--------------- QuickDiag | g3n-h@ckm@n | 2_23.09.2016.1 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 02/11/2016 08:34:20 Updated 23/09/2016 | 10.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC-05:00) Eastern Time (US & Canada) [JCARAYOL (Administrator)] - [DESKTOP-6P7U2IA] (S-1-5-21-388053127-935073523-3697796377-1001) System: Microsoft Windows 10 Home - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Home|C:\WINDOWS|\Device\Harddisk0\Partition3 Boot : Normal boot PC: XPS 8910 - Dell Inc. - IdNumber: F1S5RD2 - UUID: 4C4C4544-0031-5310-8035-C6C04F524432 Processor : X64 - 3408 Mhz - Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz 1.0.4 - - Dell Inc. - S/N: F1S5RD2 - 1.0.4 - DELL - 1072009 CoreTemp : 29.8 Celsius ----------| Quick ---------- | SoundDevice Intel(R) Display Audio - Status: OK - Manufacturer: Intel(R) Corporation - PNPDeviceID: HDAUDIO\FUNC_01&VEN_8086&DEV_2809&SUBSYS_80860101&REV_1000\4&3AB17890&0&0201 USB Audio Device - Status: OK - Manufacturer: (Generic USB Audio) - PNPDeviceID: USB\VID_13B2&PID_007B&MI_00\6&723189F&0&0000 Realtek Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0899&SUBSYS_1028072A&REV_1000\4&3AB17890&0&0001 NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0051&SUBSYS_10281083&REV_1001\5&154DE470&0&0001 USB Audio Device - Status: OK - Manufacturer: (Generic USB Audio) - PNPDeviceID: USB\VID_05FC&PID_0231&MI_00\6&74DDBB4&0&0000 ---------- | Video Intel(R) HD Graphics 530 - Resolution: x - Colors: - RefreshRate: - Bits Per Pixel - DeviceID: VideoController1 - Drivers: igdumdim64.dll,igd10iumd64.dll,igd10iumd64.dll,igd12umd64.dll,igdumdim32,igd10iumd32,igd10iumd32,igd12umd32 - PNPDeviceID: PCI\VEN_8086&DEV_1912&SUBSYS_072A1028&REV_06\3&11583659&1&10 - AdapterCompatibility: Intel Corporation - RAM: 1073741824 NVIDIA GeForce GT 730 - Resolution: 1280x1024 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController2 - Drivers: C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvd3dumx,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2umx,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvd3dum,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2um,C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1287&SUBSYS_10831028&REV_A1\4&8A780D8&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648 Inegrated Video Chipset DeviceName: Intel(R) HD Graphics 530 - DriverVersion: 20.19.15.4390 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:1 % CPU #2 value:1 % CPU #3 value:1 % CPU #4 value:7 % CPU #5 value:1 % CPU #6 value:1 % CPU #7 value:1 % CPU #8 value:1 % Total Overall CPU Usage value:2 % ---------- | Network Qualcomm Atheros AR8171_8175 PCI-E Gigabit Ethernet Controller [NDIS 6.30] : SENT:0 bytes/sec / RECVD:0 bytes/sec Intel[R] Dual Band Wireless-AC 3165 : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{21E0F04E-F012-4BFA-AD07-F63DF3E79CEF} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:2 bytes/sec, / RECEIVE Maximum:0 bytes/sec Intel(R) Dual Band Wireless-AC 3165 - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_3165&SUBSYS_44108086&REV_79\4&1A8295B3&0&00E2 Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Qualcomm Atheros AR8171/8175 PCI-E Gigabit Ethernet Controller (NDIS 6.30) - Ethernet 802.3 - Qualcomm Atheros - Status: - PnPID : PCI\VEN_1969&DEV_10A1&SUBSYS_072A1028&REV_10\4&1D3DC3C5&0&00E3 Microsoft Wi-Fi Direct Virtual Adapter - Ethernet 802.3 - Microsoft - Status: - PnPID : {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\5&22D88535&0&11 Bluetooth Device (RFCOMM Protocol TDI) - - Microsoft - Status: - PnPID : BTH\MS_RFCOMM\6&2465224B&0&0 Bluetooth Device (Personal Area Network) - Ethernet 802.3 - Microsoft - Status: - PnPID : BTH\MS_BTHPAN\6&2465224B&0&2 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE ---------- | Memory RAM = Total (MB) : 16678 | Free (MB) : 12900 Pagefile = Total (MB) : 19692 | Free (MB) : 15859 Virtual = Total (MB) : 4194 | Free (MB) : 3967 Physical Memory 1 : Capacity: 17179869184 - ChannelA-DIMM1 - Posit.: 0 - Manufacturer: SK Hynix - PartNumber: HMA82GU6MFR8N-TF - S/N: 11951111 ---------- | SID Users Administrator : [S-1-5-21-388053127-935073523-3697796377-500] DefaultAccount : [S-1-5-21-388053127-935073523-3697796377-503] Guest : [S-1-5-21-388053127-935073523-3697796377-501] JCARAYOL : [S-1-5-21-388053127-935073523-3697796377-1001] Administrators : [S-1-5-32-544] Distributed COM Users : [S-1-5-32-562] Event Log Readers : [S-1-5-32-573] Guests : [S-1-5-32-546] IIS_IUSRS : [S-1-5-32-568] Performance Log Users : [S-1-5-32-559] Performance Monitor Users : [S-1-5-32-558] Remote Management Users : [S-1-5-32-580] System Managed Accounts Group : [S-1-5-32-581] Users : [S-1-5-32-545] ---------- | Drives G:\ -> [Fixed] | [SAMSUNG] | Total : 5589.02 Go | Free : 809.49 Go -> NTFS [USB] F:\ -> [Removable] | [KINGSTON] | Total : 14.4 Go | Free : 14.14 Go -> FAT32 [USB] C:\ -> [Fixed] | [OS] | Total : 916.95 Go | Free : 309.1 Go -> NTFS [RAID] Disk Usage Information [4 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [F:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #2 [G:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #3 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - USB - Removable Media - 4 Part. - PnPID : USBSTOR\DISK&VEN_KINGSTON&PROD_DATATRAVELER_3.0&REV_1.00\60A44C413C9CF081B9880068&0 DeviceID: \\.\PHYSICALDRIVE3 - Status: OK - USB - - 0 Part. - PnPID : USBSTOR\DISK&VEN_MULTIPLE&PROD_CARD__READER&REV_1.00\058F63666485&0 DeviceID: \\.\PHYSICALDRIVE2 - Status: OK - USB - External hard disk media - 4 Part. - PnPID : USBSTOR\DISK&VEN_SAMSUNG&PROD_D3_STATION&REV_0204\00000000011E0A49&0 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - SCSI - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_ST1000DM&PROD_003-1SB102\4&FD0533&0&010000 ---------- | Windows updates No detected update !!! Windows Is NOT Activated Windows Is Activated ---------- | Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) GC : 54.0.2840.71 (Copyright 2016 Google Inc.) Default : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 ---------- | FlashPlayer FlashPlayer ActiveX : 23.0.0.205 ---------- | Security FW : McAfee Firewall Enabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 480 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 07:42:27] CPU Usage:0 % 912 | [Owner : | Parent : 652() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 07:42:27] CPU Usage:0 % 972 | [Owner : | Parent : 880() | ?????] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.351) = C:\Windows\System32\winlogon.exe [02/11/2016 06:34:17] CPU Usage:0 % 104 | [Owner : | Parent : 912(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.0) = C:\Windows\System32\services.exe [16/07/2016 07:42:27] CPU Usage:0 % 296 | [Owner : | Parent : 912(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [01/11/2016 20:08:57] CPU Usage:0 % 684 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 856 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1036 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1124 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1132 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1280 | [Owner : | Parent : 104(services.exe) | ?????] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.5946) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [10/09/2016 03:45:58] CPU Usage:0 % 1288 | [Owner : | Parent : 104(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe [01/11/2016 16:16:31] CPU Usage:0 % 1392 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1464 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1548 | [Owner : | Parent : 1288(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [01/11/2016 16:16:31] CPU Usage:0 % 1704 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1820 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4390) = C:\Windows\System32\igfxCUIService.exe [10/09/2016 04:16:19] CPU Usage:0 % 1960 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1420 | [Owner : | Parent : 104(services.exe) | ?????] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.74) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [10/09/2016 03:42:46] CPU Usage:0 % 1916 | [Owner : | Parent : 1420(RtkAudioService64.exe) | ?????] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.245) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/09/2016 03:42:42] CPU Usage:0 % 1860 | [Owner : | Parent : 1420(RtkAudioService64.exe) | ?????] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.245) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/09/2016 03:42:42] CPU Usage:0 % 2100 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 2260 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 2316 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe [02/11/2016 06:36:18] CPU Usage:0 % 2544 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 2556 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.17.0) = C:\Windows\System32\DbxSvc.exe [24/10/2016 09:06:26] CPU Usage:0 % 2580 | [Owner : | Parent : 104(services.exe) | ?????] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.20.2044) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [16/09/2016 11:24:06] CPU Usage:0 % 2600 | [Owner : | Parent : 104(services.exe) | ?????] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe [30/08/2011 23:05:32] CPU Usage:0 % 2608 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7369.1323) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [28/09/2016 11:36:43] CPU Usage:0 % 2676 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - Intel(R) Wireless Bluetooth(R) iBtSiva Service.) - (18.1.1611.3223) = C:\Windows\System32\ibtsiva.exe [12/07/2016 03:01:12] CPU Usage:0 % 2720 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (18.30.0.0) = C:\Program Files\Intel\WiFi\bin\EvtEng.exe [28/10/2015 07:31:56] CPU Usage:0 % 2728 | [Owner : | Parent : 104(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [06/07/2015 16:52:40] CPU Usage:0 % 2736 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - Intel® Ready Mode Technology Service.) - (1.1.70.518) = C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [10/09/2015 22:14:10] CPU Usage:0 % 2744 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Management Service.) - (15.4.0.822) = C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [10/09/2016 04:01:31] CPU Usage:0 % 2804 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.4.0.822) = C:\Windows\System32\mfevtps.exe [10/09/2016 04:01:32] CPU Usage:0 % 2880 | [Owner : | Parent : 104(services.exe) | ?????] - (.PACE Anti-Piracy, Inc. - PACE License Service.) - (3.1.1.1554) = C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [13/09/2016 05:09:20] CPU Usage:0 % 2976 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (18.30.0.0) = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [28/10/2015 07:31:44] CPU Usage:0 % 2984 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Security, Inc. - Intel Security PEF Service.) - (1.2.130.0) = C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [10/09/2016 04:02:30] CPU Usage:0 % 2068 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel® Corporation - Intel® PROSet/Wireless Zero Configure Service.) - (18.30.0.0) = C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [28/10/2015 07:32:12] CPU Usage:0 % 2312 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 2656 | [Owner : | Parent : 104(services.exe) | ?????] - (.TeamViewer GmbH - TeamViewer 11.) - (11.0.1159.0) = C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [20/10/2016 15:47:30] CPU Usage:0 % 3292 | [Owner : | Parent : 2744(mfemms.exe) | ?????] - (.McAfee, Inc. - McAfee Process Validation Service.) - (15.4.0.822) = C:\Windows\System32\mfevtps.exe [10/09/2016 04:01:32] CPU Usage:0 % 3748 | [Owner : | Parent : 2744(mfemms.exe) | ?????] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.4.0.822) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [10/09/2016 04:02:12] CPU Usage:0 % 3800 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Service Host.) - (6.0.151.0) = C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe [10/03/2016 04:46:38] CPU Usage:0 % 1264 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Core Firewall Service.) - (15.4.0.822) = C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [10/09/2016 04:02:12] CPU Usage:0 % 3588 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee WebAdvisor.) - (4.0.3.279) = C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [10/10/2016 14:36:35] CPU Usage:0 % 4164 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Access Protection.) - (15.0.166.0) = C:\Program Files\mcafee\msc\McAPExe.exe [01/04/2016 01:52:58] CPU Usage:0 % 4232 | [Owner : | Parent : 2744(mfemms.exe) | ?????] - (.McAfee, Inc. - McAfee Scanner service.) - (1.4.1.681) = C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [10/09/2016 04:02:42] CPU Usage:0 % 4344 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 2388 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 5544 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dell Inc. - Dell Data Vault Wizard.) - (1.0.0.2) = C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [23/06/2016 11:23:11] CPU Usage:0 % 1712 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dell Inc. - Dell Update Windows Service.) - (1.9.4.0) = C:\Program Files (x86)\Dell Update\DellUpService.exe [02/05/2016 17:52:02] CPU Usage:0 % 5624 | [Owner : | Parent : 1564() | ?????] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe [17/09/2016 14:31:06] CPU Usage:0 % 4596 | [Owner : | Parent : 1564() | ?????] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe [17/09/2016 14:31:06] CPU Usage:0 % 5068 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - IAStorDataSvc.) - (14.8.9.1053) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [29/04/2016 00:48:22] CPU Usage:0 % 4540 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.0.0.1178) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [21/01/2016 03:15:02] CPU Usage:0 % 6136 | [Owner : | Parent : 104(services.exe) | ?????] - (.Intel Corporation - Intel(R) Local Management Service.) - (11.0.0.1178) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [21/01/2016 03:13:08] CPU Usage:0 % 3812 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee CSP Service Host.) - (1.9.829.0) = C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe [31/05/2016 05:13:48] CPU Usage:0 % 4752 | [Owner : | Parent : 104(services.exe) | ?????] - (.McAfee, Inc. - McAfee Module Core Service.) - (1.3.118.0) = C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [18/09/2016 22:19:58] CPU Usage:0 % 5284 | [Owner : JCARAYOL | Parent : 104(services.exe) | 20.07 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 1556 | [Owner : JCARAYOL | Parent : 1704(svchost.exe) | 22.19 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 07:42:09] CPU Usage:0 % 6148 | [Owner : JCARAYOL | Parent : 1704(svchost.exe) | 18.68 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 07:42:36] CPU Usage:0 % 6336 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8763) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [01/11/2016 20:01:55] CPU Usage:0 % 6684 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 41.32 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 07:42:05] CPU Usage:0 % 6692 | [Owner : JCARAYOL | Parent : 1712(DellUpService.exe) | 59.14 Mo] - (.Dell Inc. - Dell Update.) - (1.9.4.0) = C:\Program Files (x86)\Dell Update\DellUpTray.exe [02/05/2016 17:51:00] CPU Usage:0 % 6920 | [Owner : JCARAYOL | Parent : 6836() | 114.41 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.351) = C:\Windows\explorer.exe [02/11/2016 06:37:15] CPU Usage:0 % 6988 | [Owner : JCARAYOL | Parent : 6936() | 12.48 Mo] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4390) = C:\Windows\System32\igfxEM.exe [10/09/2016 04:16:19] CPU Usage:0 % 7072 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 81.45 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.187) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [01/11/2016 20:08:58] CPU Usage:0 % 1412 | [Owner : JCARAYOL | Parent : 1704(svchost.exe) | 0.97 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.245) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/09/2016 03:42:42] CPU Usage:0 % 6636 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 6.62 Mo] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.14393.0) = C:\Windows\System32\wbem\unsecapp.exe [16/07/2016 07:42:31] CPU Usage:0 % 2280 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe [02/11/2016 06:36:25] CPU Usage:0 % 1308 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 93.31 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.351) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [02/11/2016 06:38:39] CPU Usage:0 % 3512 | [Owner : | Parent : 2280(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.206) = C:\Windows\System32\SearchProtocolHost.exe [02/11/2016 06:36:18] CPU Usage:0 % 6808 | [Owner : JCARAYOL | Parent : 1704(svchost.exe) | 53.1 Mo] - (.McAfee, Inc. - McAfee.) - (8.0.140.0) = C:\PROGRA~1\COMMON~1\McAfee\platform\McUICnt.exe [10/03/2016 04:49:32] CPU Usage:0 % 736 | [Owner : JCARAYOL | Parent : 1704(svchost.exe) | 1 Mo] - (.CyberLink - CyberLink MediaLibrary Service.) - (8.0.0.2002) = C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [10/09/2016 03:57:37] CPU Usage:0 % 7916 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dell - KickStart.WindowService.) - (3.0.123.0) = C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [22/09/2016 18:15:00] CPU Usage:0 % 8244 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 13.98 Mo] - (.Realtek Semiconductor - Realtek HD Audio Manager.) - (1.0.560.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [06/10/2016 00:17:16] CPU Usage:0 % 8272 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 17.91 Mo] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.245) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [10/09/2016 03:42:42] CPU Usage:0 % 8492 | [Owner : | Parent : 104(services.exe) | ?????] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.9525) = C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [10/09/2016 03:59:25] CPU Usage:0 % 8672 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 8.38 Mo] - (.NVIDIA Corporation - NVIDIA Update Backend.) - (10.4.0.6) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [10/09/2016 03:46:14] CPU Usage:0 % 8800 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dell Inc. - Service.) - (1.3.0.72) = C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [09/09/2016 13:11:50] CPU Usage:0 % 8880 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 6.62 Mo] - (.Waves Audio Ltd. - Waves MaxxAudio Service Application.) - (1.12.3.0) = C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [24/07/2016 14:55:12] CPU Usage:0 % 8908 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 24.86 Mo] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6517.809) = C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\OneDrive.exe [17/09/2016 15:29:01] CPU Usage:0 % 8976 | [Owner : | Parent : 104(services.exe) | ?????] - (.Dell Inc. - Dell Data Vault Service.) - (4.0.0.0) = C:\Program Files\Dell\DellDataVault\DellDataVault.exe [23/06/2016 11:22:36] CPU Usage:0 % 8388 | [Owner : JCARAYOL | Parent : 9160() | 116.72 Mo] - (.Dropbox, Inc. - Dropbox.) - (13.4.21.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27/10/2016 19:59:04] CPU Usage:0 % 4992 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 16.14 Mo] - (.Microsoft Corporation - System Settings Broker.) - (10.0.14393.0) = C:\Windows\System32\SystemSettingsBroker.exe [16/07/2016 07:42:37] CPU Usage:0 % 9788 | [Owner : JCARAYOL | Parent : 8556() | 39.16 Mo] - (.Intel Corporation - IAStorIcon.) - (14.8.9.1053) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [29/04/2016 00:48:22] CPU Usage:0 % 1880 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 131.43 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 8764 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 8.08 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 8920 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 82.61 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 10064 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 43.54 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 10080 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 133.28 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 9640 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 2.76 Mo] - (.Microsoft Corporation - Windows Command Processor.) - (10.0.14393.0) = C:\Windows\System32\cmd.exe [16/07/2016 07:42:36] CPU Usage:0 % 9836 | [Owner : JCARAYOL | Parent : 9640(cmd.exe) | 9.56 Mo] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe [16/07/2016 07:42:23] CPU Usage:0 % 9284 | [Owner : JCARAYOL | Parent : 9640(cmd.exe) | 14.38 Mo] - (.McAfee, Inc. - SiteAdvisor.) - (4.0.3.279) = C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe [10/10/2016 14:36:37] CPU Usage:0 % 10512 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 435.26 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:4 % 10304 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 9.48 Mo] - (.Microsoft Corporation - COM Surrogate.) - (10.0.14393.0) = C:\Windows\System32\dllhost.exe [16/07/2016 07:42:27] CPU Usage:0 % 4292 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 19.17 Mo] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe [16/07/2016 07:42:40] CPU Usage:0 % 10124 | [Owner : | Parent : 104(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 07:42:27] CPU Usage:0 % 11188 | [Owner : | Parent : 1960(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 07:42:22] CPU Usage:0 % 5532 | [Owner : JCARAYOL | Parent : 684(svchost.exe) | 18.77 Mo] - (.Intel Security - AnalyticsSDK.) - (1.5.108.0) = C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe [10/09/2016 04:01:15] CPU Usage:0 % 7848 | [Owner : JCARAYOL | Parent : 1880(chrome.exe) | 202.72 Mo] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [17/09/2016 14:32:36] CPU Usage:0 % 7348 | [Owner : SYSTEM | Parent : 2280(SearchIndexer.exe) | 6.22 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.206) = C:\Windows\System32\SearchFilterHost.exe [02/11/2016 06:36:07] CPU Usage:0 % 8480 | [Owner : JCARAYOL | Parent : 6920(explorer.exe) | 29.51 Mo] - (.SosVirus - QuickDiag.) - (23.9.2016.1) = C:\Users\JCARAYOL\Desktop\QuickDiag.exe [02/11/2016 08:33:57] CPU Usage:0 % ---------- | MD5 [MD5.A470FC325D5F69D6B171A5F28232BD4F] - [02/11/2016 06:37:15] - (.© Microsoft Corporation. - Windows Explorer.) - [4563.77 Ko] - (10.0.14393.351) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 07:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 07:42:16] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [01/11/2016 20:08:57] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 07:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.133390D061D94917125DC666DA67ECD0] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Services and Controller app.) - [443.95 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.5757459686554B784F3CCE8C3BAF6D8B] - [02/11/2016 06:38:16] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.D243745884BCBC21E91AB569A0AD514E] - [02/11/2016 06:34:17] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Winlogon.exe [MD5.323AA1953ED9C01E23F740FA891FE064] - [02/11/2016 06:33:06] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 07:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 07:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 07:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 07:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.0D1D392ED2597F295956D058D33BD7C3] - [02/11/2016 06:37:04] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 07:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 07:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 07:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [01/11/2016 20:08:54] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.D5564FC81350458ED570528C4E3B1CCF] - [02/11/2016 06:33:06] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.84 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 07:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.5DD8CB01C0394F8D052763D2E3C6E684] - [01/11/2016 20:08:57] - (.© Microsoft Corporation. - NT File System Driver.) - [2203.34 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 07:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 07:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 07:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.4F25E481124059CC593B4C68BC485640] - [02/11/2016 06:33:07] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2478.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 07:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 07:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.NVIDIA Corporation.-.NVIDIA D3D10 Driver, Version 369.09.) - (21.21.13.6909) -- C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvwgf2umx.dll (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.Dropbox, Inc..-.Dropbox Shell Extension.) - (1.0.1.0) -- C:\Program Files (x86)\Dropbox\Client\DropboxExt64.1.0.dll (..-..) - (1.3.210.1) -- C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll (..-..) - (16.0.7329.1017) -- C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll (.NVIDIA Corporation.-.NVIDIA NVAPI Library, Version 369.09.) - (21.21.13.6909) -- C:\WINDOWS\system32\nvapi64.dll (..-..) - (0.0.0.0) -- :\PROGRA~1\mcafee\mqs\shredext.dll (.McAfee, Inc..-.McAfee Runtime MUI API.) - (5.0.9002.0) -- C:\Program Files\Common Files\McAfee\Platform\McRtMui.dll (.McAfee, Inc..-.McAfee Language Selection Library.) - (6.0.9001.0) -- C:\Program Files\Common Files\McAfee\Platform\LangSel.dll (..-..) - (0.0.0.0) -- :\PROGRA~1\mcafee\mqs\shrcore.dll (..-..) - (0.0.0.0) -- :\PROGRA~1\COMMON~1\mcafee\platform\core\mccoreps.dll (.McAfee, Inc..-.McAfee VTP Service Communication.) - (15.4.0.822) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtpa.dll (.McAfee, Inc..-.McAfee Driver Communication.) - (15.4.0.822) -- C:\Program Files\Common Files\McAfee\SystemCore\mfehida.dll (.McAfee, Inc..-.McAfee Management Service API.) - (15.4.0.822) -- C:\Program Files\Common Files\McAfee\SystemCore\mfemmsa.dll (..-..) - (0.0.0.0) -- :\PROGRA~1\mcafee\mqs\shredshm.dll (.Alexander Roshal.-.WinRAR shell extension.) - (5.21.0.0) -- C:\Program Files\WinRAR\rarext.dll (..-..) - (0.0.0.0) -- :\PROGRA~1\mcafee\msc\MCCTXM~1.DLL (..-..) - (0.0.0.0) -- :\PROGRA~1\mcafee\VIRUSS~1\mcctxmnu.dll (.Cyberlink.-.Cyberlink Shell Extension dynamic link library.) - (8.0.0.2906) -- C:\Program Files (x86)\Common Files\CyberLink\ShellExtComponent\CLVDShellExt.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (16.2.0.0) -- C:\Program Files\7-Zip\7-zip.dll (.NVIDIA Corporation.-.NVIDIA Shell Extensions.) - (8.17.13.6909) -- C:\WINDOWS\system32\nv3dappshext.dll (.NVIDIA Corporation.-.NVIDIA Display Shell Extension.) - (1.2.0.1) -- C:\WINDOWS\system32\nvshext.dll (.Intel Corporation.-.igfxDTCM Module.) - (6.15.10.4390) -- C:\WINDOWS\system32\igfxDTCM.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.Apple Inc..-.Bonjour Namespace Provider.) - (3.0.0.10) -- C:\Program Files\Bonjour\mdnsNSP.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE OneDrive - ("C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background [HKU\S-1-5-21-388053127-935073523-3697796377-1001\...\Run]) - User: DESKTOP-6P7U2IA\JCARAYOL Chromium - ("c:\users\jcarayol\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [HKU\S-1-5-21-388053127-935073523-3697796377-1001\...\Run]) - User: DESKTOP-6P7U2IA\JCARAYOL RTHDVCPL - ("C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s [HKLM\...\Run]) - User: Public RtHDVBg_MAXX6 - ("C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6 [HKLM\...\Run]) - User: Public IAStorIcon - ("C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 [HKLM\...\Run]) - User: Public NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\...\Run]) - User: Public WavesSvc - ("c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe" [HKLM\...\Run]) - User: Public [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion\Run] "OneDrive"="C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "Chromium"="c:\users\jcarayol\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s "RtHDVBg_MAXX6"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /MAXX6 "IAStorIcon"="C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 "NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" "WavesSvc"="c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe" [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "RTHDVCPL"=0x040000000000000000000000 "RtHDVBg_MAXX6"=0x040000000000000000000000 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "Dropbox"="C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "InstanceID"=e6afe7ec-5dc9-4375-8431-0fd432a "GlassSessionId"=1 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\Users\JCARAYOL\AppData\Local\Temp\~nsuA.tmp\Au_.exe \??\C:\Users\JCARAYOL\AppData\Local\Temp\~nsuA.tmp [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN NOVGA "SystemBootDevice"=multi(0)disk(0)rdisk(2)partition(3) "FirmwareBootDevice"=multi(0)disk(0)rdisk(2)partition(1) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=1 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [17/09/2016 15:25:19] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=296 "ProductType"=3 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 ---------- | .LNK C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk (/SendTo) C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk (--sendto) C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk (page=SettingsPagePCSystemDevices) C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Word\TP02_Texte305527930158177548\TP02_Texte.doc.lnk (12) C:\ProgramData\Microsoft\Windows\Start Menu\Eventide\Uninstall Eventide - 2016 Stereo Room v2.1.5.lnk ("C:\ProgramData\AudioUTOPiA\Uninstall_Eventide_-_2016_Stereo_Room_v2.1.5.bat") C:\ProgramData\Microsoft\Windows\Start Menu\MathewLane\Uninstall Mathew Lane - StereoDelta v1.1.lnk ("C:\ProgramData\AudioUTOPiA\Uninstall_Mathew_Lane_-_StereoDelta_v1.1.bat") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk (manualstartmenu) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk (-SpeechUX) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk (/prefetch:1) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState Komodo Edit 10\Modify or Uninstall Komodo.lnk (/i{80375DA2-CFB8-4DC3-9E01-9AC82443C88B}) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk (/res) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk (/s) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Customer Connect.lnk (shortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Notification Center.lnk (/FromShortcut) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk (-lloc dsc) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk (/home) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe.lnk (/desktopicon /platui) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk ("C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk ("C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk ("C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE") C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk (/show) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (create new project).lnk (-new) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (reset configuration to factory defaults).lnk (-resetconfig) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (ReWire slave mode).lnk (-rewire) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64)\REAPER (x64) (show audio configuration on startup).lnk (-audiocfg) eF �3I}o5I�.� reaper.exeY/X�Yn�OSC:\Pro C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk (/7) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk (--reset-config --reset-plugins-cache vlc://quit) C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk (-Iskins) ---------- | AppCertDlls | AppInit_DLLs ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Windows\web\wallpaper\dell\Wallpaper_Pirelli_FINAL.jpg [10/09/2016 04:09:58] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=1280 "MaxMonitorDimension"=1280 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC301004C961A00000A0000A005000000AB08AD476FCD0143003A005C00570069006E0064006F00770073005C007700650062005C00770061006C006C00700061007000650072005C00640065006C006C005C00570061006C006C00700061007000650072005F0050006900720065006C006C0069005F00460049004E0041004C002E006A00700067000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "PreferredUILanguages"=en-US "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{E31EA727-12ED-4702-820C-4B6445F28E1A}"=1 "{018D5C66-4533-4307-9B53-224DE2ED1FE6}"=1 [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShellState"=0x240000003D28000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=0 "GlobalAssocChangedCounter"=16 "AppReadinessLogonComplete"=1 "FirstRunTelemetryComplete"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D9601000062B06A59D2B415429F74E9109B0A815313020000D3EFA9CCED290A43BA6DE6BBFF0A60C24A06000020D9BB85A0426910A2E408002B30309D480100006078A409B011A54DAFA526D86198A78067010000 [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=1 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=0 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarStateLastRun"=0xD630195800000000 [HKLM\Software\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "SmartScreenEnabled"=Off [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Policies\Microsoft\Windows\System] "DisableCMD"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "PromptOnSecureDesktop"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "DisableTaskMgr"=0 "DisableRegistryTools"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 "NoRun"=0 "NoFolderOptions"=0 "NoControlPanel"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 "FirstLogon"=0 "PUUActive"=0x690436D202000100010000004D0000004D00000000000000D100000005000500BFEC1678B5010000B501000000000000000000000000000000000000000000000100000002000000C9B8FFC10335D201F62D0000000000000100000000000000 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=1332786816 "ShutdownFlags"=7 "Userinit"=C:\Windows\system32\userinit.exe, "scremoveoption"=0 "DisableCad"=1 "DisableLockWorkstation"=0 "AutoAdminLogon"=0 "DefaultUserName"=JCARAYOL "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Internet Shortcut [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Internet Shortcut [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 07:43:06] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command] ""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo] "ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 07:43:06] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-388053127-935073523-3697796377-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Users\JCARAYOL\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6817_133_64_02.exe"=1 "C:\Program Files\Dell\SupportAssist\uninstaller.exe"=1 "C:\Users\JCARAYOL\AppData\Local\Temp\nskB912.tmp\Setup.exe"=1 "C:\Users\JCARAYOL\AppData\Roaming\PCDr\Update\Binaries\full_dsc_6855_61_64_02.exe"=1 "C:\Users\JCARAYOL\AppData\Local\Temp\nsr2F43.tmp\Setup.exe"=1 [HKU\S-1-5-21-388053127-935073523-3697796377-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C03802000BA5020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\JCARAYOL\Downloads\reaper524_x64-install.exe"=0x5341435001000000000000000700000028000000E803A5002D55A5000100000000000000000001060001000019B4C529E312D1010000000000000000 "C:\Users\JCARAYOL\Downloads\ChromeSetup.exe"=0x5341435001000000000000000700000028000000A04110008862100001000000000000000000000A0021000019B4C529E312D1010000008100000000 "C:\Users\JCARAYOL\AppData\Local\Temp\GUM52D8.tmp\GoogleUpdateSetup.exe"=0x5341435001000000000000000700000028000000A04110008862100001000000000000000000000A0021000019B4C529E312D1010000008000000000020000002800000000000000000000400000000000000000000000000000000059630100000000000100000001000000 "C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files\mcafee.com\agent\mcagent.exe"=0x534143500100000000000000070000002800000038500F00FF3C100001000000000000000000000A0021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A4040000000000000100000001000000 "C:\Users\JCARAYOL\AppData\Local\Temp\Temp1_nfo.zip\setup.exe"=0x5341435001000000000000000700000028000000068407000000000001000000000000000000000A4120000019B4C529E312D1010000000000000000020000002800000000000000000800400000000000000000000000000000000047C70000000000000100000001000000 "C:\Program Files (x86)\NFO viewer\NFO viewer.exe"=0x5341435001000000000000000700000028000000009A0600000000000100000000000000000001054120000019B4C529E312D1010000000000000000020000002800000000000000000000000044000000000000000000000000000048E52301000000000F0000000F000000 "C:\Users\JCARAYOL\Documents\adobe audition\Au_CC_2015_v8.1.0.162_Portable\Adobe Audition CC 2015.exe"=0x534143500100000000000000070000002800000086E991180000000001000000000000000000000A7320000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006F7A9C02000000000200000002000000 "C:\Users\JCARAYOL\Documents\MakeMusic Finale 2014 (Cracked CHAOS) [ChingLiu] Antoine\Setup.exe"=0x5341435001000000000000000700000028000000087CB411EB08B5110100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000B81F0100000000000100000001000000 "C:\Users\JCARAYOL\Documents\eventide 2016 stereo rrom (marche bien)\Eventide.2016.Stereo.Room.v2.1.5.WIN-AudioUTOPiA\Setup.exe"=0x5341435001000000000000000700000028000000BCA1C6020000000001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000009F2B0100000000000100000001000000 "C:\Program Files (x86)\Finale 2014\Finale.exe"=0x5341435001000000000000000700000028000000D82754020F4D54020100000000000000000002067100000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000CEEA6301000000004600000046000000 "C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C0723C01E3C13C0101000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\JCARAYOL\Documents\7z1602-x64.exe"=0x5341435001000000000000000700000028000000F60815000000000001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000095160000000000000100000001000000 "C:\Program Files\7-Zip\7zFM.exe"=0x534143500100000000000000070000002800000000CC0C000000000001000000000000000000000A7320000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000061E71400000000000200000002000000 "C:\Users\JCARAYOL\Downloads\readerdc_uk_xa_install.exe"=0x5341435001000000000000000700000028000000E0541200BF7C120001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000081930100000000000100000001000000 "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"=0x5341435001000000000000000700000028000000D8F010004D4B110001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004126C300000000000100000001000000 "C:\Users\JCARAYOL\Documents\kontakt\Kt52Full\Native Instruments Kontakt v5.5.2 (Full) Unlocked-Tracer\Kontakt 5 5.5.2 Setup PC.exe"=0x53414350010000000000000007000000280000001354A33E16E73C1E0100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000069BE0100000000000200000002000000 "C:\Users\JCARAYOL\Documents\kontakt\Kt52Full\Native Instruments Kontakt v5.5.2 (Full) Unlocked-Tracer\SNO-PATCH\64bit\MemberSNO-64BIT.exe"=0x534143500100000000000000070000002800000000E204000000000001000000000000000000000AF322000059193B14E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C35E0800000000000100000001000000 "C:\Users\JCARAYOL\Documents\kontakt\Kt52Full\Native Instruments Kontakt v5.5.2 (Full) Unlocked-Tracer\SNO-PATCH\64bit\Kontakt 5.exe"=0x5341435001000000000000000700000028000000B053A7021E5AA70201000000000000000000000A7322000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000004A950000000000000100000001000000 "C:\Users\JCARAYOL\Downloads\sws-v2.8.3.0-x64-install.exe"=0x534143500100000000000000070000002800000061551500000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000E25A0000000000000200000002000000 "C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe"=0x534143500100000000000000070000002800000078DD1000C51A110001000000000000000000000AF122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006D700000000000002E0000002E000000 "F:\intenso\INTENSO\$RECYCLE.BIN\$R3GESIM\CDex.exe"=0x53414350010000000000000007000000280000003CD01800000000000100000000000000000001057120000019B4C529E312D1010000000000000000020000002800000000000000000000000004000000000000000000000000000003310000000000000100000001000000 "C:\Users\JCARAYOL\Documents\CDex\CDex.exe"=0x534143500100000000000000070000002800000000F40B00000000000100000000000000000001057120000019B4C529E312D10100000000000000000200000028000000000000000000000000040200000000000000000000000000FC6D0000000000000200000002000000 "C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PDVDLP.exe"=0x5341435001000000000000000700000028000000186F06007FF7060001000000000000000000000A7122000019B4C529E312D10100000000000000000200000050000000000000008000000000000000000000000000000000000000C62B1000000000000500000003000000000000000000000000000000000000000000000000000000120A0000000000000200000000000000 "C:\Users\JCARAYOL\Documents\CDex_150\CDex.exe"=0x53414350010000000000000007000000280000003CD01800000000000100000000000000000001057120000019B4C529E312D101000000000000000002000000280000000000000000000000000400000000000000000000000000002D180300000000000300000003000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C0200DEDE020001000000010000000000000A7122000019B4C529E312D1010000000000000000 "C:\Users\JCARAYOL\Documents\vlc-2.2.4-win32.exe"=0x534143500100000000000000070000002800000038E8D1015414D2010100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000008A4C0000000000000100000001000000 "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe"=0x5341435001000000000000000700000028000000C01702001B81020001000000000000000000000A6122000033504C2B57DFD10100000000000000000200000028000000000000000000001000000000000000000000000000000000DA201E02000000004001000040010000 "C:\Program Files\REAPER (x64)\Uninstall.exe"=0x5341435001000000000000000700000028000000221E05002D55A5000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000666C0000000000000100000001000000 "C:\Users\JCARAYOL\Documents\reaper523_x64-install.exe"=0x5341435001000000000000000700000028000000C8E5A400C978A5000100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007C1D0D00000000000100000001000000 "C:\Users\JCARAYOL\Documents\reaper525_x64-install.exe"=0x5341435001000000000000000700000028000000303AA500074FA5000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000237F0000000000000100000001000000 "C:\Program Files\REAPER (x64)\reaper.exe"=0x5341435001000000000000000700000028000000000EB9000000000001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000066C4C001000000008F0000008F000000 "C:\Users\JCARAYOL\Documents\Kontakt_Factory_Selection_Downloader.exe"=0x534143500100000000000000070000002800000010C75500928E56000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A2DA0D00000000000100000001000000 "C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\IsoViewer8.exe"=0x5341435001000000000000000700000028000000B8932A0016D32A000100000000000000000003060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000000000000000000000000000000000000002B340100000000000200000002000000 "C:\Users\JCARAYOL\Documents\Office15\WINWORD.EXE"=0x5341435001000000000000000700000028000000B8821D00C9781E0001000000000000000000000A0021000059193B14E312D1010000009100000000 "C:\Users\JCARAYOL\Documents\Office15\EXCEL.EXE"=0x5341435001000000000000000700000028000000C032F801DE8EF80101000000000000000000000A0021000059193B14E312D1010000009100000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C0782D007E722E0001000000000000000000000A0021000059193B14E312D10100000000000000000200000050000000000000000000000000000000000000000000000000000000A9740200000000000100000001000000000000000000004000000000000000000000000000000000AA3E0100000000000100000000000000 "C:\Users\JCARAYOL\Documents\Setup.X86.en-US_O365ProPlusRetail_07887b3f-a098-4f2e-87e9-499cf13c890d_TX_PR_b_32_.exe"=0x5341435001000000000000000700000028000000B85C3900B5B1390001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B51A1F00000000000100000001000000 "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"=0x5341435001000000000000000700000028000000C03A5E00B43E5E0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003C561E00000000000100000001000000 "C:\Program Files\Microsoft Office 15\ClientX64\IntegratedOffice.exe"=0x5341435001000000000000000700000028000000C0FA360066A2370001000000000000000000000A7320000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000FD3E0000000000000100000001000000 "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe"=0x5341435001000000000000000700000028000000C0FA360066A2370001000000000000000000000A7320000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000D0070000000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\Office16\OSPPREARM.EXE"=0x5341435001000000000000000700000028000000C0D40000D1C1010001000000000000000000000A7120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5010000000000000300000003000000 "C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOXMLED.EXE"=0x5341435001000000000000000700000028000000C8620300EC6E030001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000046110000000000000100000001000000 "C:\Users\JCARAYOL\Documents\winrar-x64-521.exe"=0x5341435001000000000000000700000028000000F0A01D00E7C01D000100000000000000000003060001000059193B14E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000CC680000000000000100000001000000 "C:\Program Files\WinRAR\WinRAR.exe"=0x534143500100000000000000070000002800000058EE16008CAB17000100000000000000000003060001000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000056656500000000003400000034000000 "C:\Users\JCARAYOL\Documents\FileZilla_Server-0_9_59.exe"=0x534143500100000000000000070000002800000080292200864B220001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A4DD0200000000000100000001000000 "C:\Users\JCARAYOL\Documents\TeamSpeak3-Client-win64-3.0.19.4.exe"=0x53414350010000000000000007000000280000008095E801890DE9010100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000FFB20100000000000100000001000000 "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"=0x5341435001000000000000000700000028000000B04A2A00BB552A0001000000000000000000000A7122000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006DAB3D01000000000500000005000000 "C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe"=0x53414350010000000000000007000000280000001829AF00DC7BAF0001000000000000000000000A7322000059193B14E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006F390000000000000200000002000000 "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"=0x5341435001000000000000000700000028000000B8302100413821000100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000018438210000000002700000027000000 "C:\Users\JCARAYOL\Documents\licecap126-install.exe"=0x5341435001000000000000000700000028000000208E0300B00604000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A61B0000000000000100000001000000 "C:\Program Files (x86)\LICEcap\licecap.exe"=0x5341435001000000000000000700000028000000008006000000000001000000000000000000000A7120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F77F1200000000000100000001000000 "C:\Users\JCARAYOL\Documents\FSCaptureSetup84.exe"=0x5341435001000000000000000700000028000000AD992F00000000000100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000331C0000000000000100000001000000 "C:\Program Files (x86)\FastStone Capture\FSCapture.exe"=0x534143500100000000000000070000002800000000284D000000000001000000000000000000000A6120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000F54F0000000000000200000002000000 "C:\Program Files (x86)\FileZilla Server\Uninstall.exe"=0x5341435001000000000000000700000028000000C1CC0000864B220001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000057230000000000000100000001000000 "C:\Users\JCARAYOL\Documents\FileZilla_3.22.1_win64-setup.exe"=0x5341435001000000000000000700000028000000B86D65003C18660001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B49D3F00000000000200000002000000 "C:\Users\JCARAYOL\Documents\TeamViewer_Setup_fr.exe"=0x5341435001000000000000000700000028000000902EA600EAE1A60001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006D920000000000000100000001000000 "C:\Program Files\FileZilla FTP Client\filezilla.exe"=0x5341435001000000000000000700000028000000B0E4BE005614BF0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006393FE00000000000300000003000000 "C:\Users\JCARAYOL\Documents\Komodo-Edit-10.1.1-17414.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000031740100000000000100000001000000 "C:\Program Files (x86)\TeamViewer\TeamViewer.exe"=0x5341435001000000000000000700000028000000B0929A01CC129B0101000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007C106900000000000700000007000000 "C:\Program Files (x86)\ActiveState Komodo Edit 10\komodo.exe"=0x534143500100000000000000070000002800000000D6090067180A000100000000000000000003060001000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000DE918400000000000200000002000000 "C:\Users\JCARAYOL\Documents\ilok\LicenseSupportInstallerWin64_v3.1.1_r34746\License Support Win64.exe"=0x5341435001000000000000000700000028000000F0269F04C5E79F040100000000000000000002060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000D7780400000000000100000001000000 "C:\Users\JCARAYOL\Documents\iZotope Iris 2 v2 00 Incl Emulator-R2R\iZotope_Iris_v2_00.exe"=0x534143500100000000000000070000002800000018702D12AAD12D120100000000000000000001060001000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000031B00100000000000100000001000000 "C:\Users\JCARAYOL\Documents\iZotope Iris 2 v2 00 Incl Emulator-R2R\Emulator-R2R\64-Bit\AuthAssistant.exe"=0x534143500100000000000000070000002800000000000200000000000100000000000000000003067100000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000007E750000000000000100000001000000 "C:\Program Files (x86)\iZotope\Iris 2\win64\iZotope Iris 2.exe"=0x5341435001000000000000000700000028000000008C7802000000000100000000000000000003067302000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000311F0000000000000100000001000000 "C:\Program Files (x86)\iZotope\Iris 2\win32\iZotope Iris 2.exe"=0x534143500100000000000000070000002800000000BA3702000000000100000000000000000003067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008F460000000000000200000002000000 "C:\Users\JCARAYOL\Documents\FFSetup3.9.5.0.exe"=0x53414350010000000000000007000000280000001038D30291D1D3020100000000000000000001060001000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000216F7400000000000100000001000000 "C:\Program Files (x86)\FormatFactory\FormatFactory.exe"=0x534143500100000000000000070000002800000088D05F00BD28600001000000000000000000000A7122000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000034C50000000000000400000004000000 "C:\Program Files (x86)\FormatFactory\uninst.exe"=0x53414350010000000000000007000000280000006A15030091D1D3020100000000000000000001060001000019B4C529E312D101000000000000000002000000280000000000000000000040000200000000000000000000000000006B100000000000000100000001000000 "C:\Users\JCARAYOL\Documents\vst\vst nouveaux\wave\Waves.Complete.v2016.10.10.Incl.Patched.and.Keygen-R2R\Waves.Complete.v2016.10.10.Incl.Patched.and.Keygen-R2R\r2r-5276\Setup Waves Complete v2016.10.10.exe"=0x5341435001000000000000000700000028000000772064660000000001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000080AB0700000000000200000002000000 "C:\Program Files (x86)\Waves\unins001.exe"=0x5341435001000000000000000700000028000000D1EC17000000000001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000007E480100000000000200000002000000 "C:\Users\JCARAYOL\AppData\Local\{070F3153-23A7-5DEB-4E3F-78036A57849B}\uninst.exe"=0x5341435001000000000000000700000028000000BF910000000000000100000000000000000001060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000033C70100000000000400000004000000 "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"=0x53414350010000000000000007000000280000006888100014EE100001000000000000000000000A00210000D5B3B31A57DFD1010000000100000000 "C:\Users\JCARAYOL\Documents\vst\native instrument una corda\NIUNACOD_2.part02\Native.Instruments.Una.Corda.KONTAKT-LiBRARY\Native Instruments - Una Corda Piano Library\Una_Corda\Una Corda 1.0.0 Setup PC.exe"=0x5341435001000000000000000700000028000000A8E43900C09F3A000100000000000000000001060001000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C5B60500000000000300000003000000 "C:\Program Files\Common Files\McAfee\platform\McUICnt.exe"=0x5341435001000000000000000700000028000000D8090B00DA870B0001000000000000000000000A0021000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000081020000000000000100000001000000 "C:\Users\JCARAYOL\Documents\plugins jean-\Waves All Plugins Bundle v9 r15 Windows (Fixed crack R2R) [ChingLiu]\Install WAVES 9 R15\setup.exe"=0x534143500100000000000000070000002800000000000600000000000100000000000000000000067102000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000000F7B1D00000000000100000001000000 "C:\Users\JCARAYOL\Documents\plugins jean-\Ableton live Suite v9.5 WiN x86 x64-d33p57a7u5\ableton_live_suite_9.5_64\Setup.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000389C0500000000000100000001000000 "C:\Users\JCARAYOL\Documents\plugins jean-\Ableton live Suite v9.5 WiN x86 x64-d33p57a7u5\Patch iO\Ableton LivePatch [io].exe"=0x534143500100000000000000070000002800000000D60800000000000100000000000000000001067102000019B4C529E312D10100000080000000000200000028000000000000000000000000000000000000000000000000000000EE090100000000000200000002000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000B8740C00A81A0D0001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\Users\JCARAYOL\Downloads\ableton\Ableton.Live.Suite.v9.7.0.Incl._ed.and._-R2R\Ableton.Live.Suite.v9.7.0.Incl.Patched.and.Keygen-R2R\r2r-5265\Ableton_Live_Suite_970_WIN_Installer.7z.exe"=0x53414350010000000000000007000000280000005D1E104C0000000001000000000000000000000A7120000019B4C529E312D101000000000000000001000000040000000100000002000000280000000000000000080040000020000000000000002000000000006E930500000000000200000002000000 "C:\Users\JCARAYOL\Downloads\ableton\Ableton.Live.Suite.v9.7.0.Incl._ed.and._-R2R\Ableton.Live.Suite.v9.7.0.Incl.Patched.and.Keygen-R2R\r2r-5265\ableton_live_suite_9.7_64\Setup.msi"=0x53414350010000000000000007000000280000000002010066CD01000100000000000000000001050010000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000070971000000000000200000002000000 "C:\Users\JCARAYOL\Documents\mathewlane stereoDelta v1.1\29Oct16-MaLa.SD11\MathewLane.StereoDelta.v1.1.WIN-AudioUTOPiA\au-00088\Setup.exe"=0x53414350010000000000000007000000280000009A56E9030000000001000000000000000000000A0021000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000906C0100000000000100000001000000 "C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE"=0x5341435001000000000000000700000028000000C09A1D00315E1E0001000000000000000000000A0021000019B4C529E312D1010000009100000000 "C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C0AC02007050030001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files\ByteFence\Uninstall.exe"=0x53414350010000000000000007000000280000009A050100E13843000100000000000000000001060001000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000019120500000000000100000001000000 "C:\Users\JCARAYOL\Desktop\QuickDiag.exe"=0x5341435001000000000000000700000028000000A81D2400EB0A250001000000000000000000000A0021000033504C2B57DFD1010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131225063656969502 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "TrustedImageIdentifier"={F5C3DB17-0B4D-4DFF-9292-8D443B10648B} "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x52856385350BD201 "DisableAntiVirus"=1 "OOBEInstallTime"=0xCA8278671911D201 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012] : MSAFD Irda [IrDA] [HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012] : MSAFD Irda [IrDA] ---------- | Hosts ---------- | @ [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=yes "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=%11%\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Page_URL"=http://dell17win10.msn.com/?pc=DCTE "DisableFirstRunCustomize"=3 "ApplicationTileImmersiveActivation"=0 "AssociationActivationMode"=2 "ImageStoreRandomFolder"=vkcpw6t "OperationalData"=12 "EdgeSwitchingOSBuildNumber"=10586.th2_release.160906-1759 "CompatibilityFlags"=0 "FullScreen"=no "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x19B989C5011AD201 "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF240000002400000044030000A4020000 [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x94B95B1B7934D201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "ProxyOverride"=*.local [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "Start Page"=https://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEzz0EtAzz0DyBtDyCyBtDyDzy0AyDtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzy0D0FtBtByBtCtGyEyEtAtBtG0B0C0D0CtGtD0CyCzytGyDtCyC0DtDyByB0ByE0FtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyByE0BtB0AyE0DtG0B0B0DtBtGyEzztA0FtGzz0DyEyDtGyEzzyCtBtBtBtCtC0CtAtCyD2QtN0A0LzuyE%26cr%3D2008130806%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome "TabProcGrowth"=Medium [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | SSODL | SEH | URLSH | STS ---------- | Toolbar [HKU\S-1-5-21-388053127-935073523-3697796377-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={95077B0E-08F2-4059-A80A-FC811DA71C58} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={95077B0E-08F2-4059-A80A-FC811DA71C58} ---------- | Extensions [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Lync Click to Call) - [] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) - [] ---------- | SearchScopes [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95077B0E-08F2-4059-A80A-FC811DA71C58}] - (Yahoo! Powered) - https://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEzz0EtAzz0DyBtDyCyBtDyDzy0AyDtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzy0D0FtBtByBtCtGyEyEtAtBtG0B0C0D0CtGtD0CyCzytGyDtCyC0DtDyByB0ByE0FtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyByE0BtB0AyE0DtG0B0B0DtBtGyEzztA0FtGzz0DyEyDtGyEzzyCtBtBtBtCtC0CtAtCyD2QtN0A0LzuyE%26cr%3D2008130806%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}] - (Bing) - http://www.bing.com/search?q={searchTerms}&form=PRDLR1&src=IE11TR&pc=DCTE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{95077B0E-08F2-4059-A80A-FC811DA71C58}] - (Yahoo! Powered) - https://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fs_16_42¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEzz0EtAzz0DyBtDyCyBtDyDzy0AyDtN0D0Tzu0StCyByDyBtN1L2XzutAtFtByEtFtByBtFyDtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StDzy0D0FtBtByBtCtGyEyEtAtBtG0B0C0D0CtGtD0CyCzytGyDtCyC0DtDyByB0ByE0FtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAyByE0BtB0AyE0DtG0B0B0DtBtGyEzztA0FtGzz0DyEyDtGyEzzyCtBtBtBtCtC0CtAtCyD2QtN0A0LzuyE%26cr%3D2008130806%26a%3Dwbf_fs_16_42%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms} : ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [28/09/2016 12:04:52] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [28/09/2016 12:04:17] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> (Lync Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [28/09/2016 12:04:52] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> (Microsoft OneDrive for Business Browser Helper) : C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [28/09/2016 12:04:17] ---------- | Chrome C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\fheoggkfdfchfphceeifdbepaooicaho = : McAfee® WebAdvisor - McAfee® WebAdvisor - http://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi = : __MSG_extDesc__ - __MSG_extName__ - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description__ - short_name: __MSG_name__ - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx C:\Users\JCARAYOL\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm = : Provider for discovery and services for mirroring of Chrome Media Router - Chrome Media Router - 919648714761-55j965o0km033psv3i9qls5mo3qtdrb0.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] [HKLM\Software\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] [HKLM\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho] [HKLM\Software\WOW6432Node\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej] ---------- | Opera ---------- | Firefox [HKLM\Software\mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [HKLM\Software\WOW6432Node\mozilla\Firefox\Extensions] "{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"=C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@mcafee.com/MSC,version=10] - (McAfee Total Protection MIME Plugin) : c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/Lync,version=15.0] - (Microsoft Lync Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9] - (Google Update) : C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@videolan.org/vlc,version=2.2.4] - (VLC Multimedia Plugin) : C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [HKLM\Software\WOW6432Node\MozillaPlugins\Adobe Reader] - (Handles PDFs in-place in Firefox) : C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll ---------- | Active Connections TCP 192.168.0.126:49705 bn3sch020010540.wns.windows.com:https ESTABLISHED 6920 TCP 192.168.0.126:49750 d.v.dropbox.com:https CLOSE_WAIT 8388 TCP 192.168.0.126:49752 client.v.dropbox.com:https CLOSE_WAIT 8388 TCP 192.168.0.126:49805 e1.ycpi.vip.nya.yahoo.com:https ESTABLISHED 1880 TCP 192.168.0.126:49849 bf1onepush.vip.bf1.yahoo.com:https ESTABLISHED 1880 TCP 192.168.0.126:49882 199.16.156.201:https ESTABLISHED 1880 TCP 192.168.0.126:50083 bf1onepush.vip.bf1.yahoo.com:https ESTABLISHED 1880 TCP 192.168.0.126:50084 cache.google.com:https ESTABLISHED 1880 TCP 192.168.0.126:50085 8.18.25.27:https ESTABLISHED 4232 TCP 192.168.0.126:50086 cache.google.com:https ESTABLISHED 1880 TCP 192.168.0.126:50087 cache.google.com:https ESTABLISHED 1880 TCP 192.168.0.126:50088 65.55.44.109:https TIME_WAIT 0 TCP 192.168.0.126:50090 a23-206-181-176.deploy.static.akamaitechnologies.com:http ESTABLISHED 2608 TCP 192.168.0.126:50091 akamai-155.62.cache.videotron.ca:http ESTABLISHED 2608 TCP 192.168.0.126:50093 e1.ycpi.vip.nya.yahoo.com:https ESTABLISHED 1880 ---------- | DNS [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters] "DhcpNameServer"=192.168.0.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{21e0f04e-f012-4bfa-ad07-f63df3e79cef}] "DhcpNameServer"=192.168.0.1 [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{3573757a-4b29-4d93-ba5a-1360b5e19cf0}] "DhcpNameServer"=24.201.245.77 24.200.0.1 24.53.0.2 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{21e0f04e-f012-4bfa-ad07-f63df3e79cef}] "DhcpNameServer"=192.168.0.1 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3573757a-4b29-4d93-ba5a-1360b5e19cf0}] "DhcpNameServer"=24.201.245.77 24.200.0.1 24.53.0.2 ---------- | Applications [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files (x86)\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\vlc.exe] : "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | Svchost - Netsvcs (Whitelisted) NetSetupSvc - %SystemRoot%\System32\NetSetupSvc.dll : %SystemRoot%\System32\svchost.exe -k netsvcs UserManager - %SystemRoot%\System32\usermgr.dll : %SystemRoot%\system32\svchost.exe -k netsvcs ---------- | Software [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\7-Zip] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\8322898] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Ableton] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Adobe] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\AppDataLow] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Clients] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\csastats] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\CyberLink] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Dropbox] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\DropboxOEM] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\DropboxUpdate] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\FreeTime] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Google] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Guillaume Lacasa] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\IM Providers] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Intel] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\iZotope] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\JWPlugins] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Macromedia] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\MakeMusic] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\MakeMusic Inc.] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\McAfee] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\MozillaPlugins] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Native Instruments] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Netscape] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\NVIDIA Corporation] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\ODBC] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Policies] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\proDAD] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\ProductSetup] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Realtek] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\RegisteredApplications] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\SOMUSQUE] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\sysinternals] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\TeamViewer] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Waves Audio] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Winamp] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\WinRAR] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\WinRAR SFX] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Wow6432Node] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-388053127-935073523-3697796377-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\7-Zip] [HKLM\Software\AGEIA Technologies] [HKLM\Software\Apple Inc.] [HKLM\Software\ASIO] [HKLM\Software\Clients] [HKLM\Software\Creative Tech] [HKLM\Software\Cyberlink] [HKLM\Software\Dell] [HKLM\Software\Dell Computer Corporation] [HKLM\Software\Dell Inc.] [HKLM\Software\Dolby] [HKLM\Software\DTS] [HKLM\Software\FileZilla 3] [HKLM\Software\Fortemedia] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Google] [HKLM\Software\Intel] [HKLM\Software\Intel Security] [HKLM\Software\Khronos] [HKLM\Software\Macromedia] [HKLM\Software\ManageableUpdatePackage] [HKLM\Software\McAfee] [HKLM\Software\McAfee.com] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\Native Instruments] [HKLM\Software\NewBlue] [HKLM\Software\Nuance] [HKLM\Software\NVIDIA Corporation] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\PC-Doctor] [HKLM\Software\Policies] [HKLM\Software\Propellerhead Software] [HKLM\Software\Realtek] [HKLM\Software\REAPER] [HKLM\Software\RegisteredApplications] [HKLM\Software\SiteAdvisor] [HKLM\Software\SRS Labs] [HKLM\Software\sysinternals] [HKLM\Software\TeamSpeak 3 Client] [HKLM\Software\Waves Audio] [HKLM\Software\WinRAR] [HKLM\Software\WOW6432Node] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\ActiveState] [HKLM\Software\WOW6432Node\Adobe] [HKLM\Software\WOW6432Node\AGEIA Technologies] [HKLM\Software\WOW6432Node\Apple Inc.] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\CyberLink] [HKLM\Software\WOW6432Node\Dell] [HKLM\Software\WOW6432Node\Dropbox] [HKLM\Software\WOW6432Node\DropboxUpdate] [HKLM\Software\WOW6432Node\FileZilla 3] [HKLM\Software\WOW6432Node\FileZilla Client] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\LICEcap] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\MakeMusic] [HKLM\Software\WOW6432Node\McAfee] [HKLM\Software\WOW6432Node\McAfee.com] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\MimarSinan] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\NewBlue] [HKLM\Software\WOW6432Node\Nuance] [HKLM\Software\WOW6432Node\NVIDIA Corporation] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\Overwolf] [HKLM\Software\WOW6432Node\PC-Doctor] [HKLM\Software\WOW6432Node\proDAD] [HKLM\Software\WOW6432Node\Propellerhead Software] [HKLM\Software\WOW6432Node\Realtek] [HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.] [HKLM\Software\WOW6432Node\SiteAdvisor] [HKLM\Software\WOW6432Node\SyncIntegrationClients] [HKLM\Software\WOW6432Node\TeamViewer] [HKLM\Software\WOW6432Node\VideoLAN] [HKLM\Software\WOW6432Node\Waves Audio] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | Drives G: [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation. - UI Wrapper Resource DLL.) - [75280] - (9.0.21022.8) - G:\install.res.1028.dll [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. Alle Rechte vorbehalten. - Ressourcen-DLL für UI-Wrapper.) - [95248] - (9.0.21022.8) - G:\install.res.1031.dll [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. - UI Wrapper Resource DLL.) - [90128] - (9.0.21022.8) - G:\install.res.1033.dll [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. Tous droits réservés. - UI Wrapper Resource DLL.) - [96272] - (9.0.21022.8) - G:\install.res.1036.dll [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. Tutti i diritti riservati. - DLL di risorse del wrapper dell'interfaccia utente.) - [94224] - (9.0.21022.8) - G:\install.res.1040.dll [07/11/2007 08:44:20] - |A| - (.(C) Copyright Microsoft Corporation. - UI Wrapper Resource DLL.) - [80400] - (9.0.21022.8) - G:\install.res.1041.dll [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation. - UI 래퍼 리소스 DLL.) - [78864] - (9.0.21022.8) - G:\install.res.1042.dll [07/11/2007 08:44:20] - |A| - (.(C) Microsoft Corporation。保留所有权利。 - 用户界面包装资源 DLL.) - [74768] - (9.0.21022.8) - G:\install.res.2052.dll [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. Reservados todos los derechos. - Archivo DLL de recursos del contenedor de la interfaz de usuario.) - [95248] - (9.0.21022.8) - G:\install.res.3082.dll [10/08/2016 07:37:55] - |A| - (.Copyright (C) 2001 Ivanopulo / DAMN - DAMN NFO Viewer Setup.) - [269312] - (1.0.1.13) - G:\DAMN_NFO_Viewer_v2-10-0032-RC3.exe [24/06/2016 10:16:24] - |A| - (.Copyright (C) 2000-2015 - DAEMON Tools Lite Installer.) - [692072] - (1.3.12.0) - G:\DTLiteInstaller.exe [07/11/2007 08:44:20] - |A| - (.© Microsoft Corporation. - External Installer.) - [855040] - (9.0.21022.8) - G:\install.exe [07/11/2007 08:00:40] - |A| - (.-.) - [1110] - (0.0.0.0) - G:\globdata.ini [07/11/2007 08:00:40] - |A| - (.-.) - [843] - (0.0.0.0) - G:\install.ini F: ---------- | C: [30/10/2015 03:24:24] - |SHD| - [46301326284] - C:\$Recycle.Bin [16/07/2016 11:17:21] - |HD| - [4634043445] - C:\$WINDOWS.~BT [10/09/2016 04:11:56] - |D| - [276771255] - C:\Apps [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 04:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 04:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [25/04/2016 17:41:06] - |D| - [1152] - C:\DELL [MD5.36F6D2344CE61BA8B060D9BACF83B3EE] - [10/09/2016 04:31:07] - |RAH| - (.-.) - [23077] - (0.0.0.0) - C:\dell.sdr [17/09/2016 15:16:10] - |SHD| - [0] - C:\Documents and Settings [25/04/2016 16:13:11] - |D| - [5747902] - C:\Drivers [MD5.D41D8CD98F00B204E9800998ECF8427E] - [01/11/2016 16:27:20] - |ASH| - (.-.) - [6831149056] - (0.0.0.0) - C:\hiberfil.sys [10/09/2016 03:44:25] - |D| - [53782] - C:\Intel [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/09/2016 04:00:48] - |ASH| - (.-.) - [3087007744] - (0.0.0.0) - C:\pagefile.sys [16/07/2016 07:47:47] - |D| - [0] - C:\PerfLogs [16/07/2016 02:04:24] - |RD| - [4791735916] - C:\Program Files [16/07/2016 02:04:24] - |RD| - [7788184848] - C:\Program Files (x86) [16/07/2016 07:47:48] - |HD| - [3097610594] - C:\ProgramData [02/11/2016 08:34:04] - |D| - [262073] - C:\QuickDiag [MD5.0FABC65D5E75EE4AAE8546B8B7ADC2C7] - [02/11/2016 08:34:20] - |A| - (.-.) - [155512] - (0.0.0.0) - C:\QuickDiag.txt [10/09/2016 04:14:20] - |D| - [4824582856] - C:\Recovery [MD5.4AD735D6C5F7595124B6E12604B6698E] - [10/09/2016 04:00:26] - |A| - (.-.) - [202] - (0.0.0.0) - C:\StartMenu.ini [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/09/2016 03:32:18] - |ASH| - (.-.) - [268435456] - (0.0.0.0) - C:\swapfile.sys [10/09/2016 03:32:17] - |SHD| - [0] - C:\System Volume Information [16/07/2016 02:04:24] - |RD| - [543550577108] - C:\Users [16/07/2016 02:04:24] - |D| - [50876671362] - C:\Windows [01/11/2016 20:09:55] - |D| - [22168854548] - C:\Windows.old ---------- | C:\WINDOWS [MD5.7562AD759F210026427C5F18F0853ED7] - [04/08/2004 03:56:46] - |AH| - (.-.) - [28] - (0.0.0.0) - C:\WINDOWS\5wecf8prllb8hyp [16/07/2016 07:47:48] - |D| - [802] - C:\WINDOWS\addins [16/07/2016 07:47:48] - |D| - [10145977] - C:\WINDOWS\appcompat [16/07/2016 07:47:48] - |D| - [12416006] - C:\WINDOWS\AppPatch [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness [16/07/2016 07:47:47] - |RSD| - [697919598] - C:\WINDOWS\assembly [16/07/2016 07:47:48] - |D| - [296620] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 07:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [16/07/2016 07:47:48] - |D| - [38094681] - C:\WINDOWS\Boot [MD5.6F9CBF18A88FDA45C9E9DE716F90428E] - [01/11/2016 16:14:37] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [16/07/2016 07:47:48] - |D| - [3715096] - C:\WINDOWS\Branding [16/07/2016 07:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.672875BFFBAD456FBB584C1892A428FC] - [01/11/2016 16:29:57] - |A| - (.-.) - [8136] - (0.0.0.0) - C:\WINDOWS\comsetup.log [MD5.D6CE3EEAB0B72F8014E62C728CEA5605] - [16/07/2016 10:28:32] - |A| - (.-.) - [33498] - (0.0.0.0) - C:\WINDOWS\Core.xml [MD5.F59060E298148DE24DEBB3E8321C4407] - [30/10/2015 05:06:35] - |A| - (.-.) - [31816] - (0.0.0.0) - C:\WINDOWS\CoreSingleLanguage.xml [MD5.B9EB6DAAE60979ED334FAD77E97BD8E9] - [10/09/2016 04:08:18] - |A| - (.-.) - [12] - (0.0.0.0) - C:\WINDOWS\csup.txt [16/07/2016 07:47:48] - |D| - [8970858] - C:\WINDOWS\Cursors [16/07/2016 07:47:48] - |D| - [915] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [01/11/2016 16:37:50] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [16/07/2016 07:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [01/11/2016 16:37:50] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [16/07/2016 10:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker [16/07/2016 07:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.121B125D5E8C6118427A8E7845429115] - [10/09/2016 03:41:08] - |A| - (.-.) - [20240] - (0.0.0.0) - C:\WINDOWS\DPINST.LOG [MD5.433AABB65CE614CF424F957374FF11AE] - [16/07/2016 07:49:13] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [16/07/2016 07:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP [16/07/2016 10:14:00] - |D| - [105984] - C:\WINDOWS\en-US [MD5.A470FC325D5F69D6B171A5F28232BD4F] - [02/11/2016 06:37:15] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4673304] - (10.0.14393.351) - C:\WINDOWS\explorer.exe [16/07/2016 07:47:48] - |RSD| - [376124980] - C:\WINDOWS\Fonts [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [16/07/2016 07:47:48] - |D| - [27490828] - C:\WINDOWS\Globalization [16/07/2016 07:47:48] - |D| - [71996360] - C:\WINDOWS\Help [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 07:42:20] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 07:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [16/07/2016 07:47:48] - |D| - [173189416] - C:\WINDOWS\IME [16/07/2016 07:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel [16/07/2016 07:45:54] - |D| - [97431182] - C:\WINDOWS\INF [16/07/2016 07:47:48] - |D| - [1091072398] - C:\WINDOWS\InfusedApps [16/07/2016 07:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod [16/07/2016 07:47:48] - |SHDC| - [826150114] - C:\WINDOWS\Installer [16/07/2016 07:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas [16/07/2016 07:47:48] - |D| - [262144] - C:\WINDOWS\LiveKernelReports [16/07/2016 02:04:29] - |D| - [81522030] - C:\WINDOWS\Logs [16/07/2016 07:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.FCD1E639D75B75E2DA319BD85D7DF94D] - [29/09/2016 16:07:47] - |A| - (.-.) - [1122627153] - (0.0.0.0) - C:\WINDOWS\MEMORY.DMP [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 07:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [16/07/2016 07:47:47] - |RD| - [717584488] - C:\WINDOWS\Microsoft.NET [16/07/2016 07:47:48] - |D| - [2563] - C:\WINDOWS\Migration [16/07/2016 07:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 07:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [10/09/2016 03:45:12] - |D| - [521] - C:\WINDOWS\nvmup [16/07/2016 10:15:09] - |D| - [219754] - C:\WINDOWS\OCR [16/07/2016 07:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [01/11/2016 20:12:03] - |DC| - [299164579] - C:\WINDOWS\Panther [25/04/2016 16:13:11] - |HD| - [5751100] - C:\WINDOWS\panther.img [16/07/2016 07:47:48] - |D| - [29587158] - C:\WINDOWS\Performance [MD5.C3C455DC36667F9EE0B9303E2A4AE913] - [01/11/2016 20:19:30] - |A| - (.-.) - [2360] - (0.0.0.0) - C:\WINDOWS\PFRO.log [16/07/2016 07:47:48] - |D| - [1121835] - C:\WINDOWS\PLA [16/07/2016 07:47:48] - |D| - [2494334] - C:\WINDOWS\PolicyDefinitions [01/11/2016 16:13:32] - |D| - [10632348] - C:\WINDOWS\Prefetch [16/07/2016 07:47:48] - |RD| - [2036530] - C:\WINDOWS\PrintDialog [16/07/2016 07:47:48] - |D| - [1415126] - C:\WINDOWS\Provisioning [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 07:42:17] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe [16/07/2016 07:47:48] - |D| - [1094420] - C:\WINDOWS\Registration [16/07/2016 07:47:48] - |D| - [3602644] - C:\WINDOWS\rescache [16/07/2016 07:47:48] - |D| - [3879506] - C:\WINDOWS\Resources [MD5.C907881F207C3BC2BFA7005DDD8C81EF] - [10/09/2016 03:42:37] - |A| - (.Copyright (C) 2015 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2826832] - (1.0.6.6) - C:\WINDOWS\RtlExUpd.dll [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\SchCache [16/07/2016 07:47:48] - |D| - [121229] - C:\WINDOWS\schemas [16/07/2016 07:47:48] - |D| - [9266368] - C:\WINDOWS\security [01/11/2016 16:13:33] - |D| - [39287289] - C:\WINDOWS\ServiceProfiles [16/07/2016 02:04:24] - |D| - [116603340] - C:\WINDOWS\servicing [16/07/2016 07:49:46] - |D| - [42] - C:\WINDOWS\Setup [MD5.FD1E19185A9AB25DDCAFBE2665F13685] - [01/11/2016 16:14:17] - |A| - (.-.) - [17514] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.DDAB9E5ECADCAEF14EFA7119331220F5] - [01/11/2016 16:14:17] - |A| - (.-.) - [156] - (0.0.0.0) - C:\WINDOWS\setuperr.log [16/07/2016 07:47:48] - |D| - [31190528] - C:\WINDOWS\ShellExperiences [16/07/2016 10:14:36] - |D| - [3757408] - C:\WINDOWS\SKB [10/09/2016 03:33:45] - |D| - [8828279686] - C:\WINDOWS\SoftwareDistribution [16/07/2016 07:47:48] - |D| - [107844594] - C:\WINDOWS\Speech [16/07/2016 07:47:48] - |D| - [98257075] - C:\WINDOWS\Speech_OneCore [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [02/11/2016 06:35:12] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [16/07/2016 07:47:48] - |D| - [31039] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 03:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [16/07/2016 02:04:24] - |D| - [23984980176] - C:\WINDOWS\System32 [16/07/2016 07:47:48] - |D| - [143961491] - C:\WINDOWS\SystemApps [16/07/2016 07:47:48] - |D| - [17388701] - C:\WINDOWS\SystemResources [16/07/2016 02:04:27] - |D| - [1465632540] - C:\WINDOWS\SysWOW64 [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\TAPI [30/10/2015 03:24:25] - |D| - [4006] - C:\WINDOWS\Tasks [16/07/2016 07:47:48] - |D| - [10568737] - C:\WINDOWS\Temp [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\tracing [16/07/2016 07:47:48] - |D| - [7680] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 07:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [16/07/2016 07:47:48] - |D| - [12420] - C:\WINDOWS\Vss [16/07/2016 07:47:48] - |D| - [20945870] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 03:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 07:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [10/09/2016 03:45:14] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 07:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [16/07/2016 02:04:24] - |D| - [10201956312] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 07:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 07:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe ---------- | Systemroot\System ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [22/10/2016 21:35:18] - C:\WINDOWS\Installer\11cdc17a.msi : ([ProductName] Installer - Apple Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/10/2016 21:35:24] - C:\WINDOWS\Installer\11cdc188.msi : (Blank Project Template - PACE Anti-Piracy, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/04/2016 21:03:44] - C:\WINDOWS\Installer\13b55.msi : (Blank Project Template - Macrovision Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [10/09/2016 04:00:31] - C:\WINDOWS\Installer\13b8e.msi : (Dell Foundation Services - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [13/10/2016 08:10:33] - C:\WINDOWS\Installer\16e11e8a.msi : (Dell Help & Support - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/10/2016 16:29:07] - C:\WINDOWS\Installer\177e852.msi : (Una Corda Setup - Native Instruments) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/09/2016 00:06:28] - C:\WINDOWS\Installer\1b67a27.msi : (Adobe ARM Installer - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [06/10/2016 10:45:48] - C:\WINDOWS\Installer\22e61426.msi : (Product Registration - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 14:31:06] - C:\WINDOWS\Installer\31ddf1.msi : (Google Update Helper - Google Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 14:50:26] - C:\WINDOWS\Installer\3f184b.msi : (Dropbox Update Helper - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 14:55:24] - C:\WINDOWS\Installer\3f1876.msi : (Dropbox 20 GB - Dropbox, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/09/2016 08:32:31] - C:\WINDOWS\Installer\4cbb96e.msi : (Kontakt Factory Selection Setup - Native Instruments) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/09/2016 00:00:00] - C:\WINDOWS\Installer\54ca011.msi : (Intel(R) C++ Redistributables on IA-32 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [12/09/2016 00:00:00] - C:\WINDOWS\Installer\54ca017.msi : (Intel(R) C++ Redistributables on Intel(R) 64 - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/10/2016 16:06:49] - C:\WINDOWS\Installer\6554328.msi : (ActiveState Komodo Edit 10.1.1 - ActiveState Software Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/09/2015 14:21:46] - C:\WINDOWS\Installer\8340.msi : (Intel(R) Ready Mode Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/01/2016 03:19:00] - C:\WINDOWS\Installer\8344.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/01/2016 03:19:56] - C:\WINDOWS\Installer\8348.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/01/2016 03:20:10] - C:\WINDOWS\Installer\834c.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [22/05/2015 19:27:22] - C:\WINDOWS\Installer\8350.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [03/12/2015 03:58:12] - C:\WINDOWS\Installer\8354.msi : (Intel® Security Assist - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [14/11/2015 13:53:18] - C:\WINDOWS\Installer\8357.msi : (Intel(R) Wireless Bluetooth(R) Patch/Audio Package Installation - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [05/11/2015 22:25:46] - C:\WINDOWS\Installer\835f.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [28/10/2015 18:44:10] - C:\WINDOWS\Installer\8367.msi : (Intel® WiFi - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [29/04/2016 00:49:32] - C:\WINDOWS\Installer\836b.msi : (Intel(R) Rapid Storage Technology - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [21/09/2016 08:25:19] - C:\WINDOWS\Installer\9a2da.msi : (Dell Customer Connect Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2016 14:44:01] - C:\WINDOWS\Installer\a0042cf.msi : (Blank Project Template - InstallShield) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/10/2016 14:44:32] - C:\WINDOWS\Installer\a004321.msi : (Dell Data Vault Installation - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/03/2015 04:42:22] - C:\WINDOWS\Installer\d1dd573.msi : ( - Adobe Systems Incorporated) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [20/09/2016 13:03:31] - C:\WINDOWS\Installer\d7ac630.msi : (Kontakt 5 Setup - Native Instruments) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [23/06/2015 20:27:24] - C:\WINDOWS\Installer\df04c.msi : (Dell Digital Delivery Installer - Dell Products, LP) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [02/05/2016 18:52:20] - C:\WINDOWS\Installer\df050.msi : (Dell Update Installer - Dell Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [08/09/2016 06:53:16] - C:\WINDOWS\Installer\f60ab.msi : (Blank Project Template - Waves Audio Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] ---------- | %System%\*.in* [16/07/2016 07:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [25/04/2016 15:58:22] - [955350] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 07:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 07:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [16/07/2016 07:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [10/09/2016 03:45:12] - [900574] - C:\WINDOWS\Syswow64\PerfStringBackup.INI [16/07/2016 07:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | [JCARAYOL] [01/11/2016 16:20:12] - |HD| - [1843908048] - C:\Users\JCARAYOL\AppData [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Application Data [17/09/2016 15:26:47] - |RD| - [412] - C:\Users\JCARAYOL\Contacts [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Cookies [17/09/2016 15:25:19] - |RD| - [5771631] - C:\Users\JCARAYOL\Desktop [17/09/2016 15:25:19] - |RD| - [499697824909] - C:\Users\JCARAYOL\Documents [17/09/2016 15:25:19] - |RD| - [27219160144] - C:\Users\JCARAYOL\Downloads [17/09/2016 15:27:36] - |D| - [0] - C:\Users\JCARAYOL\Dropbox [17/09/2016 15:25:19] - |RD| - [1076] - C:\Users\JCARAYOL\Favorites [17/09/2016 15:26:35] - |SHD| - [25308] - C:\Users\JCARAYOL\IntelGraphicsProfiles [17/09/2016 15:25:19] - |RD| - [1955] - C:\Users\JCARAYOL\Links [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Local Settings [17/09/2016 15:25:19] - |RD| - [280700162] - C:\Users\JCARAYOL\Music [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\My Documents [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\NetHood [01/11/2016 16:20:12] - |AH| - [2359296] - C:\Users\JCARAYOL\NTUSER.DAT [01/11/2016 16:20:12] - |ASH| - [643072] - C:\Users\JCARAYOL\ntuser.dat.LOG1 [01/11/2016 16:20:12] - |ASH| - [602112] - C:\Users\JCARAYOL\ntuser.dat.LOG2 [02/11/2016 08:23:05] - |ASH| - [1048576] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2c-a077-11e6-be59-f33905f1cd14}.TxR.0.regtrans-ms [02/11/2016 08:23:05] - |ASH| - [1048576] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2c-a077-11e6-be59-f33905f1cd14}.TxR.1.regtrans-ms [02/11/2016 08:23:05] - |ASH| - [1048576] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2c-a077-11e6-be59-f33905f1cd14}.TxR.2.regtrans-ms [02/11/2016 08:23:05] - |ASH| - [65536] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2c-a077-11e6-be59-f33905f1cd14}.TxR.blf [01/11/2016 16:20:12] - |ASH| - [65536] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2d-a077-11e6-be59-f33905f1cd14}.TM.blf [01/11/2016 16:20:12] - |ASH| - [524288] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2d-a077-11e6-be59-f33905f1cd14}.TMContainer00000000000000000001.regtrans-ms [01/11/2016 16:20:12] - |ASH| - [524288] - C:\Users\JCARAYOL\NTUSER.DAT{e46b0c2d-a077-11e6-be59-f33905f1cd14}.TMContainer00000000000000000002.regtrans-ms [01/11/2016 20:15:24] - |SH| - [20] - C:\Users\JCARAYOL\ntuser.ini [17/09/2016 15:29:01] - |RD| - [99] - C:\Users\JCARAYOL\OneDrive [17/09/2016 15:25:19] - |RD| - [901120] - C:\Users\JCARAYOL\Pictures [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\PrintHood [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Recent [17/09/2016 15:25:19] - |D| - [0] - C:\Users\JCARAYOL\Roaming [17/09/2016 15:25:19] - |RD| - [282] - C:\Users\JCARAYOL\Saved Games [17/09/2016 15:26:47] - |RD| - [1872] - C:\Users\JCARAYOL\Searches [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\SendTo [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Start Menu [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\Templates [17/09/2016 15:25:19] - |RD| - [504] - C:\Users\JCARAYOL\Videos [28/10/2016 22:11:31] - |D| - [0] - C:\Users\JCARAYOL\AppData\Roaming\Ableton [20/10/2016 16:08:42] - |D| - [10] - C:\Users\JCARAYOL\AppData\Roaming\ActiveState [17/09/2016 15:26:45] - |D| - [9075] - C:\Users\JCARAYOL\AppData\Roaming\Adobe [01/10/2016 18:15:58] - |D| - [0] - C:\Users\JCARAYOL\AppData\Roaming\CyberLink [17/09/2016 14:50:31] - |D| - [299732] - C:\Users\JCARAYOL\AppData\Roaming\Dropbox [17/09/2016 15:27:35] - |D| - [73788474] - C:\Users\JCARAYOL\AppData\Roaming\DropboxOEM [16/10/2016 12:20:07] - |D| - [6168] - C:\Users\JCARAYOL\AppData\Roaming\FastStone [16/10/2016 14:35:33] - |D| - [31308] - C:\Users\JCARAYOL\AppData\Roaming\FileZilla [10/10/2016 08:46:11] - |D| - [403] - C:\Users\JCARAYOL\AppData\Roaming\FileZilla Server [17/09/2016 15:26:35] - |D| - [1164] - C:\Users\JCARAYOL\AppData\Roaming\Intel [17/09/2016 15:29:46] - |D| - [0] - C:\Users\JCARAYOL\AppData\Roaming\Intel Corporation [22/10/2016 21:51:51] - |D| - [239641031] - C:\Users\JCARAYOL\AppData\Roaming\iZotope [14/10/2016 20:00:57] - |A| - [150] - C:\Users\JCARAYOL\AppData\Roaming\licecap.ini [17/09/2016 14:21:31] - |D| - [1568] - C:\Users\JCARAYOL\AppData\Roaming\Macromedia [18/09/2016 12:52:21] - |D| - [2092692] - C:\Users\JCARAYOL\AppData\Roaming\MakeMusic [01/11/2016 16:20:12] - |SD| - [55253471] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft [20/10/2016 16:08:44] - |D| - [0] - C:\Users\JCARAYOL\AppData\Roaming\Mozilla [20/09/2016 12:42:55] - |D| - [23363862] - C:\Users\JCARAYOL\AppData\Roaming\PCDr [17/09/2016 14:19:19] - |D| - [21864206] - C:\Users\JCARAYOL\AppData\Roaming\REAPER [18/09/2016 17:58:30] - |D| - [76] - C:\Users\JCARAYOL\AppData\Roaming\Skype [20/10/2016 15:47:31] - |D| - [2483] - C:\Users\JCARAYOL\AppData\Roaming\TeamViewer [10/10/2016 08:45:23] - |D| - [67910] - C:\Users\JCARAYOL\AppData\Roaming\TS3Client [21/09/2016 12:41:34] - |D| - [98830] - C:\Users\JCARAYOL\AppData\Roaming\vlc [07/10/2016 21:05:57] - |D| - [12] - C:\Users\JCARAYOL\AppData\Roaming\WinRAR [20/10/2016 16:08:42] - |D| - [107976582] - C:\Users\JCARAYOL\AppData\Local\ActiveState [17/09/2016 15:28:35] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\ActiveSync [20/09/2016 11:20:38] - |D| - [11148666] - C:\Users\JCARAYOL\AppData\Local\Adobe [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\AppData\Local\Application Data [20/09/2016 11:22:31] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\CEF [23/10/2016 20:38:26] - |D| - [50800573] - C:\Users\JCARAYOL\AppData\Local\chromium [17/09/2016 15:35:49] - |D| - [20996120] - C:\Users\JCARAYOL\AppData\Local\Comms [01/11/2016 20:15:26] - |D| - [1110833] - C:\Users\JCARAYOL\AppData\Local\ConnectedDevicesPlatform [28/10/2016 19:57:34] - |D| - [4345988] - C:\Users\JCARAYOL\AppData\Local\CrashDumps [21/09/2016 08:39:34] - |D| - [962860] - C:\Users\JCARAYOL\AppData\Local\CyberLink [17/09/2016 15:36:39] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\Diagnostics [17/09/2016 14:50:26] - |D| - [253424] - C:\Users\JCARAYOL\AppData\Local\Dropbox [17/09/2016 15:27:35] - |D| - [5744] - C:\Users\JCARAYOL\AppData\Local\DropboxOEM [17/09/2016 15:01:12] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\ElevatedDiagnostics [16/10/2016 12:20:07] - |D| - [6168] - C:\Users\JCARAYOL\AppData\Local\FastStone [23/10/2016 20:39:44] - |D| - [1697444] - C:\Users\JCARAYOL\AppData\Local\fontconfig [17/09/2016 14:31:03] - |D| - [426398330] - C:\Users\JCARAYOL\AppData\Local\Google [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\AppData\Local\History [01/11/2016 20:18:43] - |AH| - [17916] - C:\Users\JCARAYOL\AppData\Local\IconCache.db [01/11/2016 16:20:12] - |D| - [333651124] - C:\Users\JCARAYOL\AppData\Local\Microsoft [17/09/2016 14:15:29] - |D| - [85491] - C:\Users\JCARAYOL\AppData\Local\MicrosoftEdge [20/09/2016 13:04:54] - |D| - [1648013] - C:\Users\JCARAYOL\AppData\Local\Native Instruments [17/09/2016 18:36:55] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\NetworkTiles [17/09/2016 15:26:37] - |D| - [1673999] - C:\Users\JCARAYOL\AppData\Local\NVIDIA [17/09/2016 15:26:37] - |D| - [452202280] - C:\Users\JCARAYOL\AppData\Local\Packages [17/09/2016 15:27:36] - |D| - [40960] - C:\Users\JCARAYOL\AppData\Local\Power2Go8 [23/10/2016 22:24:06] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\Programs [17/09/2016 15:27:06] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\Publishers [01/11/2016 16:20:12] - |D| - [11814216] - C:\Users\JCARAYOL\AppData\Local\Temp [01/11/2016 16:20:12] - |SHD| - [0] - C:\Users\JCARAYOL\AppData\Local\Temporary Internet Files [17/09/2016 15:26:36] - |D| - [12017664] - C:\Users\JCARAYOL\AppData\Local\TileDataLayer [17/09/2016 15:26:44] - |D| - [0] - C:\Users\JCARAYOL\AppData\Local\VirtualStore [23/10/2016 21:38:25] - |D| - [1124] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence [17/09/2016 15:26:47] - |ASH| - [174] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [01/11/2016 16:20:12] - |RD| - [32610] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [01/11/2016 16:20:12] - |RD| - [3888] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [01/11/2016 16:20:12] - |RD| - [2927] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [17/09/2016 15:26:47] - |RD| - [174] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [01/11/2016 20:15:36] - |ASH| - [174] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [14/10/2016 19:58:03] - |D| - [4803] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LICEcap [01/11/2016 16:20:12] - |D| - [170] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [17/09/2016 15:29:02] - |A| - [2374] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [10/10/2016 13:43:13] - |A| - [1049] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk [17/09/2016 15:26:47] - |RD| - [174] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [01/11/2016 16:20:12] - |RD| - [5318] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [01/11/2016 16:20:12] - |RD| - [7238] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [07/10/2016 21:05:16] - |D| - [4321] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [17/09/2016 15:26:47] - |ASH| - [174] - C:\Users\JCARAYOL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] [25/04/2016 16:36:16] - |RHD| - [196] - C:\Users\Public\AccountPictures [30/10/2015 03:24:24] - |RHD| - [16215] - C:\Users\Public\Desktop [16/07/2016 07:47:50] - |ASH| - [174] - C:\Users\Public\desktop.ini [30/10/2015 03:24:24] - |RD| - [11394630480] - C:\Users\Public\Documents [30/10/2015 03:24:24] - |RD| - [174] - C:\Users\Public\Downloads [16/07/2016 07:47:48] - |RHD| - [1135] - C:\Users\Public\Libraries [30/10/2015 03:24:24] - |RD| - [380] - C:\Users\Public\Music [30/10/2015 03:24:24] - |RD| - [2618837] - C:\Users\Public\Pictures [10/09/2016 03:44:06] - |D| - [0] - C:\Users\Public\Roaming [30/10/2015 03:24:24] - |RD| - [380] - C:\Users\Public\Videos ---------- | C:\ProgramData [13/10/2016 08:10:23] - |D| - [0] - C:\ProgramData\5da1c723-8d15-43b7-a5f9-72f056846a37 [20/09/2016 11:21:36] - |D| - [249446185] - C:\ProgramData\Adobe [22/10/2016 21:35:21] - |D| - [2682368] - C:\ProgramData\Apple [01/11/2016 16:39:42] - |SHD| - [32970778731] - C:\ProgramData\Application Data [18/09/2016 12:06:45] - |D| - [50369] - C:\ProgramData\AudioUTOPiA [10/09/2016 03:56:53] - |D| - [694] - C:\ProgramData\CLSK [16/07/2016 07:47:48] - |D| - [0] - C:\ProgramData\Comms [10/09/2016 03:56:52] - |D| - [317950] - C:\ProgramData\CyberLink [10/09/2016 04:09:27] - |D| - [618864237] - C:\ProgramData\Dell [01/11/2016 16:39:42] - |SHD| - [16215] - C:\ProgramData\Desktop [01/11/2016 16:39:42] - |SHD| - [11394630480] - C:\ProgramData\Documents [01/11/2016 16:15:53] - |AH| - [0] - C:\ProgramData\DP45977C.lfl [10/09/2016 03:55:16] - |D| - [824636] - C:\ProgramData\Dropbox [10/09/2016 03:56:55] - |D| - [761457] - C:\ProgramData\install_clap [10/09/2016 03:41:15] - |D| - [48699661] - C:\ProgramData\Intel [10/09/2016 04:02:31] - |D| - [480] - C:\ProgramData\Intel Security [10/09/2016 03:43:53] - |D| - [43950522] - C:\ProgramData\Intel.sav [18/09/2016 11:59:51] - |D| - [8618819] - C:\ProgramData\MakeMusic [10/09/2016 04:01:08] - |D| - [315492195] - C:\ProgramData\McAfee [16/07/2016 07:47:48] - |SD| - [1368200630] - C:\ProgramData\Microsoft [01/11/2016 20:17:46] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [20/09/2016 13:03:36] - |D| - [2197] - C:\ProgramData\Native Instruments [23/10/2016 20:36:25] - |RASH| - [258] - C:\ProgramData\ntuser.pol [01/11/2016 16:16:35] - |D| - [2403445] - C:\ProgramData\NVIDIA [01/11/2016 16:16:19] - |D| - [4005748] - C:\ProgramData\NVIDIA Corporation [22/10/2016 21:48:56] - |D| - [354304] - C:\ProgramData\PACE [10/09/2016 03:43:31] - |D| - [101345922] - C:\ProgramData\Package Cache [30/09/2016 11:31:36] - |D| - [4278848] - C:\ProgramData\PC-Doctor for Windows [10/09/2016 03:40:24] - |D| - [146906666] - C:\ProgramData\PCDr [10/09/2016 03:59:24] - |D| - [66867486] - C:\ProgramData\proDAD [16/07/2016 07:47:48] - |D| - [5306] - C:\ProgramData\regid.1991-06.com.microsoft [10/09/2016 03:44:06] - |D| - [0] - C:\ProgramData\Roaming [16/07/2016 07:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution [01/11/2016 16:39:42] - |SHD| - [177400] - C:\ProgramData\Start Menu [20/09/2016 12:43:42] - |D| - [3841264] - C:\ProgramData\SupportAssistAgent [10/09/2016 03:57:53] - |D| - [1641992] - C:\ProgramData\SUPPORTDIR [10/09/2016 03:56:51] - |D| - [730952] - C:\ProgramData\Temp [01/11/2016 16:39:42] - |SHD| - [0] - C:\ProgramData\Templates [16/07/2016 07:47:48] - |D| - [6714] - C:\ProgramData\USOPrivate [01/11/2016 20:16:11] - |D| - [155648] - C:\ProgramData\USOShared [10/09/2016 03:57:10] - |A| - [106] - C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log [10/09/2016 04:00:25] - |A| - [105] - C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log [20/09/2016 13:04:10] - |HDC| - [33629999] - C:\ProgramData\{57623A97-E2F4-49B2-86D7-FA0915C77BED} [28/09/2016 08:32:34] - |HDC| - [32580086] - C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2} [10/09/2016 03:59:27] - |A| - [100] - C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log [01/10/2016 14:44:29] - |HDC| - [8525542] - C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398} [10/09/2016 04:00:28] - |A| - [98] - C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log [01/10/2016 18:16:07] - |HDC| - [32549465] - C:\ProgramData\{CF8DBD9D-2EFD-44F7-8D23-93B5C27D06D7} ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 07:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [18/09/2016 12:07:10] - |D| - [921] - C:\ProgramData\Microsoft\Windows\Start Menu\Eventide [29/10/2016 19:57:27] - |D| - [913] - C:\ProgramData\Microsoft\Windows\Start Menu\MathewLane [16/07/2016 07:47:48] - |RD| - [175392] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [18/09/2016 20:11:52] - |D| - [1561] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [28/09/2016 12:01:10] - |A| - [2458] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk [16/07/2016 07:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [16/07/2016 07:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [20/09/2016 11:22:07] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk [20/10/2016 16:08:34] - |D| - [3127] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActiveState Komodo Edit 10 [16/07/2016 07:47:48] - |RD| - [20488] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [10/09/2016 04:00:26] - |D| - [254] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite [10/09/2016 03:40:25] - |D| - [12611] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell [10/09/2016 03:43:26] - |D| - [1959] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio [16/07/2016 07:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [27/10/2016 19:59:18] - |D| - [1314] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox [10/09/2016 03:55:16] - |A| - [2138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk [28/09/2016 12:01:10] - |A| - [2457] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk [16/10/2016 12:20:05] - |D| - [4417] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FastStone Capture [16/10/2016 14:35:30] - |D| - [2171] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [18/09/2016 12:00:41] - |D| - [3987] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2014 [17/09/2016 14:32:36] - |A| - [2274] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [22/10/2016 21:36:51] - |A| - [2088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLok License Manager.lnk [16/07/2016 07:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [10/09/2016 03:41:15] - |RD| - [3921] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [10/09/2016 03:45:03] - |A| - [720] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk [22/10/2016 21:51:57] - |D| - [8167] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope [16/07/2016 07:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [02/11/2016 08:25:32] - |D| - [2043] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [28/09/2016 12:01:10] - |D| - [18020] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools [16/07/2016 07:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [20/09/2016 13:03:36] - |D| - [1113] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments [10/09/2016 03:59:20] - |D| - [1402] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue [17/09/2016 15:29:10] - |D| - [4998] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [28/09/2016 12:01:10] - |A| - [2536] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk [28/09/2016 12:01:10] - |A| - [2437] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk [28/09/2016 12:01:10] - |A| - [2451] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk [28/09/2016 12:01:10] - |A| - [2494] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk [16/07/2016 07:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [28/09/2016 12:01:10] - |A| - [2445] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk [21/09/2016 14:23:14] - |D| - [8914] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REAPER (x64) [28/09/2016 12:01:10] - |A| - [2500] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk [16/07/2016 07:47:48] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [16/07/2016 07:47:48] - |RD| - [4044] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [10/10/2016 08:45:19] - |A| - [972] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client.lnk [20/10/2016 15:47:31] - |A| - [1114] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk [21/09/2016 12:41:11] - |D| - [7200] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [28/10/2016 19:49:15] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves [01/11/2016 16:24:55] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [07/10/2016 21:05:16] - |D| - [4249] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [28/09/2016 12:01:10] - |A| - [2495] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 07:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [20/10/2016 16:08:09] - |D| - [248182580] - C:\Program Files (x86)\ActiveState Komodo Edit 10 [20/09/2016 11:22:02] - |D| - [230036946] - C:\Program Files (x86)\Adobe [22/10/2016 21:35:21] - |AD| - [631192] - C:\Program Files (x86)\Bonjour [10/09/2016 03:43:55] - |AD| - [7114563] - C:\Program Files (x86)\Cisco [16/07/2016 02:04:24] - |D| - [524212456] - C:\Program Files (x86)\Common Files [10/09/2016 03:57:33] - |D| - [1822900331] - C:\Program Files (x86)\CyberLink [20/09/2016 12:43:42] - |D| - [9166464] - C:\Program Files (x86)\Dell [21/09/2016 08:25:21] - |AD| - [10109490] - C:\Program Files (x86)\Dell Customer Connect [10/09/2016 03:55:01] - |AD| - [3652440] - C:\Program Files (x86)\Dell Digital Delivery [10/09/2016 03:55:15] - |AD| - [2459111] - C:\Program Files (x86)\Dell Update [16/07/2016 07:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [10/09/2016 03:55:16] - |D| - [261444901] - C:\Program Files (x86)\Dropbox [16/10/2016 12:20:04] - |D| - [10556500] - C:\Program Files (x86)\FastStone Capture [18/09/2016 11:59:51] - |D| - [484891851] - C:\Program Files (x86)\Finale 2014 [17/09/2016 14:31:06] - |D| - [609829127] - C:\Program Files (x86)\Google [22/10/2016 21:36:28] - |D| - [33033384] - C:\Program Files (x86)\iLok License Manager [10/09/2016 03:42:37] - |HD| - [110619568] - C:\Program Files (x86)\InstallShield Installation Information [10/09/2016 03:41:56] - |D| - [34072460] - C:\Program Files (x86)\Intel [16/07/2016 07:47:48] - |D| - [1989343] - C:\Program Files (x86)\Internet Explorer [22/10/2016 21:51:45] - |D| - [100921263] - C:\Program Files (x86)\iZotope [14/10/2016 19:58:03] - |D| - [497735] - C:\Program Files (x86)\LICEcap [10/09/2016 04:01:11] - |D| - [34902150] - C:\Program Files (x86)\McAfee [10/09/2016 03:46:19] - |AD| - [2540755858] - C:\Program Files (x86)\Microsoft Office [16/07/2016 07:47:48] - |D| - [8256351] - C:\Program Files (x86)\Microsoft.NET [01/11/2016 20:02:31] - |D| - [25757] - C:\Program Files (x86)\MSBuild [28/09/2016 08:17:41] - |D| - [477930] - C:\Program Files (x86)\Native Instruments [10/09/2016 03:59:18] - |D| - [55091970] - C:\Program Files (x86)\NewBlue [18/09/2016 11:38:19] - |D| - [505283] - C:\Program Files (x86)\NFO viewer [10/09/2016 03:59:17] - |D| - [20258970] - C:\Program Files (x86)\NSIS Uninstall Information [01/11/2016 16:16:10] - |D| - [207493717] - C:\Program Files (x86)\NVIDIA Corporation [10/09/2016 03:59:24] - |AD| - [3679405] - C:\Program Files (x86)\proDAD [10/09/2016 03:42:37] - |D| - [121003941] - C:\Program Files (x86)\Realtek [01/11/2016 20:02:31] - |D| - [36957953] - C:\Program Files (x86)\Reference Assemblies [22/10/2016 21:51:55] - |D| - [37483008] - C:\Program Files (x86)\Steinberg [20/10/2016 15:47:29] - |AD| - [47630511] - C:\Program Files (x86)\TeamViewer [10/09/2016 03:42:37] - |HD| - [0] - C:\Program Files (x86)\Temp [01/11/2016 16:16:25] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [21/09/2016 12:41:04] - |D| - [126263314] - C:\Program Files (x86)\VideoLAN [29/10/2016 19:57:25] - |D| - [13756416] - C:\Program Files (x86)\VSTPlugins [23/10/2016 22:24:35] - |D| - [0] - C:\Program Files (x86)\Waves [16/07/2016 07:47:48] - |D| - [1922048] - C:\Program Files (x86)\Windows Defender [16/07/2016 07:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [16/07/2016 07:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player [16/07/2016 07:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [16/07/2016 07:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT [16/07/2016 07:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer [16/07/2016 07:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [16/07/2016 07:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [16/07/2016 07:47:48] - |D| - [3222839] - C:\Program Files (x86)\WindowsPowerShell ---------- | C:\Program Files [18/09/2016 20:11:52] - |AD| - [4982184] - C:\Program Files\7-Zip [22/10/2016 21:35:21] - |AD| - [613987] - C:\Program Files\Bonjour [23/10/2016 20:36:11] - |D| - [129432] - C:\Program Files\ByteFence [16/07/2016 02:04:24] - |D| - [1216133132] - C:\Program Files\Common Files [10/09/2016 03:40:21] - |D| - [329439324] - C:\Program Files\Dell [30/09/2016 11:31:35] - |D| - [20329739] - C:\Program Files\Dell Support Center [16/07/2016 07:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini [16/10/2016 14:35:29] - |AD| - [23424805] - C:\Program Files\FileZilla FTP Client [01/11/2016 16:15:22] - |D| - [225536181] - C:\Program Files\Intel [16/07/2016 07:47:47] - |D| - [2581706] - C:\Program Files\Internet Explorer [10/09/2016 04:01:16] - |AD| - [177038026] - C:\Program Files\mcafee [10/09/2016 04:01:16] - |D| - [3771626] - C:\Program Files\mcafee.com [28/09/2016 11:36:45] - |D| - [7766400] - C:\Program Files\Microsoft Office 15 [01/11/2016 20:02:31] - |D| - [25757] - C:\Program Files\MSBuild [20/09/2016 13:03:36] - |AD| - [205425439] - C:\Program Files\Native Instruments [10/09/2016 03:59:20] - |D| - [70116203] - C:\Program Files\NewBlue [01/11/2016 16:16:10] - |D| - [639714038] - C:\Program Files\NVIDIA Corporation [01/11/2016 16:15:45] - |D| - [47668848] - C:\Program Files\Realtek [17/09/2016 14:18:46] - |D| - [202520551] - C:\Program Files\REAPER (x64) [01/11/2016 20:02:31] - |D| - [34617001] - C:\Program Files\Reference Assemblies [22/10/2016 21:51:55] - |D| - [43299328] - C:\Program Files\Steinberg [10/10/2016 08:45:18] - |AD| - [67399238] - C:\Program Files\TeamSpeak 3 Client [25/04/2016 15:52:22] - |HD| - [0] - C:\Program Files\Uninstall Information [18/09/2016 12:06:45] - |D| - [17111040] - C:\Program Files\VSTPlugins [01/11/2016 16:44:11] - |D| - [5185296] - C:\Program Files\Waves [16/07/2016 07:47:47] - |RD| - [14858410] - C:\Program Files\Windows Defender [16/07/2016 07:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail [16/07/2016 07:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player [16/07/2016 07:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [16/07/2016 07:47:47] - |D| - [7730882] - C:\Program Files\Windows NT [16/07/2016 07:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer [16/07/2016 07:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices [16/07/2016 07:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar [16/07/2016 07:47:47] - |HD| - [1398056425] - C:\Program Files\WindowsApps [16/07/2016 07:47:47] - |D| - [3639928] - C:\Program Files\WindowsPowerShell [07/10/2016 21:05:05] - |AD| - [5177440] - C:\Program Files\WinRAR ---------- | C:\Program Files (x86)\Common Files [20/09/2016 11:22:02] - |AD| - [10480233] - C:\Program Files (x86)\Common Files\Adobe [20/09/2016 13:03:36] - |D| - [84059712] - C:\Program Files (x86)\Common Files\Avid [10/09/2016 03:57:46] - |D| - [96216] - C:\Program Files (x86)\Common Files\CyberLink [19/10/2016 07:58:46] - |AD| - [23840] - C:\Program Files (x86)\Common Files\DESIGNER [22/10/2016 21:51:54] - |D| - [36045824] - C:\Program Files (x86)\Common Files\Digidesign [01/11/2016 16:15:13] - |D| - [229513833] - C:\Program Files (x86)\Common Files\Intel [10/09/2016 03:45:14] - |D| - [251299] - C:\Program Files (x86)\Common Files\Intel Corporation [10/09/2016 04:01:10] - |D| - [6788588] - C:\Program Files (x86)\Common Files\McAfee [16/07/2016 07:47:48] - |D| - [21487786] - C:\Program Files (x86)\Common Files\Microsoft Shared [10/09/2016 03:59:20] - |D| - [286720] - C:\Program Files (x86)\Common Files\NewBlue [22/10/2016 21:36:29] - |AD| - [74136720] - C:\Program Files (x86)\Common Files\PACE [10/09/2016 03:41:57] - |D| - [204796] - C:\Program Files (x86)\Common Files\PostureAgent [16/07/2016 07:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [16/07/2016 07:47:48] - |D| - [9594763] - C:\Program Files (x86)\Common Files\System [22/10/2016 21:51:56] - |D| - [51239424] - C:\Program Files (x86)\Common Files\VST3 ---------- | C:\Program Files\Common files [10/09/2016 04:01:11] - |D| - [3645192] - C:\Program Files\Common files\AV [20/09/2016 13:03:36] - |D| - [139253720] - C:\Program Files\Common files\Avid [10/09/2016 03:43:56] - |D| - [2299424] - C:\Program Files\Common files\Intel [10/09/2016 04:01:15] - |D| - [20214430] - C:\Program Files\Common files\Intel Security [10/09/2016 04:01:11] - |D| - [330884798] - C:\Program Files\Common files\McAfee [16/07/2016 07:47:47] - |D| - [103059711] - C:\Program Files\Common files\microsoft shared [20/09/2016 13:03:36] - |AD| - [546208920] - C:\Program Files\Common files\Native Instruments [10/09/2016 03:59:23] - |D| - [352768] - C:\Program Files\Common files\NewBlue [17/09/2016 14:18:50] - |D| - [2507776] - C:\Program Files\Common files\Propellerhead Software [16/07/2016 07:47:47] - |D| - [2702] - C:\Program Files\Common files\Services [16/07/2016 07:47:47] - |D| - [10202507] - C:\Program Files\Common files\System [22/10/2016 21:51:56] - |D| - [57501184] - C:\Program Files\Common files\VST3 ---------- | Tasks [MD5.A0CC218304707B37CADEE6C0D7B555CF] - [10/09/2016 03:55:17] - |A| - [930] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job [MD5.C2FF5B41EAB861543097C8A4716A4D19] - [10/09/2016 03:55:17] - |A| - [934] - C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job [MD5.DA1DBF919349E89B185DB6C7016E8D5F] - [17/09/2016 14:31:06] - |A| - [930] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job [MD5.006C9FB478BA509541F88897DCB5DBB6] - [17/09/2016 14:31:06] - |A| - [934] - C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job [MD5.5E131172B0A0F83FC7019581022F137B] - [01/11/2016 16:31:09] - |A| - [272] - C:\WINDOWS\Tasks\RunDLC.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [01/11/2016 16:37:02] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.42FCF8574CB9C136CD521A2D2C144FD7] - [01/11/2016 16:37:00] - |A| - [3482] - C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [MD5.52F808CB39F99D0E37E692C4243B750E] - [01/11/2016 16:37:00] - |A| - [2528] - C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8 : C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [MD5.678663EB169CFF52AE0297B86F909969] - [01/11/2016 16:37:00] - |A| - [2528] - C:\WINDOWS\System32\Tasks\CLVDLauncher : C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [MD5.9006A20BAEDF6A900EFADF104828E304] - [01/11/2016 16:37:00] - |A| - [3280] - C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate : C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [MD5.A9AC94721D10D69BAB0FDD24CD651922] - [01/11/2016 16:37:00] - |A| - [2318] - C:\WINDOWS\System32\Tasks\DropboxOEM : "%ProgramFiles(x86)%\Dropbox\DropboxOEM\DropboxOEM.exe" [MD5.0A53B9FB9A99ADE932356308F107113A] - [01/11/2016 16:37:00] - |A| - [3224] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.C3FC0104B76D980E247E909411327BE2] - [01/11/2016 16:37:00] - |A| - [3448] - C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA : C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [MD5.90594EE87631190AE9EC21A10EC89A9A] - [01/11/2016 16:37:00] - |A| - [3222] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.01067AA4706F7835E3923F0B6A39109F] - [01/11/2016 16:37:00] - |A| - [3446] - C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA : C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [MD5.00000000000000000000000000000000] - [01/11/2016 16:37:00] - |D| - [4544] - C:\WINDOWS\System32\Tasks\McAfee [MD5.7A7BD72C5599AA88240E119D9F59CCA5] - [01/11/2016 16:37:00] - |A| - [2470] - C:\WINDOWS\System32\Tasks\McAfeeLogon : C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe [MD5.00000000000000000000000000000000] - [16/07/2016 07:47:48] - |D| - [508354] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.6B0B660932C9054F94ADE465379B527F] - [01/11/2016 16:37:01] - |A| - [2826] - C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task : C:\Users\JCARAYOL\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [MD5.552CC120F2FFF6995A7AFF507269E497] - [01/11/2016 16:37:01] - |A| - [3094] - C:\WINDOWS\System32\Tasks\PCDDataUploadTask : "uaclauncher.exe" [MD5.2273C0F6BF46873550E021315117FF06] - [01/11/2016 16:37:01] - |A| - [2996] - C:\WINDOWS\System32\Tasks\PCDEventLauncherTask : "C:\Program Files\Dell\SupportAssist\sessionchecker.exe" [MD5.FB3304E08FE09925C0C45AC87C353162] - [01/11/2016 16:37:01] - |A| - [3808] - C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask : "C:\Program Files\Dell\SupportAssist\uaclauncher.exe" [MD5.0D70A0093C3229655C7905C65814FA01] - [01/11/2016 16:37:01] - |A| - [3218] - C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton : "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [MD5.C7DE0F2CF315F56A70019F92D6EC60E2] - [01/11/2016 16:37:01] - |A| - [2980] - C:\WINDOWS\System32\Tasks\SystemToolsDailyTest : "uaclauncher.exe" [MD5.00000000000000000000000000000000] - [16/07/2016 07:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "{7FFC7967-BBCF-41EB-8870-B2136F4136D9}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Dropbox\Client\Dropbox.exe|Name=Dropbox| "{AAE3BA31-2AFD-4FFD-A6ED-557F8E0F581F}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe|Name=Google Chrome (mDNS-In)|Desc=Inbound rule for Google Chrome to allow mDNS traffic.|EmbedCtxt=Google Chrome| "{12905232-25AE-4405-B848-FAFD4D6D1928}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader| "{9FCD1F38-BA10-4EA8-BB33-EBE95F320768}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory| "{FB2574B5-A68A-4DC6-95CF-96204E0E489A}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FormatFactory.exe|Name=Format Factory| "{EB6C96F3-6199-4DBE-A709-C45B6958B2C1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe|Name=EBook Codec Downloader| "{65360D3C-D7CA-4BBD-9ABA-96BEECB0B659}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service| "{30D88A2F-5EB7-4D9E-82B4-7536EC080E57}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\Bonjour\mDNSResponder.exe|Name=Bonjour Service| "{13A050DA-5495-434D-91F8-EE7B9D01329C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service| "{8FADB043-835E-4D64-AADA-246A1C96FB5E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files\Bonjour\mDNSResponder.exe|Name=Bonjour Service| "{0C8B2D75-2B0F-4493-8583-5BA7C457349D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{567A2D27-50EA-4180-ABD0-CB401CC40175}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe|Name=Teamviewer Remote Control Service| "{AE078B03-4ED1-4342-B07B-97EB3D4C102D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{31B96AD4-BAD1-45A5-BFB6-7508B000D770}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\TeamViewer\TeamViewer.exe|Name=Teamviewer Remote Control Application| "{8F151DB1-0C92-4843-96FF-8B32D824FA3E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{C7B87241-F1AD-433E-9AE2-5083EC95B840}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{B3CA25C4-CBE2-4522-A259-E17904D24EC2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{DE3831B3-F953-4F7E-9225-BFDA9DF201A9}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{C8C8D264-AA7F-4DBE-BC5E-80F1B0B7214C}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe|Name=McAfee Shared Service Host|Desc=McAfee Shared Service Host| "{F2B432AC-CD01-4953-9523-ADD1EBEF18B4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe|Name=CyberLink PowerDVD 14.0|Desc=CyberLink PowerDVD 14.0| "{ED7A2E85-3AA4-4FED-AFA5-93D58B48BB3D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Movie\PowerDVDMovie.exe|Name=CyberLink PowerDVD14 Movie Module|Desc=CyberLink PowerDVD14 Movie Module| "{39CFFF03-428A-41C5-952B-C721BAE367F0}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD14Agent.exe|Name=CyberLink PowerDVD14 Agent|Desc=CyberLink PowerDVD14 Agent| "{6A75016F-1414-4C2C-A00A-CD568A2F5004}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe|Name=CyberLink PowerDVD 14 Media Server Service|Desc=CyberLink Media Server| "{F3BCFA13-C7B0-474F-A012-E95B548D2D0E}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\PowerDVD.exe|Name=CyberLink PowerDVD14|Desc=CyberLink PowerDVD14| "{900DE4B0-2B4D-470A-BACA-29B1821C7858}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector14\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector| "{F74E579C-1692-445A-8CB5-BF198A9AD305}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe|Name=Wireless PAN DHCP Server|EmbedCtxt=MyWiFiDHCPDNS| "{B377EFB6-A434-4D4C-9ED7-3F55936F8792}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-388053127-935073523-3697796377-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{14C7F44A-032B-49FA-80CD-70F71F7FC874}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{0FD17542-787D-43DA-B957-075DA8AB291D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{72E6B374-7D63-462D-956F-C31257966EBC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{E8A1E06E-B24C-4B09-AE48-E1FA8D2C3A56}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{EC7EDA4B-2536-4F09-92E2-B2BA1E8DC24D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{62C4493D-CF74-4246-9FB8-96F6F2C04FB6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{F3288E71-DD8D-47E5-AD86-DFE602EDEB7E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{3B15E0EB-8343-429E-88A5-02004BD07C33}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Desc=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194|EmbedCtxt=@{Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftEdge/Resources/AppName}|Platform=2:6:2|Platform2=GTEQ| "{304E8763-0DE9-4C77-B99D-30DAE88CEC20}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ| "{EE7E3245-C58B-4C2C-BB49-1CB75FB075E9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{407F4E49-FDAB-4DC5-AF40-9CB04EA0897A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{F98B89E5-6CED-4840-8780-208C359A572D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{D5223AFC-E5B8-4736-9044-F715AA625FD2}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{138A33F6-80D8-4914-89E8-40D065186C6E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9E9E68C8-ED8A-4724-A6E1-C65A7063C1D9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{401D7434-239D-4FDA-94A9-61D99F50392F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{2873EAF7-51D5-4409-B2BE-2B1D269551C3}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{749991E8-89B0-46BF-B144-4B5F51336AD9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{847BC880-1AEC-4290-8D28-9AE52EE0C8A2}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{F8FAD2A3-D361-4ABC-A5E3-CEDC5E094A98}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330|EmbedCtxt=@{Microsoft.BingWeather_4.16.15.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{297CC500-2F4A-4E0F-94D3-4867AB324800}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Desc=@{Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1930852602-715273891-2259524165-1460409268-4224052142-2029744616-1797406285|EmbedCtxt=@{Microsoft.Getstarted_4.1.15.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Getstarted/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{69CB8118-435F-487D-89F2-23BFBF0975F8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{4C710146-6D19-4780-9A8A-DB6C3902E5C7}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Desc=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2226957697-3030467180-2301525-4248967783-2024719031-2325529081-2915787518|EmbedCtxt=@{Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{BA3FDCFC-903E-4168-97EE-9A9042A48CF4}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ| "{521A6524-21C0-444C-A8CB-F5BFA901A6E9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Desc=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157|EmbedCtxt=@{Microsoft.WindowsStore_11609.1001.29.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsStore/Resources/StoreTitle}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{E72185AE-9CBB-4EE6-8D15-1C712F3FAE93}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{F40AD3E4-1924-49B0-AEAC-7063A9A4A705}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F03F6901-B032-4A90-8EC3-5A694D7525BB}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{D260AF56-A4A6-4258-977D-2D1C4C48777C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Desc=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_DESCRIPTION}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3132517012-1571311091-3263739450-2968124769-4061529133-2106415361-233808003|EmbedCtxt=@{Microsoft.ZuneMusic_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{AB627673-55B4-410D-A0D3-1037F22E76DC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|Desc=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3261124336-967904692-548716175-2724082555-235625598-1533749622-1468861831|EmbedCtxt=@{Microsoft.XboxIdentityProvider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.XboxIdentityProvider/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{0A726D69-E99E-431B-863F-3E762ABF058A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Desc=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-599759058-3479938838-1253218824-33263930-1483063708-2104800716-3218279855|EmbedCtxt=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{C9BA1A1E-5112-48A9-BB2F-C7CDB56FB3D1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Desc=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-599759058-3479938838-1253218824-33263930-1483063708-2104800716-3218279855|EmbedCtxt=@{Microsoft.WindowsFeedbackHub_1.1608.2441.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{577F78B6-6188-4BFA-B65F-812B4E9990DC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{4619F21D-4D37-48D3-8BD4-9003B421FA00}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Desc=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_Description}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2551677095-2355568638-4209445997-2436930744-3692183382-387691378-1866284433|EmbedCtxt=@{microsoft.windowscommunicationsapps_17.7369.40797.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/AppManifest_OutlookDesktop_DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{59ECFBF4-93C7-4A6E-B036-F39BB41E74C4}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{BC51709D-DB00-43C0-AC2C-FA92E29100C6}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{978DF19A-95A1-4391-A82F-F9AA2DAAF65A}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ| "{E7C9F73F-EBDA-467C-A66E-306C691539A8}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Twitter|Desc=Twitter|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1063257880-1914585122-1954150059-946145533-116938067-416079064-1690466945|EmbedCtxt=Twitter|Platform=2:6:2|Platform2=GTEQ| "{01E83D7F-F9CE-429E-AE7A-6AC96A4AA401}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{99275402-751F-4FD8-8C75-92F66422BE73}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Desc=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_DESCRIPTION}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2967553933-3217682302-2494645345-2077017737-3805576244-585965800-1797614741|EmbedCtxt=@{Microsoft.ZuneVideo_10.16092.10311.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}|Platform=2:6:2|Platform2=GTEQ| "{2320796A-4EA3-44F7-96C0-8978E411981F}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Desc=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1227535392-783678415-19788749-859698564-2515149781-2716591593-3518111838|EmbedCtxt=@{Microsoft.WindowsPhone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{6FDBEE9B-A9CF-44B2-A511-BFA7B1504541}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.WindowsMaps_5.1609.2650.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Desc=@{Microsoft.WindowsMaps_5.1609.2650.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1239072475-3687740317-1842961305-3395936705-4023953123-1525404051-2779347315|EmbedCtxt=@{Microsoft.WindowsMaps_5.1609.2650.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsMaps/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{7CAF055A-DEE6-4870-A0D1-6FB169A80F09}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{3F04E18C-2E5C-49BB-80CC-3F0EA0105D2D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Desc=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3981118486-977731610-4260702232-2292029000-2544493239-2660358776-1526570402|EmbedCtxt=@{Microsoft.People_10.0.11902.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.People/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{8D208A69-2C11-4789-B491-28F9E8891AD9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.OneConnect_1.1605.17.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Desc=@{Microsoft.OneConnect_1.1605.17.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-778011547-1096124574-1799322564-3972718560-253206704-1472347756-15051174|EmbedCtxt=@{Microsoft.OneConnect_1.1605.17.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.OneConnect/OneConnect/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{CC03F139-6AFD-4C50-ABCA-BFA210D4FBB9}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ| "{5CCF5F1B-FB0F-43C9-B73C-16E5E0A8EB59}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Sway|Desc=Microsoft Sway|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-584073948-3292409011-2882754242-2237763630-1999038865-1049037702-4080706152|EmbedCtxt=Sway|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{44FDBA09-0F35-4074-B93C-5087B684E332}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{C70A4A6E-D690-49DF-8104-D5EBDF54C8D2}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{3CF70950-8549-4DE8-B178-17A79A3ED232}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{1AD6A3EC-2BDB-4DBC-816E-8B78B6DA9CF0}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{17DB0E00-BE80-4AB1-B07D-AD4B7EAB9AEA}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{348F9741-6DF8-4F27-81A4-9871AA48828C}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Desc=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{57BE1A4D-0C92-41CD-A29E-4736068067AD}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Desc=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-421345033-1710570203-969709436-2809900243-2023987463-1056701467-1672618525|EmbedCtxt=@{Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.Messaging/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{BD52103A-462A-4DB2-973C-4EF9FF0052FB}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Desc=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1485202841-4094060947-262313417-955497226-1243708313-1027065603-2694978511|EmbedCtxt=@{Microsoft.ConnectivityStore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ConnectivityStore/MSWifiResources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{C2A05F20-DF6B-46DC-ABEE-D64FBE7D2605}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{85FEF7E4-E47F-4731-B518-5F2E64ED2726}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Desc=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3502142457-1175083276-1468359876-1514580144-2717768582-2562788200-3268064651|EmbedCtxt=@{Microsoft.CommsPhone_2.14.22001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CommsPhone/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6710D902-8666-401C-80CC-B266280ECF3E}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{B11AFB39-632A-472F-BB75-9221A6947C1E}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892|EmbedCtxt=@{Microsoft.BingSports_4.16.17.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{41FBCD16-6B99-4272-9EE1-6C1473722175}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{2A7D3927-7148-447C-99A8-2695FB74B112}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257|EmbedCtxt=@{Microsoft.BingNews_4.16.18.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{D10AAF0A-C2F6-4A1C-B10D-060788D96C1B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{1BC9B53E-2890-45BB-AB1B-DE25A17136C3}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Desc=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472|EmbedCtxt=@{Microsoft.BingFinance_4.16.19.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Resources/ApplicationTitleWithBranding}|Platform=2:6:2|Platform2=GTEQ| "{33C5AFFB-06BC-458F-BF53-4BE158325D38}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Desc=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3232211935-909325347-210818523-1333736584-3758124246-283266685-1557978965|EmbedCtxt=@{Microsoft.Appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://Microsoft.Appconnector/Resources/ConnectorStubTitle}|Platform=2:6:2|Platform2=GTEQ| "{470B81A0-D493-4DA8-B231-2DA5E55AEDE6}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Desc=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-3995430443-3719053022-3339397951-2895237338-2437516106-1575886070-2755610054|EmbedCtxt=@{Microsoft.3DBuilder_11.1.9.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.3DBuilder/resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{EC6D545D-B9DE-4A01-A533-CE63BCDE0AC1}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Dell Shop|Desc=Dell Shop|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1953973419-1030600280-1195546423-2919219856-2416058475-3417897555-1544143562|EmbedCtxt=Dell Shop|Platform=2:6:2|Platform2=GTEQ| "{DC46C2CD-74AB-4903-8488-9504987A9190}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Dell Shop|Desc=Dell Shop|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1953973419-1030600280-1195546423-2919219856-2416058475-3417897555-1544143562|EmbedCtxt=Dell Shop|Platform=2:6:2|Platform2=GTEQ| "{36A4F393-107A-4A13-83F9-A448B9E09CCC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=CyberLink Media Suite Essentials|Desc=CyberLink Media Suite Essentials|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-4065702725-1479395809-1614255800-505054521-4165378141-1887711576-2941219707|EmbedCtxt=CyberLink Media Suite Essentials|Platform=2:6:2|Platform2=GTEQ| "{299AF697-ABB2-4F75-AB19-62D157CF3CBC}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ| "{C84CF185-14C3-4D63-98C0-5311528E3339}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Netflix|Desc=Netflix|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-444797119-353723001-3522112724-563070080-1809981734-922308773-1844997097|EmbedCtxt=Netflix|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{C00103F4-4019-40D0-A1A5-5288D3C95DCA}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.206_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{963B2CCB-BFF6-41E4-9A5C-BF2CFA6A46C7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.14393.206_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.206_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.206_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{A2A59ADC-81F5-4243-AE35-F82AB50C29EF}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9B75DFD6-8715-4176-8320-95C40B9ED9F1}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-388053127-935073523-3697796377-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{78A1C341-4539-11D3-B88D-00C04FAD5171}] : (mfesapsn) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [02/11/2016 06:37:21] - (6.711.10.11) - (Avago Technologies - MEGASAS RAID Controller Driver for Windows) - C:\WINDOWS\System32\drivers\MegaSas2i.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - McAfee Link Driver) - C:\WINDOWS\system32\drivers\mfehidk.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - Anti-Virus Mini-Firewall Driver) - C:\WINDOWS\system32\drivers\mfewfpk.sys [10/09/2016 03:57:48] - (1.0.0.3512) - (CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files.) - C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [27/08/2016 00:32:34] - (21.21.13.6909) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 369.09) - C:\WINDOWS\System32\DriverStore\FileRepository\nvddwu.inf_amd64_22a22f778ced373c\nvlddmkm.sys [10/09/2016 04:14:15] - (2.1.0.17) - (Qualcomm Atheros, Inc. - Killer e2200 PCI-E Gigabit Ethernet Controller) - C:\WINDOWS\System32\drivers\L1C63x64.sys [05/01/2016 17:47:00] - (3.0.1.2) - (Dell Computer Corporation - DellProf.sys) - C:\WINDOWS\system32\drivers\DellProf.sys [05/01/2016 17:47:00] - (1.1.0.0) - (Dell Computer Corporation - DDDriver.sys) - C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [28/09/2016 08:17:41] - (0.0.0.0) - ( -) - C:\WINDOWS\System32\drivers\NIWinCDEmu.sys [27/08/2016 00:32:32] - (1.3.34.15) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\WINDOWS\system32\drivers\nvhda64v.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - McAfee Arbitrary Access Control Driver) - C:\WINDOWS\system32\drivers\mfeaack.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - Anti-Virus File System Filter Driver) - C:\WINDOWS\system32\drivers\mfeavfk.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - McAfee Core Firewall Engine Driver) - C:\WINDOWS\system32\drivers\mfefirek.sys [01/08/2016 18:26:02] - (1.4.1.717) - (McAfee, Inc. - Event Driver) - C:\WINDOWS\system32\DRIVERS\mfencbdc.sys [16/07/2016 07:42:23] - (5.1.2.248) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\WINDOWS\System32\ATMFD.DLL [10/10/2016 14:36:35] - (1.0.0.111) - (McAfee, Inc. - McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [29/01/2016 10:01:56] - (15.4.0.822) - (McAfee, Inc. - McAfee Personal Firewall IDS Plugin) - C:\WINDOWS\system32\drivers\cfwids.sys ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - 3ware () -> System32\drivers\3ware.sys R0 - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys R0 - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys S0 - ADP80XX () -> System32\drivers\ADP80XX.SYS S0 - amdsata () -> System32\drivers\amdsata.sys S0 - amdsbs () -> System32\drivers\amdsbs.sys S0 - amdxata () -> System32\drivers\amdxata.sys S0 - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys R0 - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys S0 - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys R0 - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys R0 - CNG () -> System32\Drivers\cng.sys R0 - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys S0 - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys S0 - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys S0 - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys S0 - Fs_Rec () -> (?) R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys S0 - HpSAMD () -> System32\drivers\HpSAMD.sys S0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys R0 - iaStorA () -> System32\drivers\iaStorA.sys S0 - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys S0 - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys R0 - intelide () -> System32\drivers\intelide.sys R0 - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys R0 - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys S0 - isapnp () -> System32\drivers\isapnp.sys R0 - KSecDD () -> System32\Drivers\ksecdd.sys R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys S0 - LSI_SAS () -> System32\drivers\lsi_sas.sys S0 - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys S0 - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys S0 - LSI_SSS () -> System32\drivers\lsi_sss.sys S0 - megasas () -> System32\drivers\megasas.sys R0 - megasas2i () -> System32\drivers\MegaSas2i.sys S0 - megasr () -> System32\drivers\megasr.sys S0 - mfeelamk (McAfee Inc. mfeelamk) -> system32\drivers\mfeelamk.sys R0 - mfehidk (McAfee Inc. mfehidk) -> system32\drivers\mfehidk.sys R0 - mfewfpk (McAfee Inc. mfewfpk) -> system32\drivers\mfewfpk.sys R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys R0 - msisadrv () -> System32\drivers\msisadrv.sys R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys S0 - mvumis () -> System32\drivers\mvumis.sys R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys S0 - nvraid () -> System32\drivers\nvraid.sys S0 - nvstor () -> System32\drivers\nvstor.sys R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys R0 - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys R0 - pciide () -> System32\drivers\pciide.sys S0 - pcmcia () -> System32\drivers\pcmcia.sys R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys R0 - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys S0 - percsas2i () -> System32\drivers\percsas2i.sys S0 - percsas3i () -> System32\drivers\percsas3i.sys R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys S0 - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys S0 - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys S0 - SiSRaid2 () -> System32\drivers\SiSRaid2.sys S0 - SiSRaid4 () -> System32\drivers\sisraid4.sys R0 - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys S0 - stexstor () -> System32\drivers\stexstor.sys R0 - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys S0 - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys R0 - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys S0 - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys S0 - storvsc () -> System32\drivers\storvsc.sys R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys R0 - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys S0 - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys R0 - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys R0 - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys R0 - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys S0 - vsmraid () -> System32\drivers\vsmraid.sys S0 - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys R0 - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys R0 - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys R0 - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys R0 - Wof (Windows Overlay File System Filter Driver) -> (?) R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys R1 - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys R1 - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys R1 - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys R1 - Beep (Beep) -> (?) R1 - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys R1 - CLVirtualDrive (CLVirtualDrive) -> \SystemRoot\system32\DRIVERS\CLVirtualDrive.sys S1 - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys R1 - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys R1 - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys R1 - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys R1 - Msfs () -> (?) R1 - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys R1 - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys R1 - Npfs () -> (?) R1 - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys R1 - Null () -> (?) R1 - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys R1 - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys R2 - AdobeARMservice (Adobe Acrobat Update Service) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" R2 - AudioEndpointBuilder (@%SystemRoot%\system32\AudioEndpointBuilder.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - Audiosrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Bonjour Service (Bonjour Service) -> "C:\Program Files\Bonjour\mDNSResponder.exe" R2 - BrokerInfrastructure (@%windir%\system32\bisrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService S2 - CDPUserSvc (@%SystemRoot%\system32\cdpusersvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R2 - CDPUserSvc_1d9dd5 (CDPUserSvc_1d9dd5) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - ClickToRunSvc (Microsoft Office Click-to-Run Service) -> "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service R2 - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys R2 - CoreMessagingRegistrar (@%SystemRoot%\system32\coremessaging.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService S2 - dbupdate (Dropbox Update Service (dbupdate)) -> "C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe" /svc R2 - DbxSvc (DbxSvc) -> C:\Windows\system32\DbxSvc.exe R2 - DcomLaunch (@combase.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch S2 - Dell Customer Connect (Dell Customer Connect) -> "C:\Program Files (x86)\Dell Customer Connect\DCCService.exe" S2 - Dell Foundation Services (Dell Foundation Services) -> "C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe" S2 - Dell Help & Support (Dell Help & Support) -> "C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe" R2 - DellDataVault (Dell Data Vault) -> "C:\Program Files\Dell\DellDataVault\DellDataVault.exe" R2 - DellDataVaultWiz (Dell Data Vault Wizard) -> "C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe" S2 - DellDigitalDelivery (Dell Digital Delivery Service) -> "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" R2 - DellUpdate (Dell Update Service) -> "C:\Program Files (x86)\Dell Update\DellUpService.exe" R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - DiagTrack (@%SystemRoot%\system32\diagtrack.dll,-3001) -> %SystemRoot%\System32\svchost.exe -k utcsvc R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService R2 - DoSvc (@%systemroot%\system32\dosvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork R2 - EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - EvtEng (Intel(R) PROSet/Wireless Event Log) -> "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs S2 - gupdate (Google Update Service (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc R2 - HomeNetSvc (McAfee Home Network) -> "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - IAStorDataMgrSvc (Intel(R) Rapid Storage Technology) -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" R2 - ibtsiva (@oem92.inf,%SERVICE_NAME%;Intel Bluetooth Service) -> %SystemRoot%\system32\ibtsiva R2 - igfxCUIService2.0.0.0 (Intel(R) HD Graphics Control Panel Service) -> %SystemRoot%\system32\igfxCUIService.exe R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs R2 - IRMTService (Intel(R) Ready Mode Technology) -> "c:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe" R2 - isaHelperSvc (Intel(R) Security Assist Helper) -> "C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe" R2 - jhi_service (Intel(R) Dynamic Application Loader Host Interface Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys R2 - LMS (Intel(R) Management and Security Application Local Management Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" R2 - LSM (@%windir%\system32\lsm.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys S2 - MapsBroker (@%SystemRoot%\System32\moshost.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - McAfee SiteAdvisor Service (McAfee SiteAdvisor Service) -> "C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe" R2 - McAPExe (McAfee AP Service) -> "C:\Program Files\McAfee\MSC\McAPExe.exe" R2 - McBootDelayStartSvc (McAfee Boot Delay Start Service) -> "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - mccspsvc (McAfee CSP Service) -> "C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe" R2 - McMPFSvc (McAfee Personal Firewall Service) -> "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - McNaiAnn (McAfee VirusScan Announcer) -> "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - mcpltsvc (McAfee Platform Services) -> "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - McProxy (McAfee Proxy Service) -> "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc R2 - mfemms (McAfee Service Controller) -> "C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe" R2 - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys R2 - ModuleCoreService (McAfee Module Core Service) -> "C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe" R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork R2 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys R2 - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys R2 - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService R2 - nvsvc (NVIDIA Display Driver Service) -> "C:\WINDOWS\system32\nvvsvc.exe" S2 - OneSyncSvc (@%SystemRoot%\system32\APHostRes.dll,-10002) -> %SystemRoot%\system32\svchost.exe -k UnistackSvcGroup R2 - OneSyncSvc_1d9dd5 (Sync Host_1d9dd5) -> C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup R2 - PaceLicenseDServices (PACE License Services) -> "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys R2 - PEFService (Intel Security PEF Service) -> "C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe" R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - Product Registration (Product Registration) -> "C:\Program Files\Dell\Dell Product Registration\PRSvc.exe" R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - RegSrvc (Intel(R) PROSet/Wireless Registry Service) -> "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" R2 - RichVideo (Cyberlink RichVideo Service(CRVS)) -> "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS R2 - RpcSs (@combase.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss R2 - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys R2 - RtkAudioService (Realtek Audio Service) -> "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe R2 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys R2 - Stereo Service (NVIDIA Stereoscopic 3D Driver Service) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" R2 - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys R2 - SupportAssistAgent (Dell SupportAssist Agent) -> "C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe" R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - SystemEventsBroker (@%windir%\system32\SystemEventsBrokerServer.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys R2 - TeamViewer (TeamViewer 11) -> "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs R2 - tiledatamodelsvc (@%SystemRoot%\system32\tileobjserver.dll,-1) -> %systemroot%\system32\svchost.exe -k appmodel R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted R2 - UserManager (@%systemroot%\system32\usermgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs S2 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup R2 - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys R2 - Wcmsvc (@%SystemRoot%\System32\wcmsvc.dll,-4097) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted R2 - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - WlanSvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted R2 - WpnService (@%SystemRoot%\system32\wpnservice.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding R2 - ZeroConfigService (Intel(R) PROSet/Wireless Zero Configuration Service) -> "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 07:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 07:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 07:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 07:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 07:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 07:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 07:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 07:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 07:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.EF41D362661C5D71D0BEB6D2329739F7] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Personal Firewall IDS Plugin.) - [76.79 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\cfwids.sys [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 07:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 07:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 07:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys [MD5.5C646CAC91E086F7FF53C7F2E857F263] - [10/09/2016 03:57:48] - (.Copyright (C) 2011 CyberLink - It is a virtual device driver which could create multiple virtual devices and mount image files..) - [89.76 Ko] - (1.0.0.3512) - C:\WINDOWS\System32\Drivers\CLVirtualDrive.sys [MD5.75527C244D55E9C557E1E4655FE62E3B] - [24/10/2016 09:06:10] - (.Dropbox, Inc. - Dropbox Filter Driver.) - [74.11 Ko] - (1.0.15.0) - C:\WINDOWS\System32\Drivers\dbx-canary.sys [MD5.75527C244D55E9C557E1E4655FE62E3B] - [24/10/2016 09:06:10] - (.Dropbox, Inc. - Dropbox Filter Driver.) - [74.11 Ko] - (1.0.15.0) - C:\WINDOWS\System32\Drivers\dbx-dev.sys [MD5.75527C244D55E9C557E1E4655FE62E3B] - [24/10/2016 09:06:10] - (.Dropbox, Inc. - Dropbox Filter Driver.) - [74.11 Ko] - (1.0.15.0) - C:\WINDOWS\System32\Drivers\dbx-stable.sys [MD5.3802CBF4BDDE6F99974B27EE1782E5F9] - [05/01/2016 17:47:00] - (.Copyright © 2014 Dell Computer Corporation - DDDriver.sys.) - [31.7 Ko] - (1.1.0.0) - C:\WINDOWS\System32\Drivers\DDDriver64Dcsa.sys [MD5.DC3BD578642252FD9569B9CD75CEF81E] - [05/01/2016 17:47:00] - (.Copyright © 2015 Dell Computer Corporation - DellProf.sys.) - [23.67 Ko] - (3.0.1.2) - C:\WINDOWS\System32\Drivers\DellProf.sys [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 07:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.7829E439EBDDDB0FEFD6DEBCEE6B09AD] - [17/09/2016 20:27:07] - (.Copyright© 2000-2015 McAfee, Inc. - McAfee HIP IPS Driver.) - [203.09 Ko] - (8.0.0.3511) - C:\WINDOWS\System32\Drivers\HipShieldK.sys [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 07:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 07:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 07:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 07:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 07:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.055891B754A468304B3834F8F5241FEC] - [10/09/2016 04:13:44] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO SPI Driver v2.) - [148.8 Ko] - (30.63.1603.5) - C:\WINDOWS\System32\Drivers\iaLPSS2_SPI.sys [MD5.A7F658B9DE93D0A2E96A51D0D1F05D06] - [10/09/2016 04:13:44] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO UART Driver.) - [274.8 Ko] - (30.63.1603.5) - C:\WINDOWS\System32\Drivers\iaLPSS2_UART2.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 07:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 07:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.FC44D4507741936BBBF0F8FFD1C8EEA1] - [10/09/2016 04:16:42] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver - x64.) - [1435.5 Ko] - (14.8.9.1053) - C:\WINDOWS\System32\Drivers\iaStorA.sys [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 07:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 07:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 07:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.17CF9460BCF23BB4F96EAE3E160D7DB9] - [12/07/2016 03:01:12] - (.Intel Corporation (C) 2015 - Intel(R) Wireless Bluetooth(R) Filter Driver.) - [341.76 Ko] - (18.1.1611.3223) - C:\WINDOWS\System32\Drivers\ibtusb.sys [MD5.FD8EF027CCAF40D2BDAB61A108AD9E1B] - [10/09/2016 04:16:12] - (.Copyright (c) 1998-2014 Intel Corporation. - Intel Graphics Kernel Mode Driver.) - [7710.45 Ko] - (20.19.15.4390) - C:\WINDOWS\System32\Drivers\igdkmd64.sys [MD5.BEF622DCE5FC16655100B9C6ABAA4C9C] - [11/04/2013 14:09:20] - (.Copyright 2012, PACE Anti-Piracy, Inc., - iLok Kernel Driver File.) - [25.2 Ko] - (6.1.0.0) - C:\WINDOWS\System32\Drivers\iLokDrvr.sys [MD5.41174D70CC0B28563FBF3B85EE7BFA2F] - [10/09/2016 04:15:59] - (.Intel(R) Corporation. - Intel(R) Display Audio Driver.) - [797.48 Ko] - (8.20.0.865) - C:\WINDOWS\System32\Drivers\IntcDAud.sys [MD5.64309D45FD682E9BAE9CF2C0C23CAB44] - [10/09/2015 22:09:22] - (.Copyright (C) 2013 Intel Corporation - Intel® Ready Mode Technology.) - [32.73 Ko] - (1.0.2.0) - C:\WINDOWS\System32\Drivers\IntelReadyModeDriver.sys [MD5.A9E95471762BFCC39B1A3C391F00A2A1] - [10/09/2016 04:14:15] - (.2015 Rivet Networks, LLC. - Killer e2200 PCI-E Gigabit Ethernet Controller.) - [158.07 Ko] - (2.1.0.17) - C:\WINDOWS\System32\Drivers\L1C63x64.sys [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 07:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 07:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 07:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 07:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 07:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [02/11/2016 06:37:21] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 07:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.FAF196A8E1905DB9248790583B3745E2] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Arbitrary Access Control Driver.) - [409.78 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfeaack.sys [MD5.A1A2DEA7E180BFC8284062DBCC67A18D] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - Anti-Virus File System Filter Driver.) - [341.29 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfeavfk.sys [MD5.C778A9DE8AC523DD9DBA3481F360B04A] - [01/08/2016 18:26:02] - (.Copyright© 2016 McAfee, Inc. - McAfee Driver Cleaning Driver.) - [21.79 Ko] - (1.4.1.717) - C:\WINDOWS\System32\Drivers\mfeclnrk.sys [MD5.E8B413490D4E3CD5CD36F9C442357F95] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee ELAM Driver.) - [81.65 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfeelamk.sys [MD5.767386839AD3C39F653512240C06D0D4] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Core Firewall Engine Driver.) - [481.79 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfefirek.sys [MD5.FAF5C37877D57B16D7E2DAFA29969F96] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - McAfee Link Driver.) - [823.29 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfehidk.sys [MD5.34812CE00FAE95A6275D6B58072457F5] - [01/08/2016 18:26:02] - (.Copyright© 2016 McAfee, Inc. - Event Driver.) - [507.28 Ko] - (1.4.1.717) - C:\WINDOWS\System32\Drivers\mfencbdc.sys [MD5.CF9D4FCA3A5C737DCF72B9F94BB0AC62] - [01/08/2016 18:26:02] - (.Copyright© 2016 McAfee, Inc. - Detection driver.) - [97.79 Ko] - (1.4.1.717) - C:\WINDOWS\System32\Drivers\mfencrk.sys [MD5.A47260605572FE4E4C42AB0A3CC0B4E9] - [29/01/2016 10:01:56] - (.Copyright© 1995-2016 McAfee, Inc. - Anti-Virus Mini-Firewall Driver.) - [237.78 Ko] - (15.4.0.822) - C:\WINDOWS\System32\Drivers\mfewfpk.sys [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 07:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 07:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 07:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 07:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys [MD5.CCF9FF5616904BCFCB410F613BB1AC67] - [16/07/2016 07:41:50] - (.Copyright © Intel Corporation 2011 - Intel® Wireless WiFi Link Driver.) - [6949.5 Ko] - (18.40.0.9) - C:\WINDOWS\System32\Drivers\Netwtw04.sys [MD5.EEECC4C67144A39BA5B9B6E351932606] - [28/09/2016 08:17:41] - (.-.) - [109.77 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NIWinCDEmu.sys [MD5.04AFA4A13AB62E3FC46C327E294B2A34] - [27/08/2016 00:32:32] - (.(C) NVIDIA Corporation. - NVIDIA HDMI Audio Driver.) - [235.06 Ko] - (1.3.34.15) - C:\WINDOWS\System32\Drivers\nvhda64v.sys [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 07:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 07:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 07:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 07:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.E907E99663173F8035B7D98D5B4EBB0F] - [10/09/2016 03:42:47] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [5152.02 Ko] - (6.0.1.7904) - C:\WINDOWS\System32\Drivers\RTKVHD64.sys [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 07:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 07:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 07:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.86F565B0D41EBCCE7256B812F3A0442B] - [24/12/2015 21:26:14] - (.Copyright © 2006-2015, Intel Corporation. - Intel(R) Management Engine Interface.) - [181.04 Ko] - (11.0.0.1176) - C:\WINDOWS\System32\Drivers\TeeDriverW8x64.sys [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 07:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 07:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 07:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 07:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\7-Zip] : (7-Zip 16.02 (x64).-.Igor Pavlov) -> C:\Program Files\7-Zip\Uninstall.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Dell Support Center] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PC-Doctor for Windows] : (Dell SupportAssist.-.Dell) -> C:\Program Files\Dell\SupportAssist\uninstaller.exe /arp [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\REAPER] : (REAPER (x64).-.) -> "C:\Program Files\REAPER (x64)\Uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files\TeamSpeak 3 Client\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WinRAR archiver] : (WinRAR 5.21 (64-bit).-.win.rar GmbH) -> C:\Program Files\WinRAR\uninstall.exe [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1244CC88-97DF-4694-A720-6F073845DEE2}] : (Native Instruments Kontakt Factory Selection.-.Native Instruments) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2B27A8F6-B7D5-4FAF-9C8A-71E9EECA3E9C}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}] : (Dell Data Vault.-.Dell Inc.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{307032B2-6AF2-46D7-B933-62438DEB2B9A}] : (Maxx Audio Installer (x64).-.Waves Audio Ltd.) -> MsiExec.exe /X{307032B2-6AF2-46D7-B933-62438DEB2B9A} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{409CB30E-E457-4008-9B1A-ED1B9EA21140}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{409CB30E-E457-4008-9B1A-ED1B9EA21140}\Setup.exe" -uninstall [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5552453B-BB76-45E3-973D-F95E458ED780}] : (Native Instruments Kontakt 5.-.Native Instruments) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6EC2BBF2-A438-4240-A7C1-748309E77E02}] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7331913F-E841-469A-B151-1046F1889E7B}] : (Intel(R) Ready Mode Technology.-.Intel Corporation) -> MsiExec.exe /X{7331913F-E841-469A-B151-1046F1889E7B} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{77C8127D-65EA-4E03-8C1B-C77714E1B291}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7cacf843-91e9-456c-82a7-0cb8c5d76e56}] : (Native Instruments Una Corda.-.Native Instruments) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7D84E343-A23D-451C-B123-0195B2D903A6}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{7D84E343-A23D-451C-B123-0195B2D903A6} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7E780845-303D-4B46-9746-9D49D94D16AB}] : (Dell Help & Support.-.Dell Inc.) -> MsiExec.exe /X{7E780845-303D-4B46-9746-9D49D94D16AB} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}] : (Product Registration.-.Dell Inc.) -> MsiExec.exe /X{85B14AE3-1624-45BE-942B-A528DF6F1CCE} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{90365F43-ACDA-4b4f-87CC-4BAD304C23AD}] : (PACE License Support Win64.-.PACE Anti-Piracy, Inc.) -> MsiExec.exe /X{90365F43-ACDA-4b4f-87CC-4BAD304C23AD} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{97D98EE2-53B2-4E9A-94A8-8FC4F0E7B950}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{97D98EE2-53B2-4E9A-94A8-8FC4F0E7B950} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{9f63698a-6f92-4dd3-be96-6a75e3672dae}] : (Intel(R) PRO/Wireless Driver.-.Intel Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AA77D6A5-710B-460F-8418-456ED99B3C63}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{AA77D6A5-710B-460F-8418-456ED99B3C63} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA 3D Vision Driver 359.46.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 369.09.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 359.46.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA 3D Vision Controller Driver 352.65.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.15.0428.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 10.4.0.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Update [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA HD Audio Driver 1.3.34.4.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}] : (Dell Foundation Services.-.Dell Inc.) -> MsiExec.exe /X{C1C53DA1-9497-4ABB-A3D6-A63039820B37} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{CF2FF2E6-27D1-44D2-B532-1B31B731244C}] : (Intel(R) Rapid Storage Technology.-.Intel Corporation) -> MsiExec.exe /I{CF2FF2E6-27D1-44D2-B532-1B31B731244C} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D1A20264-9483-4C9A-8EE3-CB2F3D4340BF}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{D1A20264-9483-4C9A-8EE3-CB2F3D4340BF} [{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DCA91DE4-309F-41F1-AAF1-A5DBAF972778}] : (Intel® PROSet/Wireless WiFi Software.-.Intel Corporation) -> MsiExec.exe /I{DCA91DE4-309F-41F1-AAF1-A5DBAF972778} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F7A70D00-F283-45C8-B163-49EC365D7E27}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Dropbox] : (Dropbox.-.Dropbox, Inc.) -> "C:\Program Files (x86)\Dropbox\Client\DropboxUninstaller.exe" /InstallType:MACHINE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FastStone Capture] : (FastStone Capture 8.4.-.FastStone Soft) -> C:\Program Files (x86)\FastStone Capture\uninst.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FileZilla Client] : (FileZilla Client 3.22.1.-.Tim Kosse) -> C:\Program Files\FileZilla FTP Client\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Finale 2014] : (Finale 2014.-.MakeMusic) -> C:\Program Files (x86)\Finale 2014\uninstallFinale.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\setup.exe" --uninstall --multi-install --chrome --system-level [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}] : (Dell Help & Support.-.Dell Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{7E780845-303D-4B46-9746-9D49D94D16AB}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}] : (Dell Product Registration.-.Dell Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}] : (CyberLink Media Suite Essentials.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield_{90365F43-ACDA-4b4f-87CC-4BAD304C23AD}] : (PACE License Support Win64.-.PACE Anti-Piracy, Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{90365F43-ACDA-4b4f-87CC-4BAD304C23AD}\setup.exe" -runfromtemp -l0x0409 -removeonly [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\iZotope Iris 2_is1] : (iZotope Iris 2.-.iZotope, Inc.) -> "C:\Program Files (x86)\iZotope\Iris 2\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MSC] : (McAfee LiveSafe.-.McAfee, Inc.) -> C:\Program Files\McAfee\MSC\mcuihost.exe /body:misp://MSCJsRes.dll::uninstall.html /id:uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Native Instruments Kontakt 5] : (Native Instruments Kontakt 5.-.Native Instruments) -> "C:\ProgramData\{57623A97-E2F4-49B2-86D7-FA0915C77BED}\Kontakt 5 Setup PC.exe" REMOVE=TRUE MODIFY=FALSE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Native Instruments Kontakt Factory Selection] : (Native Instruments Kontakt Factory Selection.-.Native Instruments) -> "C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}\Kontakt Factory Selection Setup PC.exe" REMOVE=TRUE MODIFY=FALSE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Native Instruments Una Corda] : (Native Instruments Una Corda.-.Native Instruments) -> "C:\ProgramData\{CF8DBD9D-2EFD-44F7-8D23-93B5C27D06D7}\Una Corda Setup PC.exe" REMOVE=TRUE MODIFY=FALSE [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NewBlue Video Essentials for Windows] : (NewBlue Video Essentials for Windows.-.NewBlue) -> "C:\Program Files (x86)\NewBlue\Video Essentials for Windows\Uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NFO viewer_is1] : (NFO viewer v 2.1.-.) -> "C:\Program Files (x86)\NFO viewer\unins000.exe" [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\proDAD-Adorage-3.0] : (proDAD Adorage 3.0.-.proDAD GmbH) -> "C:\Program Files (x86)\proDAD\Adorage-3.0\uninstall.exe" uninstall spcp PATHVERSION "3.0" MAINNAME "Adorage" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamViewer] : (TeamViewer 11.-.TeamViewer) -> "C:\Program Files (x86)\TeamViewer\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VLC media player] : (VLC media player.-.VideoLAN) -> C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{099218A5-A723-43DC-8DB5-6173656A1E94}] : (Dropbox Update Helper.-.Dropbox, Inc.) -> MsiExec.exe /I{099218A5-A723-43DC-8DB5-6173656A1E94} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1244CC88-97DF-4694-A720-6F073845DEE2}] : (.-.) -> C:\ProgramData\{5D37AF22-489A-46B2-9972-806CEC1EDFE2}\Kontakt Factory Selection Setup PC.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{27130E51-9555-408B-8134-7BFF54EDE27B}] : (Dell SupportAssistAgent.-.Dell) -> MsiExec.exe /X{27130E51-9555-408B-8134-7BFF54EDE27B} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}] : (CyberLink Power2Go 8.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\Setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2BFA1207-9A98-4D55-9182-5C433ED6A55A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}] : (.-.) -> C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398}\DDV.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}] : (CyberLink Power Media Player 14.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35BEC446-269E-42E4-8EED-191A38CCFF3D}] : (Dell Customer Connect.-.Dell Inc.) -> MsiExec.exe /I{35BEC446-269E-42E4-8EED-191A38CCFF3D} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}] : (McAfee WebAdvisor.-.McAfee, Inc.) -> C:\Program Files (x86)\McAfee\SiteAdvisor\Uninstall.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}] : (Intel® Security Assist.-.Intel Corporation) -> MsiExec.exe /I{3D45BD48-F215-4C69-B23F-256C83D1D7F0} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}] : (Intel(R) Wireless Bluetooth(R).-.Intel Corporation) -> MsiExec.exe /I{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{5552453B-BB76-45E3-973D-F95E458ED780}] : (.-.) -> C:\ProgramData\{57623A97-E2F4-49B2-86D7-FA0915C77BED}\Kontakt 5 Setup PC.exe [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{66F32794-1046-359C-AC86-8C70C6A2421D}] : (Dropbox 20 GB.-.Dropbox, Inc.) -> MsiExec.exe /I{66F32794-1046-359C-AC86-8C70C6A2421D} [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6BADCD73-E925-46F7-A295-FF2448632728}] : (CyberLink PowerDirector 14.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{6BADCD73-E925-46F7-A295-FF2448632728}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{6BADCD73-E925-46F7-A295-FF2448632728} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7858618B-FA45-4797-988D-4E8B793C3B88}] : (Intel(R) C++ Redistributables on IA-32.-.Intel Corporation) -> MsiExec.exe /X{7858618B-FA45-4797-988D-4E8B793C3B88} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{7cacf843-91e9-456c-82a7-0cb8c5d76e56}] : (.-.) -> C:\ProgramData\{CF8DBD9D-2EFD-44F7-8D23-93B5C27D06D7}\Una Corda Setup PC.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{80375DA2-CFB8-4DC3-9E01-9AC82443C88B}] : (ActiveState Komodo Edit 10.1.1.-.ActiveState Software Inc.) -> MsiExec.exe /I{80375DA2-CFB8-4DC3-9E01-9AC82443C88B} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}] : (.-.CyberLink Corp.) -> "C:\Program Files (x86)\InstallShield Installation Information\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\setup.exe" /z-uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF}] : (Intel(R) C++ Redistributables on Intel(R) 64.-.Intel Corporation) -> MsiExec.exe /X{A7D3C4B3-2CA8-46F3-9C34-63205AC018FF} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}] : (Dell Digital Delivery.-.Dell Products, LP) -> MsiExec.exe /I{AB7F2792-2ED1-4C5C-9F28-680E5110BF72} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-000182420219}] : (.-.) -> [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-0804-1033-1959-001824202044}] : (Adobe Refresh Manager.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-0804-1033-1959-001824202044} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}] : (Adobe Acrobat Reader DC.-.Adobe Systems Incorporated) -> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c5379552-10e4-4652-9536-b328ff9e4ca6}] : (Intel® PROSet/Wireless Software.-.Intel Corporation) -> "C:\ProgramData\Package Cache\{c5379552-10e4-4652-9536-b328ff9e4ca6}\Setup.exe" /uninstall [{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}] : (CyberLink Media Suite 12.-.CyberLink Corp.) -> C:\Program Files (x86)\NSIS Uninstall Information\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}\Setup.exe _?=C:\Program Files (x86)\NSIS Uninstall Information\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}] : (Intel(R) Processor Graphics.-.Intel Corporation) -> "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe" -uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709 [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}] : (Dell Update.-.Dell Inc.) -> MsiExec.exe /I{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2} ---------- | Installer [HKCR\Installer\Products\00006109C80000000000000000F01FEC] : Office 16 Click-to-Run Extensibility Component [HKCR\Installer\Products\00006109C80090400000000000F01FEC] : Office 16 Click-to-Run Localization Component [HKCR\Installer\Products\00006109DD0000000100000000F01FEC] : Office 16 Click-to-Run Extensibility Component 64-bit Registration [HKCR\Installer\Products\00006109F80000000100000000F01FEC] : Office 16 Click-to-Run Licensing Component [HKCR\Installer\Products\003E8C234BDB8934292C9E7B8D2A33BD] : [HKCR\Installer\Products\08E891BFBA1FF6A43B3E7F44F29CF12D] : Dell Update -> C:\Windows\Installer\{FB198E80-F1AB-4A6F-B3E3-F7442FC91FD2}\dnd.ico [HKCR\Installer\Products\15E031725559B8041843B7FF45DE2EB7] : Dell SupportAssistAgent -> C:\Windows\Installer\{27130E51-9555-408B-8134-7BFF54EDE27B}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1AD35C1C7949BBA43A6D6A039328B073] : Dell Foundation Services [HKCR\Installer\Products\2972F7BA1DE2C5C4F98286E01501FB27] : Dell Digital Delivery -> c:\Windows\Installer\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}\cloud.ico [HKCR\Installer\Products\2AD573088BFC3CD4E910A98C42348CB8] : ActiveState Komodo Edit 10.1.1 -> C:\Windows\Installer\{80375DA2-CFB8-4DC3-9E01-9AC82443C88B}\KoEd101.exe [HKCR\Installer\Products\2B0163E6D0340BE4183EB2758E9BEDD8] : Bonjour -> C:\Windows\Installer\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}\Bonjour.ico [HKCR\Installer\Products\2B2307032FA67D649B332634D8BEB2A9] : Maxx Audio Installer (x64) -> c:\WINDOWS\Installer\{307032B2-6AF2-46D7-B933-62438DEB2B9A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2EE89D792B35A9E4498AF84C0F7E9B05] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\343E48D7D32AC1541B3210592B9D306A] : Intel® Trusted Connect Service Client [HKCR\Installer\Products\348fcac79e19c654287ac08b5c7de665] : Native Instruments Una Corda [HKCR\Installer\Products\34F56309ADCAf4b478CCB4DA03C432DA] : PACE License Support Win64 -> C:\Windows\Installer\{90365F43-ACDA-4b4f-87CC-4BAD304C23AD}\ARPPRODUCTICON.exe [HKCR\Installer\Products\37DCDAB6529E7F642A59FF4284367282] : [HKCR\Installer\Products\3B4C3D7A8AC23F64C9433602A50C81FF] : Intel(R) C++ Redistributables on Intel(R) 64 [HKCR\Installer\Products\3EA41B584261EB5449B25A82FDF6C1EC] : Product Registration -> C:\Windows\Installer\{85B14AE3-1624-45BE-942B-A528DF6F1CCE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\46202A1D3849A9C4E83EBCF2D33404FB] : Intel(R) Management Engine Components [HKCR\Installer\Products\49723F666401C953CA68C8076C2A24D1] : Dropbox 20 GB -> C:\Windows\Installer\{66F32794-1046-359C-AC86-8C70C6A2421D}\DropboxOEM.exe [HKCR\Installer\Products\4ED19ACDF9031F14AA1F5ABDFA797287] : Intel® PROSet/Wireless WiFi Software -> C:\Windows\Installer\{DCA91DE4-309F-41F1-AAF1-A5DBAF972778}\ARPPRODUCTICON.exe [HKCR\Installer\Products\548087E7D30364B47964D9949DD461BA] : Dell Help & Support -> C:\Windows\Installer\{7E780845-303D-4B46-9746-9D49D94D16AB}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5A6D77AAB017F064488154E69DB9C336] : Intel(R) Management Engine Components [HKCR\Installer\Products\5A812990327ACD34D85B163756A6E149] : Dropbox Update Helper [HKCR\Installer\Products\644CEB53E9624E24E8DE91A183CCFFD3] : Dell Customer Connect -> C:\Windows\Installer\{35BEC446-269E-42E4-8EED-191A38CCFF3D}\dnd.ico [HKCR\Installer\Products\68AB67CA408033019195008142020244] : Adobe Refresh Manager -> C:\Windows\Installer\{AC76BA86-0804-1033-1959-001824202044}\ARPPRODUCTICON.exe [HKCR\Installer\Products\68AB67CA7DA73301B744CAF070E41400] : Adobe Acrobat Reader DC -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico [HKCR\Installer\Products\6E2FF2FC1D722D445B23B1137B1342C4] : Intel(R) Rapid Storage Technology [HKCR\Installer\Products\84DB54D3512F96C42BF352C6381D7D0F] : Intel® Security Assist -> C:\Windows\Installer\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}\isa.ico [HKCR\Installer\Products\88CC4421FD7949647A02F6708354ED2E] : Native Instruments Kontakt Factory Selection [HKCR\Installer\Products\91CD9AD4D1E401B47A625A2F1ACB2756] : Intel(R) Wireless Bluetooth(R) -> C:\Windows\Installer\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}\IntelBluetooth.ico [HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : [HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper [HKCR\Installer\Products\A89636F929F63DD4EB69A6573E76D2EA] : Intel(R) PRO/Wireless Driver -> C:\Windows\Installer\{9F63698A-6F92-4DD3-BE96-6A75E3672DAE}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B354255567BB3E5479D39FE554E87D08] : Native Instruments Kontakt 5 [HKCR\Installer\Products\B816858754AF797489D8E4B897C3B388] : Intel(R) C++ Redistributables on IA-32 [HKCR\Installer\Products\D84D78A2FDF3df1479DC1A3E07FEFF2E] : Power2Go -> C:\Windows\Installer\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DFEE55E22612D7A41985DE0B0365306A] : Dell Data Vault [HKCR\Installer\Products\F3191337148EA9641B1501641F88E9B7] : Intel(R) Ready Mode Technology -> c:\Windows\Installer\{7331913F-E841-469A-B151-1046F1889E7B}\IRMT.ico [HKCR\Installer\Products\F4335FECA19B7234CAEAAA05CD3E9F59] : ---------- | ADS ---------- | Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Windows Information: (build 9200), 64-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: XPS 8910 Logical Drives Mask: 0x0000007c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Activation context generation failed for "C:\Users\JCARAYOL\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found. Please use sxstrace.exe for detailed diagnosis. ------------ Failed to connect to the driver: (-2147024894) The system cannot find the file specified. ------------ Failed to connect to the driver: (-2147024894) The system cannot find the file specified. ------------ Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . ------------ Activation context generation failed for "C:\Users\JCARAYOL\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found. Please use sxstrace.exe for detailed diagnosis. ------------ Activation context generation failed for "C:\Users\JCARAYOL\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found. Please use sxstrace.exe for detailed diagnosis. ------------ Faulting application name: Explorer.EXE, version: 10.0.14393.0, time stamp: 0x57899981 Faulting module name: windows.immersiveshell.serviceprovider.dll, version: 10.0.14393.0, time stamp: 0x57899873 Exception code: 0x80270233 Fault offset: 0x0000000000033c25 Faulting process id: 0x175c Faulting application start time: 0x01d2349ef6db0ca0 Faulting application path: C:\WINDOWS\Explorer.EXE Faulting module path: C:\Windows\System32\windows.immersiveshell.serviceprovider.dll Report Id: ba2c2b1b-31ac-4a74-82d2-3a0e198b83c0 Faulting package full name: Faulting package-relative application ID: ------------ Failed to connect to the driver: (-2147024894) The system cannot find the file specified. ------------ Activation context generation failed for "C:\Users\JCARAYOL\AppData\Local\chromium\Application\chrome.exe". Dependent Assembly 51.0.2683.0,language="*",type="win32",version="51.0.2683.0" could not be found. Please use sxstrace.exe for detailed diagnosis. ------------ Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1. Component identity found in manifest does not match the identity of the component requested. Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0". Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0". Please use sxstrace.exe for detailed diagnosis. ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) ------------ Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A ------------ Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. ------------ Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored. ------------ ----------( EOF)---------- - 3440 | 08:43:22