4632-893B-89657EB5545B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}] : (McAfee WebAdvisor.-.McAfee, Inc.) -> C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{38C72D42-0672-43B1-9E05-E7631684F9A1}] : (Adobe Premiere Pro CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{38C72D42-0672-43B1-9E05-E7631684F9A1}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{39EA6AA6-F891-4D70-867D-839DA49948D2}] : (Adobe Shockwave Player 12.2.-.Adobe Systems, Inc) -> MsiExec.exe /X{39EA6AA6-F891-4D70-867D-839DA49948D2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}] : (Skype™ 7.38.-.Skype Technologies S.A.) -> MsiExec.exe /X{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3DD1FE66-5536-41E3-B786-70068887B3F4}] : (The Print Shop 12.-.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3DD1FE66-5536-41E3-B786-70068887B3F4}\setup.exe" anything
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}] : (Dell MusicStage.-.Fingertapps) -> MsiExec.exe /X{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4817D846-700B-474E-A31B-80892B3E92E3}] : (Adobe After Effects CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{4817D846-700B-474E-A31B-80892B3E92E3}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4869414E-7AEA-4C8E-BE1C-8D40977FD517}] : (Adobe Illustrator CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{4869414E-7AEA-4C8E-BE1C-8D40977FD517}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4D25D881-7183-462F-95C8-990CA1944E0B}] : (Nero PiP Effects 1.-.Nero AG) -> MsiExec.exe /X{4D25D881-7183-462F-95C8-990CA1944E0B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}] : (Nero Holiday and Sports Themes.-.Nero AG) -> MsiExec.exe /X{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{51C91B84-7B46-4FE7-8999-8228CFA75F89}] : (Intel(R) Integrated Performance Primitives RTI 4.0.-.Intel Corporation) -> MsiExec.exe /X{51C91B84-7B46-4FE7-8999-8228CFA75F89}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}] : (Roxio BackOnTrack.-.Roxio) -> MsiExec.exe /I{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}] : (Adobe Download Assistant.-.Adobe Systems Incorporated) -> MsiExec.exe /I{5E21B617-F52E-BB10-92F9-C8AB2C799A8A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}] : (Prerequisite installer.-.Nero AG) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}] : (Nero Update.-.Nero AG) -> MsiExec.exe /X{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}] : (Roxio Express Labeler 3.-.Roxio) -> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}] : (Roxio Creator Starter.-.Roxio) -> C:\ProgramData\Uninstall\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}\setup.exe /x {6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC} {lang}=ENU
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}] : (Adobe Asset Services CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6FF818ED-865F-4C55-A073-DD6C9CE7B6A8}] : (TurboTax 2015 wrapper.-.Intuit Inc.) -> MsiExec.exe /I{6FF818ED-865F-4C55-A073-DD6C9CE7B6A8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{709316AD-161C-4D5C-9AE7-0B3A822DA271}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}] : (Adobe Photoshop CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{793C2BF7-A4FE-4608-91C9-9282C5801C21}] : (Adobe Photoshop CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{793C2BF7-A4FE-4608-91C9-9282C5801C21}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}] : (Nero Football (Soccer) Themes.-.Nero AG) -> MsiExec.exe /X{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}] : (Adobe Dreamweaver CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1] : (CDBurnerXP.-.CDBurnerXP) -> "C:\Program Files (x86)\CDBurnerXP\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}] : (Adobe Lightroom.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}] : (Adobe Audition CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{839A3566-AED6-4787-A849-5CBE2B1DC6AE}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}] : (Nero Retro Film Themes.-.Nero AG) -> MsiExec.exe /X{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver For Windows 7.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{895D0391-459F-4D45-B8DD-13F0DE70C66E}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}] : (Nero Platinum Effects 12.-.Nero AG) -> MsiExec.exe /X{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}] : (Adobe AIR.-.Adobe Systems Incorporated) -> MsiExec.exe /I{8C9AA2C1-D07A-48E8-9DD8-471A072947F4}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}] : (Adobe Device Central CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}] : (Adobe Type Support.-.Adobe Systems Incorporated) -> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiMalware\unins000.exe"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{90176341-0A8B-4CCC-A78D-F862228A6B95}] : (Adobe Anchor Service CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92094051-CDDB-D9BA-426C-975526525429}] : (Adobe® Content Viewer.-.Adobe Systems Incorporated) -> MsiExec.exe /I{92094051-CDDB-D9BA-426C-975526525429}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}] : (Microsoft_VC80_CRT_x86.-.Adobe) -> MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{955BF340-C379-4375-AA2F-F3BCB2A498AB}] : (Nero Family and Events Themes.-.Nero AG) -> MsiExec.exe /X{955BF340-C379-4375-AA2F-F3BCB2A498AB}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}] : (Sonic CinePlayer Decoder Pack.-.Sonic Solutions) -> MsiExec.exe /I{9A00EC4E-27E1-42C4-98DD-662F32AC8870}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9B0619A0-D501-11E5-B16B-FB3EC5F53981}] : (Adobe Muse CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{9B0619A0-D501-11E5-B16B-FB3EC5F53981}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9BEDD987-AC68-44D2-8803-EC0650F6C43F}] : (Verizon Wireless Software Upgrade Assistant for Motorola.-.Motorola Mobility) -> "C:\Program Files (x86)\InstallShield Installation Information\{9BEDD987-AC68-44D2-8803-EC0650F6C43F}\setup.exe" -runfromtemp -l0x0409 -removeonly
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9C9824D9-9000-4373-A6A5-D0E5D4831394}] : (Adobe Bridge CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{9EF1DB49-6D32-1014-93B7-EB62FA572532}] : (Adobe InCopy CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{9EF1DB49-6D32-1014-93B7-EB62FA572532}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A121EEDE-C68F-461D-91AA-D48BA226AF1C}] : (Roxio Activation Module.-.Roxio) -> MsiExec.exe /I{A121EEDE-C68F-461D-91AA-D48BA226AF1C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}] : (Google Drive.-.Google, Inc.) -> MsiExec.exe /X{A1238426-ECDF-4639-BE2F-8D12A97AE23C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}] : (Adobe CMaps.-.Adobe Systems Incorporated) -> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}] : (Adobe Dreamweaver CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{A4ED5E53-7AA0-11E1-BF04-B2D4D4A5360E}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB43784D-1EE5-4111-95C8-918B25EFDC4B}] : (LG VZW United Drivers.-.LG Electronics) -> MsiExec.exe /X{AB43784D-1EE5-4111-95C8-918B25EFDC4B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}] : (Crystal Reports for Visual Studio.-.SAP) -> MsiExec.exe /I{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824166751}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824184103}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824191728}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824225037}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824225037}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-000000000006}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-1033-FFFF-7760-0C0F074E4100}] : (Adobe Acrobat DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-1033-FFFF-7760-0C0F074E4100}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AB0000000001}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ACE49D50-19CD-44A6-B192-46F985283B26}] : (Nero PiP Effects Basic.-.Nero AG) -> MsiExec.exe /X{ACE49D50-19CD-44A6-B192-46F985283B26}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF37176A-78CA-545B-34EF-8B6A21514DD1}] : (Adobe Help Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AF37176A-78CA-545B-34EF-8B6A21514DD1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}] : (DirectX 9 Runtime.-.Sonic Solutions) -> MsiExec.exe /I{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0119415-6743-4707-AB4D-1928F5E81FDD}] : (TurboTax 2015 WinPerReleaseEngine.-.Intuit Inc.) -> MsiExec.exe /I{B0119415-6743-4707-AB4D-1928F5E81FDD}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B0F1B758-60D6-41F7-93D9-212A448813FE}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}] : (Adobe Camera Raw 4.0.-.Adobe Systems Incorporated) -> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B48A745E-B79A-417F-8775-421EF44C92D1}] : (TurboTax 2015 WinPerFuegoContent.-.Intuit Inc.) -> MsiExec.exe /I{B48A745E-B79A-417F-8775-421EF44C92D1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}] : (Adobe Default Language CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}] : (Adobe Flash Professional CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{BD5669B5-49FF-4490-B956-E9D7CB9B0ADC}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BDC1955D-38D6-4747-8B0A-B2B7CFEA1E7D}] : (TurboTax 2015 WinPerTaxSupport.-.Intuit Inc.) -> MsiExec.exe /I{BDC1955D-38D6-4747-8B0A-B2B7CFEA1E7D}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BE5F3842-8309-4754-92D5-83E02E6077A3}] : (Adobe Extension Manager CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}] : (PDF Settings CS6.-.Adobe Systems Incorporated) -> MsiExec.exe /I{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2425F91-1F7B-4037-9A05-9F290184798D}] : (NETGEAR WNA3100 wireless USB 2.0 adapter.-.NETGEAR) -> "C:\Program Files (x86)\InstallShield Installation Information\{C2425F91-1F7B-4037-9A05-9F290184798D}\setup.exe" -runfromtemp -l0x0409 -removeonly -PanelRemove
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}] : (Adobe ExtendScript Toolkit 2.-.Adobe Systems Incorporated) -> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}] : (Nero Image Samples.-.Nero AG) -> MsiExec.exe /X{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C779648B-410E-4BBA-B75B-5815BCEFE71D}] : (Safari.-.Apple Inc.) -> MsiExec.exe /I{C779648B-410E-4BBA-B75B-5815BCEFE71D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C935F091-75FD-752B-B19D-6AAE0D24B05B}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}] : (Adobe Fireworks CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{CA7C485C-7A89-11E1-B2C8-CD54B377BC52}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CE675FBD-75C3-45F1-B6AF-8D250861D536}] : (Nero Disc Menus 3.-.Nero AG) -> MsiExec.exe /X{CE675FBD-75C3-45F1-B6AF-8D250861D536}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CFB770D7-8D43-1014-922B-CC2715FADE3F}] : (Adobe InDesign CS6.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{CFB770D7-8D43-1014-922B-CC2715FADE3F}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D0DFF92A-492E-4C40-B862-A74A173C25C5}] : (Adobe Version Cue CS3 Client.-.Adobe Systems Incorporated) -> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}] : (Adobe PDF Library Files.-.Adobe Systems Incorporated) -> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7269C20-B3CE-4CD0-8E88-3D307D3BD41A}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D7BC4B40-9339-48CE-8F01-4D6A734FAE10}] : (TurboTax 2015 wnyiper.-.Intuit Inc.) -> MsiExec.exe /I{D7BC4B40-9339-48CE-8F01-4D6A734FAE10}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DBFD0312-6E55-1014-8952-E78D43BC0147}] : (Adobe InDesign CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{DBFD0312-6E55-1014-8952-E78D43BC0147}"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DDCCBB78-8FFB-4FDE-912F-930E4D9FBC67}\setup.exe" -l0x9
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E040B65B-8683-4228-8C33-D44A141E40EA}] : (Secure Download Manager.-.Kivuto Solutions Inc.) -> MsiExec.exe /I{E040B65B-8683-4228-8C33-D44A141E40EA}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}] : (Nero Disc Menus Basic.-.Nero AG) -> MsiExec.exe /X{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E4335E82-17B3-460F-9E70-39D9BC269DB3}] : (Dell PhotoStage.-.ArcSoft) -> MsiExec.exe /I{E4335E82-17B3-460F-9E70-39D9BC269DB3}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E452F262-D655-45E3-9BDB-3E6AE19B83C5}] : (Notepad++.-.Notepad++ Team) -> MsiExec.exe /X{E452F262-D655-45E3-9BDB-3E6AE19B83C5}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E69AE897-9E0B-485C-8552-7841F48D42D8}] : (Adobe Update Manager CS3.-.Adobe Systems Incorporated) -> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}] : (Adobe Dreamweaver CC 2015.-.Adobe Systems Incorporated) -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}"
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EEBF1676-AF87-4266-93D8-0C14A34C4217}] : (Nero Disc Menus 1.-.Nero AG) -> MsiExec.exe /X{EEBF1676-AF87-4266-93D8-0C14A34C4217}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF56258E-0326-48C5-A86C-3BAC26FC15DF}] : (Roxio Creator Starter.-.Roxio) -> MsiExec.exe /I{EF56258E-0326-48C5-A86C-3BAC26FC15DF}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}] : (.-.) ->
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EF79C448-6946-4D71-8134-03407888C054}] : (.-.) ->
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}] : (Adobe Photoshop CS.-.Adobe Systems, Inc.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}] : (Adobe Widget Browser.-.Adobe Systems Incorporated.) -> MsiExec.exe /I{EFBE6DD5-B224-96E5-72B9-68D328CB12A6}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}] : (Roxio Creator Starter.-.Roxio) -> MsiExec.exe /I{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F47C37A4-7189-430A-B81D-739FF8A7A554}] : (Consumer In-Home Service Agreement.-.Dell Inc.) -> MsiExec.exe /I{F47C37A4-7189-430A-B81D-739FF8A7A554}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}] : (Intel(R) Control Center.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F933562A-45B5-4730-8A5E-0D282AA9866B}] : (Verizon Software Upgrade Assistant.-.Motorola Mobility) -> MsiExec.exe /I{F933562A-45B5-4730-8A5E-0D282AA9866B}
##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}] : (Nero Disc Menus 2.-.Nero AG) -> MsiExec.exe /X{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FF0B0792-F6E7-4627-B820-EA50617E223B}] : (QuarkXPress 6.1.-.Quark, Inc.) -> MsiExec.exe /I{FF0B0792-F6E7-4627-B820-EA50617E223B}

---------- | Ports

---------- | Installer

[HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00006109C80090400000000000F01FEC] : Office 16 Click-to-Run Localization Component
[HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration
[HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component
[HKCR\Installer\Products\01BB05604FCBA00458EE4090E703646C] : Adobe Setup
[HKCR\Installer\Products\043FB559973C5734AAF23FCB2B4A89BA] : Nero Family and Events Themes -> C:\WINDOWS\Installer\{955BF340-C379-4375-AA2F-F3BCB2A498AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\04B4CB7D9339EC84F810D4A637F4EA01] : TurboTax 2015 wnyiper
[HKCR\Installer\Products\05D94ECADC916A441B29649F5882B362] : Nero PiP Effects Basic -> C:\WINDOWS\Installer\{ACE49D50-19CD-44A6-B192-46F985283B26}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\09AB59D18F4FCE748A2844C1993DC0E1] : MSXML 4.0 SP3 Parser (KB2758694)
[HKCR\Installer\Products\13353B9B4E7BC5E4FBC4B78C876521D4] : Adobe Default Language CS3
[HKCR\Installer\Products\14367109B8A0CCC47AD88F2622A8B659] : Adobe Anchor Service CS3
[HKCR\Installer\Products\15049029BDDCAB9D24C6795562254592] : Adobe® Content Viewer
[HKCR\Installer\Products\15E5F6B1E5753964CB2A573475D070D6] : Nero Kwik Themes Basic -> C:\WINDOWS\Installer\{1B6F5E51-575E-4693-BCA2-7543570D076D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\182ACF6FCC90357499C039B7395AC249] : Adblock Plus for IE (32-bit and 64-bit) -> C:\WINDOWS\Installer\{F6FCA281-09CC-4753-990C-937B93A52C94}\program_icon
[HKCR\Installer\Products\18796D2C293F81145A7A7C9E3CD8FB2C] : Adobe ExtendScript Toolkit 2
[HKCR\Installer\Products\188D52D43817F264598C99C01A49E4B0] : Nero PiP Effects 1 -> C:\WINDOWS\Installer\{4D25D881-7183-462F-95C8-990CA1944E0B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1C2AA9C8A70D8E84D98D74A17092744F] : Adobe AIR
[HKCR\Installer\Products\1C79E9FA1347D6248A5DBA4E90590C1B] : DirectX 9 Runtime -> C:\Windows\Installer\{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\1DD3F5240B3BC2E498E095AA2DCEEED5] :
[HKCR\Installer\Products\1F764691F11C67F458B88521DA8CB349] : MSXML 4.0 SP3 Parser
[HKCR\Installer\Products\1F88D051FA0487643AD9CB2E33F2435E] : Nero Abstract Themes -> C:\WINDOWS\Installer\{150D88F1-40AF-4678-A39D-BCE2332F34E5}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2483F5EB90384574295D380EE206773A] : Adobe Extension Manager CS3
[HKCR\Installer\Products\262F254E556D3E54B9BDE3A61EB9385C] : Notepad++
[HKCR\Installer\Products\28E5334E3B71F064E907939DCB62D93B] : Dell PhotoStage -> C:\Windows\Installer\{E4335E82-17B3-460F-9E70-39D9BC269DB3}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\29F618052561C7A49BCB846F2847C2B4] : Messenger Companion -> C:\Windows\Installer\{50816F92-1652-4A7C-B9BC-48F682742C4B}\CompanionIcon
[HKCR\Installer\Products\2D4102660540DE73BAEA51C78821B7BE] : Visual Studio 2010 Prerequisites - English
[HKCR\Installer\Products\2E8086E8D316DCF4182AC6F88A0E3321] : Adobe Type Support
[HKCR\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C] : Razer Synapse -> C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\2F32C211630C04D4EB4DC04BB75F55C5] : Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU -> C:\Windows\Installer\{112C23F2-C036-4D40-BED4-0CB47BF5555C}\ProductIcon
[HKCR\Installer\Products\36DB5AA141662B44887A061519DE8B53] : Dotfuscator Software Services - Community Edition -> C:\Windows\Installer\{1AA5BD63-6614-44B2-88A7-605191EDB835}\DfIcon.ico
[HKCR\Installer\Products\375E4A382C2EBF64D96AA6B2BB5F5A88] : Nero Retro Film Themes -> C:\WINDOWS\Installer\{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\384482F5D8EEE744EBEBB21FB3804CFB] : Prerequisite installer -> C:\WINDOWS\Installer\{5F284483-EE8D-447E-BEBE-2BF13B08C4BF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3C29A53407D22EC40972BC8CAE0625CF] :
[HKCR\Installer\Products\3CB65822398FFBC4592F1E6FC32D1BBA] : Nero Video Transitions 1 -> C:\WINDOWS\Installer\{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\429D14CA86C85DB47A1AA04E71C6136A] : Crystal Reports for Visual Studio -> C:\Windows\Installer\{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}\CR.ico
[HKCR\Installer\Products\43688B8A09F7F2046BA6682479556F5A] : eBay -> c:\Windows\Installer\{A8B88634-7F90-402F-B66A-86429755F6A5}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\468C0D80B1125904C8E3D2C2BA46DC9A] : TurboTax 2015 WinPerFedFormset
[HKCR\Installer\Products\474AB2D8604F0174A94E4D2FD2120FDD] : Adobe Device Central CS3
[HKCR\Installer\Products\48D76F9207A3E65408A62503B12070B0] : Nero Effects Basic -> C:\WINDOWS\Installer\{29F67D84-3A70-456E-806A-52301B02070B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4A73C74F9817A0348BD137F98F7A5A45] : Consumer In-Home Service Agreement
[HKCR\Installer\Products\4BB570A2679E8724FBF35E6C49D5480C] : bl -> C:\WINDOWS\Installer\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110440F] : Java 8 Update 144 (64-bit) -> C:\Program Files\Java\jre1.8.0_144\\bin\javaws.exe
[HKCR\Installer\Products\5149110B34767074BAD491825F8EF1DD] : TurboTax 2015 WinPerReleaseEngine
[HKCR\Installer\Products\52FD6C4C95E0EE642BB4FD78948DFFA3] : Nero Image Samples -> C:\WINDOWS\Installer\{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\58854AEE3E3FD7E448539E2CD1631C14] : Dell Update - SupportAssist Update Plugin -> C:\WINDOWS\Installer\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}\PluginIcon
[HKCR\Installer\Products\5979F581366931F4E99F03A782A2BDA5] : ph -> C:\WINDOWS\Installer\{185F9795-9663-4F13-9EF9-307A282ADB5A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5B6E18EFB2567E043B2B17176C2F79AD] : Nero Disc Menus 2 -> C:\WINDOWS\Installer\{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\5DD6EBFE422B5E69279B863D82BC216A] : Adobe Widget Browser
[HKCR\Installer\Products\5E1F9BD7BCA9D0147ACDA7D320C30E54] : Dell Getting Started Guide -> C:\Windows\Installer\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6116D6C8427B0184F8D20D746E7B6DE8] : Mesh Runtime
[HKCR\Installer\Products\6248321AFDCE9364EBF2D8219AA72EC3] : Google Drive -> C:\WINDOWS\Installer\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}\DriveIcon
[HKCR\Installer\Products\6761FBEE78FA6624398DC0413AC42471] : Nero Disc Menus 1 -> C:\WINDOWS\Installer\{EEBF1676-AF87-4266-93D8-0C14A34C4217}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\67BCB71E42995DB46B6D053D04B7E447] : Nero Disc Menus Basic -> C:\WINDOWS\Installer\{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA3301FFFF7706C0F070E41400] : Adobe Acrobat DC -> C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-0C0F074E4100}\_SC_Acrobat.ico
[HKCR\Installer\Products\68AB67CA408033019195008142220573] : Adobe Refresh Manager -> C:\WINDOWS\Installer\{AC76BA86-0804-1033-1959-001824225037}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\WINDOWS\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico
[HKCR\Installer\Products\6AA6AE93198F07D468D738D94A99842D] : Adobe Shockwave Player 12.2 -> C:\WINDOWS\Installer\{39EA6AA6-F891-4D70-867D-839DA49948D2}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6C1C2E92A67D3D1489F0E643A69A6A8A] : Nero Cliparts -> C:\WINDOWS\Installer\{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6DAFD6D95E90E5444A5B3A88EFBE9DD0] : RBVirtualFolder64Inst -> C:\Windows\Installer\{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\6E8A266FCD4F2A1409E1C8110F44DBCE] : MSXML 4.0 SP2 (KB973688)
[HKCR\Installer\Products\7040BB568CC47CD459E2E3FEFD5006A2] : Nero Update -> C:\WINDOWS\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\716B12E5E25F01BB299F8CBAC297A9A8] : Adobe Download Assistant
[HKCR\Installer\Products\77EAAEFBF7DB43542B68C9C54B96E71B] : PDF Settings CS6
[HKCR\Installer\Products\798EA96EB0E9C584582587144FD8248D] : Adobe Update Manager CS3
[HKCR\Installer\Products\7BD4C90EC03660F46A13E87A329932FA] : D3DX10
[HKCR\Installer\Products\7C5F01C7F00F3DB41A017C2D042DDD52] : Adobe Dreamweaver CS3
[HKCR\Installer\Products\818DCFD4A63092246AD7FC71CD64D129] : Windows 10 Update and Privacy Settings
[HKCR\Installer\Products\821B6C5004B15944C99B90B063B8AFA0] : Nero Video Samples -> C:\WINDOWS\Installer\{05C6B128-1B40-4495-9CB9-090B368BFA0A}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\833DA5B8CBA7BCE4C9C286F748EADD1B] : Nero Platinum Effects 12 -> C:\WINDOWS\Installer\{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\844C97FE649617D41843300487880C45] : Shared C Run-time for x64
[HKCR\Installer\Products\88B9552DD9CC84B418BB4F29AB9A4CC8] : Adobe PDF Library Files
[HKCR\Installer\Products\91823B80FEE67504EAADA56B183AA632] : Adobe Bridge Start Meeting
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\969D73F00621E9143B80FED792BAED02] : Web Deployment Tool -> C:\Windows\Installer\{0F37D969-1260-419E-B308-EF7D29ABDE20}\MSDeployIcon.exe
[HKCR\Installer\Products\9866FB3BD18A8D04A968A44CCA9DCFC1] : Adobe Camera Raw 4.0
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] :
[HKCR\Installer\Products\9D4289C9000937346A5A0D5E4D383149] : Adobe Bridge CS3
[HKCR\Installer\Products\9FF27AF446DD8A34784036081AF1115D] : Dell Customer Connect -> C:\WINDOWS\Installer\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}\dnd.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A1006E9D3CD50264FAA7086BDC8446D5] : WCF RIA Services V1.0 SP1 -> C:\Windows\Installer\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}\icon.ico
[HKCR\Installer\Products\A265339F5B540374A8E5D082A29A68B6] : Verizon Software Upgrade Assistant -> C:\WINDOWS\Installer\{F933562A-45B5-4730-8A5E-0D282AA9866B}\_853F67D554F05449430E7E.exe
[HKCR\Installer\Products\A29FFD0DE29404C48B267AA471C3525C] : Adobe Version Cue CS3 Client
[HKCR\Installer\Products\A32460A5C012BF9459E0BCE08B5CEC7C] : Roxio BackOnTrack -> C:\Windows\Installer\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}\BackupCentral.exe
[HKCR\Installer\Products\A419E7B35D3992A429BBFAC8F3664C13] : Skype™ 7.38 -> C:\WINDOWS\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe
[HKCR\Installer\Products\A4DCCF5E9161BA84BA730E6A87DFF31F] :
[HKCR\Installer\Products\A67173FAAC87B54543FEB8A61215D41D] : Adobe Help Manager
[HKCR\Installer\Products\A6C64DD86500CEF47BA082BB611A1FF1] : MSVCRT
[HKCR\Installer\Products\A7DD5FF682EF93448BFCE1A94FAEA016] : Adobe Asset Services CS3
[HKCR\Installer\Products\AC3BA730042A70C45B8EB17E156A8AB7] :
[HKCR\Installer\Products\AF36219FD4EBD934C9A0E227400E9E3E] : Dell Update -> C:\WINDOWS\Installer\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}\dnd.ico
[HKCR\Installer\Products\B7AE13AA7197000449B9839EF148A852] : Internet Explorer
[HKCR\Installer\Products\B846977CE014ABB47BB58551CBFE7ED1] : Safari -> C:\WINDOWS\Installer\{C779648B-410E-4BBA-B75B-5815BCEFE71D}\Installer.ico
[HKCR\Installer\Products\C062052359A7236498B39856E75B45B5] : PhotoShowExpress -> C:\Windows\Installer\{3250260C-7A95-4632-893B-89657EB5545B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\C4C5B60FE2D842B4D934A754EE6C8C87] : Roxio Creator Starter
[HKCR\Installer\Products\CA161E091FE633F4B90B940B86082EB0] :
[HKCR\Installer\Products\D48734BA5EE11114598C19B852FECDB4] : LG VZW United Drivers -> C:\Windows\Installer\{AB43784D-1EE5-4111-95C8-918B25EFDC4B}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\D5591CDB6D837474B8A02B7BFCAEE1D7] : TurboTax 2015 WinPerTaxSupport
[HKCR\Installer\Products\D56941F2B76595E4DABEA0C21C3EDAFD] : Sql Server Customer Experience Improvement Program -> c:\Windows\Installer\{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}\ARPIco
[HKCR\Installer\Products\D702FA4077A9A564B86799F1A66B2654] : Adobe Help Viewer CS3
[HKCR\Installer\Products\DB242B2AD8FF0484D9AA1907AEEB5CC9] : Adobe CMaps
[HKCR\Installer\Products\DBF576EC3C571F546BFAD85280165D63] : Nero Disc Menus 3 -> C:\WINDOWS\Installer\{CE675FBD-75C3-45F1-B6AF-8D250861D536}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DDA39468D428E8B4DB27C8D5DC5CA217] : MSXML 4.0 SP2 (KB954430)
[HKCR\Installer\Products\DDE68972CE9C25B49BF2600D370FAA25] : Motorola Mobile Drivers Installation 6.4.0 -> C:\Windows\Installer\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}\_6FEFF9B68218417F98F549.exe
[HKCR\Installer\Products\DE48D40557EA58F46AB8BBD3C43B1E96] : Nero Holiday and Sports Themes -> C:\WINDOWS\Installer\{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\DE818FF6F56855C40A37DDC6C97E6B8A] : TurboTax 2015 wrapper
[HKCR\Installer\Products\E4CE00A91E724C2489DD66F223CA8807] : Sonic CinePlayer Decoder Pack -> C:\Windows\Installer\{9A00EC4E-27E1-42C4-98DD-662F32AC8870}\CPIcon.exe
[HKCR\Installer\Products\E547A84BA97BF714785724E14FC4291D] : TurboTax 2015 WinPerFuegoContent
[HKCR\Installer\Products\E85265FE62305C848AC6B3CA62CF51FD] : Roxio Creator Starter -> C:\Windows\Installer\{EF56258E-0326-48C5-A86C-3BAC26FC15DF}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\E8C18809F4C62664993258FAAC50C844] : Dell SupportAssistAgent -> C:\WINDOWS\Installer\{90881C8E-6C4F-4662-9923-85AFCA058C44}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\EDEE121AF86CD16419AA4DB82A62FAC1] : Roxio Activation Module -> C:\Windows\Installer\{A121EEDE-C68F-461D-91AA-D48BA226AF1C}\RoxioCentral.exe
[HKCR\Installer\Products\F5132B06F0863BE48BDDCCCD687ACCBA] : Roxio File Backup -> C:\Windows\Installer\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}\BackupCentral.exe
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\F7AC5766B15EA6F4994D8F0F21C4E6AA] : Roxio Express Labeler 3
[HKCR\Installer\Products\FB4A7DB746AEEFB49A3DF3CDB9E6CF32] : Nero Football (Soccer) Themes -> C:\WINDOWS\Installer\{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\FDA1A8E3C27BEF74586F7F7AC384F7C6] : Dell MusicStage -> C:\Windows\Installer\{3E8A1ADF-B72C-47FE-85F6-F7A73C487F6C}\MusicStage.exe
[HKCR\Installer\Products\FFC5F60053DEFA14B9A25FB2F045B54F] : Nero 2016 Content Pack -> C:\WINDOWS\Installer\{006F5CFF-ED35-41AF-9B2A-F52B0F545BF4}\ARPPRODUCTICON.exe

---------- | ADS

@C:\WINDOWS\System32:Win32App_1
@C:\WINDOWS\Syswow64:Win32App_1

---------- | Drives

Disk: 0 Size=954G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 DE-UNKNWN 39M No No 63 80,262
1 1 07-NTFS 13G Yes No 81,920 25,686,016
2 2 07-NTFS 941G No No 25,767,936 927,753,728

---------- | MBR

Windows Version:
Windows Information: (build 9200), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Computer Corporation
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 9100
Logical Drives Mask: 0x00000014

Analysis of file "C:\QuickDiag\MBR.bin":
Dell Inspiron MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Faulting application name: MotoHelperService.exe, version: 14.3.23.0, time stamp: 0x552e6b41
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0xd00
Faulting application start time: 0x01d30c9332e0283b
Faulting application path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MSVCR120.dll
Report Id: 7a27a5bc-d4fa-4631-acd2-90d6e6b6234a
Faulting package full name:
Faulting package-relative application ID:
------------

Activation context generation failed for "c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
------------

Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
------------

Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

Faulting application name: MotoHelperService.exe, version: 14.3.23.0, time stamp: 0x552e6b41
Faulting module name: MSVCR120.dll, version: 12.0.21005.1, time stamp: 0x524f7ce6
Exception code: 0xc0000409
Fault offset: 0x000a7666
Faulting process id: 0xf44
Faulting application start time: 0x01d30be0bcd2e300
Faulting application path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
Faulting module path: C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MSVCR120.dll
Report Id: 4ec66ef7-70eb-4d31-9832-935485a1211b
Faulting package full name:
Faulting package-relative application ID:
------------

Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x8007001f, A device attached to the system is not functioning.
.

Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet
------------

Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddWin32ServiceFiles: Unable to back up image of service dmwappushsvc since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.
------------

Activation context generation failed for "C:\Users\Steve\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

Activation context generation failed for "C:\Users\Steve\Downloads\esetsmartinstaller_enu(1).exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

Activation context generation failed for "c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
------------

Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
------------

Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
------------

An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
------------

An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
------------

Activation context generation failed for "C:\Program Files (x86)\Audacity\audacity.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest.
------------

Activation context generation failed for "c:\program files (x86)\microsoft visual studio 10.0\common7\ide\remote debugger\ia64\msvsmon.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
------------

Activation context generation failed for "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_6dad63fefc436da8.manifest. Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.483_none_26002d27e7c744a2.manifest.
------------

----------( EOF)---------- - 5016 | 16:39:38

mnisia · Aug 5, 2017

What now?

Malnutrition · Aug 7, 2017

Windows Repair.

Install (use the direct download) the Tweaking.com - Windows all in one repair tool. Then boot Windows into Safe Mode, (Make Certain To Run This Program As Administrator) then run through the Prescan on step 2 tab. Then skip to step 5 and create a system restore point. Then go to the repair tab...

Notice create a registry backup is ticked by default, so no need to do so in step 5...

Now run the program, with the boxes ticked in the picture below.

Click Image Below For Better Resolution.

May want to save picture or write down what boxes need ticked, since you will run this in Safe Mode.

Important: Make certain to reboot twice after running this tool!!

Malnutrition · Aug 7, 2017

@mnisia I deleted your other thread concerning this same machine. Please follow up here.

mnisia · Aug 8, 2017

Getting the same thing after running tool and rebooting twice
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787

Fire fox is still saying "Well this is embarrassing...

Malnutrition · Aug 8, 2017

FRST Fix.
https://pchelpforum.net/attachments/fixlist-txt.2646/
Click Here To Download Fixlist.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

mnisia · Aug 8, 2017

Fix result of Farbar Recovery Scan Tool (x64) Version: 08-08-2017
Ran by Steve (08-08-2017 17:35:42) Run:2
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available Profiles: Steve & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
startbatch:
del /f /q "%allusersprofile%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini"
del /f /q "%appdata%\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini"
del /f /q "%appdata%\Microsoft\Windows\Start Menu\desktop.ini"
endbatch:
reboot:
*****************

========= Batch: =========
Could Not Find C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Could Not Find C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini

========= End of Batch: =========

The system needed a reboot.

==== End of Fixlog 17:35:43 ====

mnisia · Aug 8, 2017

question about this while using firefox
Secure Connection Failed

An error occurred during a connection to www.searchencrypt.com. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG Has this browser been hijacked?

Malnutrition · Aug 9, 2017

Download ResetBrowser To your desktop.
Now close all open browsers.
Right click and run as administrator.
Click on Reset FireFox -- Allow completion.

9-Lab Scan.

Download 9-Lab Removal Tool.
CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.
Disable your antivirus prior to this scan.
Install the program onto your computer, then right click the icon run as administrator.
Update the program and then run a Quick scan!
Make sure the program updates, might be better to install it update reboot and check for updates again.
You need to make sure the database updates!!!
Upon Scan Completion Click on Show Results.
Then Click On Clean
Then Click on Save Log.
Save it to your desktop, copy and paste the contents of the log here in your next reply.

Auto logger scan!

Disable your Antivirus & Anti spyware applications!!
Download Autologger to your desktop.
Unzip it there. -- If you are unsure how to unzip a program, then use ---- http://www.7-zip.org/ ----
Right click Autologger and run as admin. (Xp user double click)
AVZ4 will open and scan your machine, allow this to complete.
Upload Collectionlog.zip to your next reply.

mnisia · Aug 10, 2017

9-lab Removal Tool 1.0.0.39 BETA
9-lab.com

Database version: 176.51479

Windows 8 (Version 6.2, Build 0, 64-bit Edition)
Internet Explorer 9.11.15063.0
Steve :: STEVE-PC

8/9/2017 10:54:24 PM
9lab-log-2017-08-09 (22-54-24).txt

Scan type: Quick
Objects scanned: 45944
Time Elapsed: 23 m 41 s

Registry Keys detected: 5
PUP.RPL.SystemOptimizer.as [HKEY_CLASSES_ROOT\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}]
PUP.RMPL.Toolbar.vl [HKEY_CLASSES_ROOT\YBrowserToolbar.YBrowserToolbar]
PUP.RMPL.Toolbar.vl [HKEY_CLASSES_ROOT\YBrowserToolbar.YBrowserToolbar.1]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}]
Adware.RPL.Gen.vl [HKEY_CLASSES_ROOT\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}]

Registry Values detected: 1
Risk.NoFolderOptions [HKEY_USERS\S-1-5-21-3518905376-1918425772-3662548586-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer NoFolderOptions]

Files detected: 3
[E6897E8CF8453750DEB91B2D62096425] Malware.MPL.Heur.vl [c:\users\steve\GoToAssistDownloadHelper.exe]
[C644064EC7A695D945E86CFBA53B9F44] Adware.MPL.ELEX.vl [c:\windows\system32\tasks\GoogleUpdateTaskMachineCore]
[CC7AA7B42CF418FC3D926913490048F8] Malware.Win32.Gen.cld [c:\windows\zoek-delete.exe]

mnisia · Aug 10, 2017

Autologer won't run because it says my date and time are wrong but its not wrong. Please, check your system date and time its set to 8/9/2017. well thats todays date.

mnisia · Aug 10, 2017

script ver. 2017.03.08
DefaultLanguage = 0409
Autologger’s localization was made in English.
Log collection started at 2017.08.09-23:33:05
C:\Users\Steve\Desktop\AutoLogger\
C:\Users\Steve\AppData\Local\Temp\
AutoLogger has been run with local Administrator rights.
Elevation of privileges of rights is successful.
This is not a Server System.
Last update was on = 2017.08.10
Current date is = 2017.08.09
Please, check your system date. It’s set to 2017.08.09

mnisia · Aug 10, 2017

Got it

mnisia · Aug 10, 2017

Thanks guys/gals for all this work you have been doing

Malnutrition · Aug 10, 2017

mnisia said:
Thanks guys/gals for all this work you have been doing

Not a problem, and sorry for the delayed response times. I usually put in 70 or more hours a week at work. I have a bit of time today, and will be looking things over closely tonight.

Malnutrition · Aug 13, 2017

Sorry, can you tell me what issues remain.

mnisia · Aug 13, 2017

Actually I think everything is fine now. You have been so helpful. Donating again. Thank you so much!

Malnutrition

Malnurished Admin

mnisia

Malnutrition

Malnurished Admin

mnisia

mnisia

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

mnisia

Malnutrition

Malnurished Admin

Attachments

mnisia

mnisia

Malnutrition

Malnurished Admin

mnisia

mnisia

mnisia

mnisia

Attachments

mnisia

Malnutrition

Malnurished Admin

Malnutrition

Malnurished Admin

mnisia

Search

Search

Solved FRST Scanned

We value your privacy