EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse

soliver84 · 03.12.2017, 14:26

Hallo,

ich habe mir ein Programm gekauft das heist coincollector. da komische Sachen auf dem PC passiert sind hab ich jetzt mal ein Regestry log vom Programm erstellt.

viel leicht kann sich das mal ein Profi ansehen ich bin zwar PC Techniker aber hab da jetzt nicht genau die Ahnung.

hab die datei hier hochgeladen. ist mit Regshot erstellt. und die First und adwcleaner

was mich sehr wundert dabei und bedenklich gemacht hat ist das die Datei MultiMiner.Win.exe aufgetaucht ist im Verzeichnis des Programms. und Ordner.

wie geht das wenn ich ESET drauf hab!!

LOG angehängt

ah ja ESET hat ne zeit lang so 10-15 min diese Seite immer blokiert: https://ak.imgfarm.com habe des in der regestry gesucht nix gefunden.

ich finde es scheiße hab erst gerade neu installiert.
wenn noch logs benötigt melden. ich hasse so wixer sagt bescheid ob der schuld ist.

da ist des programm her:
hxxp://www.autoclickbots.com/

Danke

cosinus · 03.12.2017, 16:48

Aha. Und was genau ist jetzt eigentlich das Problem?
Was genau erwartest du von einer bitcoin-Software?
Was genau sollen "komischen Sachen"sein?
Warum wird ein Malbefall herbeigeredet?

soliver84 · 03.12.2017, 16:58

Hallo
cosinus,

Erst mal danke das du dir zeit nimmst.

Das Programm coincollector soll freie coins auf webseiten einsammeln die man einträgt in einer URL liste die man selber aussucht. mehr nicht.

Die neuen Ordner die angelegt wurden haben mit lokalen mining zu tun CPU/Grafikkarte dies soll das programm nicht machen.

Darum bin ich sehr stuzig geworden.

Mich würde interessieren ob ich jetzt eine back dorr offen hab am pc oder nicht?

Und ob du etwas erkennen kannst was meinen verdacht bestätigt das etwas faul ist.

cosinus · 03.12.2017, 16:59

Ich versteh dich nicht. Du traust dem Programm nicht und es tut nicht das was es soll. Aber anstatt es zu deinstallieren lässt du es einfach drauf. Muss man nicht verstehen oder?

soliver84 · 03.12.2017, 17:05

Ja du verstehst da jetzt falsch!

Das Programm tut was es soll, aber es sind verdächtige Sachen die nicht mal den Virenscanner anschlagen haben lassen passiert.

Ich habe das Programm gekauft darum ist es noch drauf.

würde gerne wissen ob das sicher ist was des da so macht oder nicht. ich selber kann es nicht feststellen, darum suche ich hier Hilfe bei den Profis was diese Sachen angeht.

cosinus · 03.12.2017, 17:08

Und schon wieder kannst du nicht richtig meine Frage beantworten - was genau denn verdächtige Sachen sein sollen. Wenn das das lokale mining sein soll und du das nicht willst kommt man wieder zur Frage, warum du die Software nicht deinstallierst oder das Handbuch liest um es zu konfigurieren

soliver84 · 03.12.2017, 17:17

Verdächtige sachen:
verdächtigen Daten die aufgetaucht sind sind hier für dich: augetauchte daten.7z
in der datei die angehängt ist sind die Regesty einträge die des programm beim aufruf macht aufgezeichnet:LOGS.7z (~res-X64 änderungen an der regestry.txt)

sorry wenn ich mich blöd ausdrücke

Die Software ist nicht für Lokales Mining.

Es landeten aber über den Coincollector Daten auf dem PC die für Lokales Mining sind.

bzw. ich weis nicht von wo diese auf dem pc landeten

die PC auslastung geht auch ab und zu so hoch das ich hier nichts mehr machen kann ohne das die software läuft und das bei einem 12 Core CPU

Ich selber finde es nicht darum bin ich hier. Ich weis es nicht ob die Software schuld ist.

cosinus · 03.12.2017, 17:23

Das sind config Dateien die das Programm angelegt hat.

Und ich wiederhole mich: wenn du dem Programm nicht traust muss es deinstalliert werden. Das Trojaner-Board ist nicht der Anbieter dieser Software, daher bist du hier was Fragen zu diesem Programm angeht eigentlich an der falschen Adresse. Wir können hier aber Fragen zu sehr weit verbreiteter Software beantworten.

Ich sehe hier keinen direkten Zusammenhang mit Befall. Es sei denn du hast irgendwelche Funde eines Scanners, diese sind dann zu posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

soliver84 · 03.12.2017, 17:25

cosinus

sorry wenn ich dich frage aber:

Hast du die Logs alle angesehen ich hab alle angehängt.

ja adwcleaner hat was gefunden (LOG Angehängt)
ja der ESET ist mal angesprunegn 10-15min lang https://ak.imgfarm.com (LOG Angehängt)

ich glaub du missversteht da etwas

cosinus · 03.12.2017, 17:34

Du sollst die Logs in CODE-Tags posten. Der Lesestoff ist doch nun wirklich nicht zu übersehen.

Und nochmal, nur weil das Programm nicht das tut was du willst ist es ein wenig lächerlich gleich einen Befall herbeizureden.

soliver84 · 03.12.2017, 17:44

cosinus

Du sollst die Logs in CODE-Tags posten. Der Lesestoff ist doch nun wirklich nicht zu übersehen.
Weil ich es erst danach gesehen habe darum und das bearbeiten des Threads gesperrt wurde von eurer Seite warum auch immer. wies nicht warum das jetzt ein großes Problem ist par kb an daten runter zu laden. das hat du ja berteits gemacht (aufrufe der daten)

wenn du keine lust hast kann ich das verstehen dann sag es einfach dann hat sich das erledig hier. ich bettel hier nicht nur um dann hier so Sachen gepresst zu bekommen sorry wenn ich des sage sei mir jetzt nicht böse

.

Und ich sag es auch noch mal ich bin nicht um sonnst hier, nicht nur an der Spaß an der freude oder um dich zu ärgern.

und es steht bereits ganz oben das ich die Logs angehängt habe.

cosinus · 03.12.2017, 17:46

Schnallst du das echt nicht warum ich das in CODE-Tag haben will?

Was genau kapierst du an dem Lesestoff denn nicht? Sowas hier

Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.

ist echt nicht zu begreifen?

soliver84 · 03.12.2017, 17:50

First1

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-11-2017
Ran by Admin (administrator) on DESKTOP-AJ07UJC (03-12-2017 14:30:48)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin & .NET v4.5 & DefaultAppPool & .NET v4.5 Classic)
Platform: Windows 10 Pro Version 1709 16299.98 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Privax Limited) C:\Program Files (x86)\HMA! Pro VPN\VpnSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Privax Limited) C:\Program Files (x86)\HMA! Pro VPN\Vpn.exe
(Regshot Team) C:\Users\Admin\Downloads\Regshot-1.9.0\Regshot-x64-ANSI.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\CoinCollector\CoinCollector.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UBot Studio\Browser\5.9.44\Browser.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UBot Studio\Browser\5.9.44\Browser.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UBot Studio\Browser\5.9.44\Browser.exe
() C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UBot Studio\Browser\5.9.44\Browser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [323328 2017-11-02] (ESET)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HMA! Pro VPN.lnk [2017-12-03]
ShortcutTarget: HMA! Pro VPN.lnk -> C:\Program Files (x86)\HMA! Pro VPN\Vpn.exe (Privax Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{559d26fa-1218-4afe-ae98-702c7103553f}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{56ad7dc0-4cb1-4264-abe9-dc59bb336484}: [DhcpNameServer] 192.168.178.1

Internet Explorer:
==================
BHO-x32: Microsoft Web Test Recorder 14.0 Helper -> {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} -> C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2015-07-07] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: l3331x2k.default
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3331x2k.default [2017-12-03]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-11-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-11-28] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-12-02] (Google Inc.)

Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default [2017-12-03]
CHR Extension: (Präsentationen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-12-02]
CHR Extension: (Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-12-02]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-12-02]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-12-02]
CHR Extension: (Tabellen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-12-02]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-12-02]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-12-02]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-12-02]
CHR Extension: (Google Mail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-12-02]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-12-02]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2017-12-02] (Microsoft Corporation)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [113152 2014-07-02] (Creative Technology Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [1932336 2017-11-02] (ESET)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HmaProVpn; C:\Program Files (x86)\HMA! Pro VPN\VpnSvc.exe [3646136 2017-10-31] (Privax Limited)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-28] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [519104 2017-11-28] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [463664 2017-11-28] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460736 2017-11-28] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2017-11-26] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cthda; C:\Windows\system32\drivers\cthda.sys [1060120 2014-07-02] (Creative Technology Ltd)
R3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [133856 2017-11-02] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [107336 2017-09-19] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [15392 2017-10-09] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [180088 2017-10-09] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [50744 2017-09-19] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [81888 2017-09-19] (ESET)
R1 epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [106312 2017-09-19] (ESET)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d65b7647eff8c45\nvlddmkm.sys [17020720 2017-11-28] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-11-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50624 2017-11-28] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57792 2017-11-28] (NVIDIA Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92992 2017-12-03] (Sysinternals - www.sysinternals.com)
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 smbdirect; C:\Windows\System32\DRIVERS\smbdirect.sys [151552 2017-09-29] (Microsoft Corporation)
R3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [34424 2016-08-20] (Texas Instruments, Inc.)
R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [39032 2016-08-20] (Texas Instruments, Inc.)
R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [199808 2017-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [210680 2017-10-18] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
R2 WinRing0_1_2_0; C:\Program Files (x86)\EVGA\Precision XOC\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 14:30 - 2017-12-03 14:30 - 000012158 _____ C:\Users\Admin\Downloads\FRST.txt
2017-12-03 14:30 - 2017-12-03 14:30 - 000000000 ____D C:\FRST
2017-12-03 14:29 - 2017-12-03 14:29 - 002391552 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2017-12-03 14:08 - 2017-12-03 14:08 - 131810576 _____ C:\Users\Admin\Documents\schuss2.hiv
2017-12-03 14:03 - 2017-12-03 14:04 - 131792324 _____ C:\Users\Admin\Documents\schuss 1.hiv
2017-12-03 14:01 - 2017-12-03 14:17 - 000000000 ____D C:\Users\Admin\Documents\regestry
2017-12-03 14:01 - 2017-12-03 14:01 - 000000000 ____D C:\Users\Admin\Downloads\Regshot-1.9.0
2017-12-03 14:00 - 2017-12-03 14:01 - 000291221 _____ C:\Users\Admin\Downloads\Regshot-1.9.0.zip
2017-12-03 13:53 - 2017-12-03 13:59 - 000000000 ____D C:\Users\Admin\Downloads\regfromapp
2017-12-03 13:53 - 2017-12-03 13:53 - 000048039 _____ C:\Users\Admin\Downloads\regfromapp.zip
2017-12-03 13:47 - 2017-12-03 13:52 - 000000000 ____D C:\Users\Admin\Downloads\regfromapp-x64
2017-12-03 13:47 - 2017-12-03 13:47 - 000059206 _____ C:\Users\Admin\Downloads\regfromapp-x64.zip
2017-12-03 13:28 - 2017-12-03 13:28 - 000092992 ____H (Sysinternals - www.sysinternals.com) C:\Windows\system32\Drivers\PROCMON23.SYS
2017-12-03 13:28 - 2017-12-03 13:28 - 000000000 ____D C:\Users\Admin\Downloads\ProcessMonitor
2017-12-03 13:27 - 2017-12-03 13:27 - 001004649 _____ C:\Users\Admin\Downloads\ProcessMonitor.zip
2017-12-03 13:21 - 2017-12-03 13:21 - 000000000 ____D C:\Users\Admin\Downloads\S1ndboxie.5.22
2017-12-03 13:14 - 2017-12-03 13:15 - 009173242 _____ C:\Users\Admin\Downloads\S1ndboxie.5.22.rar
2017-12-03 13:07 - 2017-12-03 13:07 - 001373756 _____ C:\Windows\Minidump\120317-21890-01.dmp
2017-12-03 13:04 - 2017-12-03 13:04 - 078346672 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mb3-setup-consumer-3.3.1.2183.exe
2017-12-03 13:00 - 2017-12-03 13:00 - 008187336 _____ (Malwarebytes) C:\Users\Admin\Downloads\adwcleaner_7.0.5.0.exe
2017-12-03 12:59 - 2017-12-03 13:02 - 000000000 ____D C:\AdwCleaner
2017-12-03 12:59 - 2017-12-03 12:59 - 008261584 _____ (Malwarebytes) C:\Users\Admin\Downloads\AdwCleaner_7.0.4.0.exe
2017-12-03 12:33 - 2017-12-03 12:33 - 000000020 _____ C:\Users\Admin\Downloads\2.txt
2017-12-03 12:31 - 2017-12-03 12:31 - 000000019 _____ C:\Users\Admin\Downloads\New Text Document(1).txt
2017-12-03 12:22 - 2017-12-03 12:23 - 000000000 ____D C:\Users\Admin\AppData\Roaming\brave
2017-12-03 12:22 - 2017-12-03 12:22 - 000002241 _____ C:\Users\Admin\Desktop\Brave.lnk
2017-12-03 12:22 - 2017-12-03 12:22 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Brave Software
2017-12-03 12:22 - 2017-12-03 12:22 - 000000000 ____D C:\Users\Admin\AppData\Local\SquirrelTemp
2017-12-03 12:22 - 2017-12-03 12:22 - 000000000 ____D C:\Users\Admin\AppData\Local\brave
2017-12-03 12:21 - 2017-12-03 12:22 - 139492672 _____ (Brave Software) C:\Users\Admin\Downloads\BraveSetup-x64.exe
2017-12-03 12:15 - 2017-12-03 12:15 - 000000181 _____ C:\Users\Admin\Downloads\5keyhma.txt
2017-12-03 12:13 - 2017-12-03 12:13 - 000000019 _____ C:\Users\Admin\Downloads\New Text Document.txt
2017-12-03 12:10 - 2017-12-03 13:15 - 000000000 ____D C:\Program Files (x86)\HMA! Pro VPN
2017-12-03 12:10 - 2017-12-03 12:10 - 000003976 _____ C:\Windows\System32\Tasks\HMA! Pro VPN Update
2017-12-03 12:10 - 2017-12-03 12:10 - 000001073 _____ C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\Users\Admin\AppData\Local\CEF
2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\ProgramData\Privax
2017-12-03 12:10 - 2017-12-03 12:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Privax
2017-12-03 12:08 - 2017-12-03 12:08 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2017-12-03 12:08 - 2017-12-03 12:08 - 000000000 ____D C:\Users\DefaultAppPool
2017-12-03 11:45 - 2017-12-03 11:45 - 000000991 _____ C:\Users\Admin\Desktop\PsExec.exe - Shortcut.lnk
2017-12-03 10:58 - 2017-12-03 10:58 - 000000000 ____D C:\Users\Admin\Downloads\pcwMyRights_v2.0
2017-12-03 10:57 - 2017-12-03 10:57 - 002923177 _____ C:\Users\Admin\Downloads\pcwMyRights_v2.0.zip
2017-12-03 09:53 - 2017-12-03 14:07 - 000000000 ____D C:\CoinCollector
2017-12-03 09:53 - 2017-12-03 09:53 - 000001102 _____ C:\Users\Public\Desktop\CoinCollector.exe.lnk
2017-12-03 09:53 - 2017-12-03 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoinCollector
2017-12-03 09:53 - 2017-09-28 11:59 - 000001233 _____ C:\Users\Public\Desktop\MultiMiner.lnk
2017-12-03 09:47 - 2017-12-03 09:47 - 000000000 ____D C:\Users\Admin\AppData\Local\Tesseract-OCR
2017-12-03 09:40 - 2017-12-03 09:53 - 000000000 ____D C:\Users\Admin\AppData\Roaming\AutoClickBots
2017-12-03 09:40 - 2017-12-03 09:40 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesseract-OCR
2017-12-03 09:29 - 2017-12-03 09:29 - 086788848 _____ (Microsoft Corporation) C:\Users\Admin\Downloads\NDP462-DevPack-KB3151934-ENU.exe
2017-12-03 09:27 - 2017-12-03 09:27 - 000000000 ____D C:\Users\Admin\Downloads\CoinCollector_V5_Setup
2017-12-03 09:26 - 2017-12-03 09:27 - 117131675 _____ C:\Users\Admin\Downloads\CoinCollector_V5_Setup.zip
2017-12-03 09:12 - 2017-12-03 09:12 - 000002016 _____ C:\Users\Public\Desktop\ESET Sicheres Online-Banking und Bezahlen.lnk
2017-12-03 09:12 - 2017-12-03 09:12 - 000000000 ____D C:\Users\Admin\AppData\Local\ESET
2017-12-03 09:12 - 2017-12-03 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-12-03 09:12 - 2017-12-03 09:12 - 000000000 ____D C:\ProgramData\ESET
2017-12-03 09:12 - 2017-12-03 09:12 - 000000000 ____D C:\Program Files\ESET
2017-12-03 07:51 - 2017-12-03 07:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\GitHubVisualStudio
2017-12-03 07:51 - 2017-12-03 07:51 - 000000000 ____D C:\Users\Admin\AppData\Local\GitHubVisualStudio
2017-12-03 07:51 - 2017-12-03 07:51 - 000000000 ____D C:\Users\Admin\.dnx
2017-12-03 07:42 - 2017-12-03 07:42 - 000000000 ____D C:\Users\Admin\AppData\Local\GHISLER
2017-12-03 07:41 - 2017-12-03 07:42 - 000000000 ____D C:\totalcmd
2017-12-03 07:41 - 2017-12-03 07:41 - 005075616 _____ (Ghisler Software GmbH) C:\Users\Admin\Downloads\tcmd912x64.exe
2017-12-03 07:41 - 2017-12-03 07:41 - 000000683 _____ C:\Users\Admin\Desktop\Total Commander 64 bit.lnk
2017-12-03 07:41 - 2017-12-03 07:41 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Total Commander
2017-12-03 07:41 - 2017-12-03 07:41 - 000000000 ____D C:\Users\Admin\AppData\Roaming\GHISLER
2017-12-03 00:03 - 2017-12-03 00:03 - 000000000 _SHDL C:\Documents and Settings
2017-12-03 00:01 - 2017-12-03 13:07 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-12-03 00:01 - 2017-12-03 13:07 - 000000000 ____D C:\Windows\system32\SleepStudy
2017-12-03 00:01 - 2017-12-03 00:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-12-03 00:01 - 2017-12-03 00:01 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-12-03 00:01 - 2017-12-03 00:01 - 000000000 ____D C:\Windows\ServiceProfiles
2017-12-03 00:01 - 2017-12-02 20:57 - 000317040 _____ C:\Windows\system32\FNTCACHE.DAT
2017-12-03 00:00 - 2017-12-03 00:02 - 000000000 ____D C:\Windows\Panther
2017-12-02 20:57 - 2017-12-03 13:07 - 000000000 ____D C:\Windows\Minidump
2017-12-02 20:57 - 2017-12-03 13:06 - 839161476 _____ C:\Windows\MEMORY.DMP
2017-12-02 18:42 - 2017-12-02 18:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\NVIDIA
2017-12-02 18:42 - 2017-12-02 18:42 - 000000000 ____D C:\Users\Admin\AppData\Roaming\LibreOffice
2017-12-02 18:42 - 2017-12-02 18:42 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA
2017-12-02 18:41 - 2017-12-02 18:41 - 000001193 _____ C:\Users\Public\Desktop\LibreOffice 5.3.lnk
2017-12-02 18:41 - 2017-12-02 18:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.3
2017-12-02 18:41 - 2017-12-02 18:41 - 000000000 ____D C:\Program Files\LibreOffice 5
2017-12-02 18:31 - 2017-12-02 18:38 - 000000000 ____D C:\ProgramData\Isolated Storage
2017-12-02 18:31 - 2017-12-02 18:32 - 000000000 ____D C:\Users\Admin\AppData\Roaming\UBot Studio
2017-12-02 18:31 - 2017-12-02 18:31 - 000000000 ____D C:\Users\Admin\AppData\Roaming\exb
2017-12-02 18:15 - 2017-12-02 19:32 - 000000000 ____D C:\AdBTCBot
2017-12-02 18:15 - 2017-12-02 18:47 - 000000000 ____D C:\EasyHitsBot
2017-12-02 18:15 - 2017-12-02 18:36 - 000000000 ____D C:\FreebitBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\YouRoBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\No-MinBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\NeoBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\MoonliteBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\MoonbitBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\HitLinkBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\GetPaidBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\FreedogeBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\DonkeyBot
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\CoinCollectorV5
2017-12-02 18:15 - 2017-12-02 18:15 - 000000000 ____D C:\BitSurfBot
2017-12-02 18:14 - 2017-12-02 18:14 - 000001149 _____ C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2017-12-02 18:14 - 2017-12-02 18:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-12-02 18:14 - 2017-12-02 18:14 - 000000000 ____D C:\Program Files\Oracle
2017-12-02 18:14 - 2017-10-18 07:25 - 000972192 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2017-12-02 18:14 - 2017-10-18 07:25 - 000156136 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2017-12-02 18:13 - 2017-12-02 18:13 - 000001141 _____ C:\Users\Admin\Desktop\RazorSQL.lnk
2017-12-02 18:13 - 2017-12-02 18:13 - 000000000 ____D C:\Users\Admin\AppData\Roaming\RichardsonSoftware
2017-12-02 18:13 - 2017-12-02 18:13 - 000000000 ____D C:\Users\Admin\AppData\Roaming\RazorSQL
2017-12-02 18:13 - 2017-12-02 18:13 - 000000000 ____D C:\ProgramData\Oracle
2017-12-02 18:13 - 2017-12-02 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RazorSQL
2017-12-02 18:13 - 2017-12-02 18:13 - 000000000 ____D C:\Program Files (x86)\RazorSQL
2017-12-02 18:11 - 2017-12-03 13:07 - 000000000 ____D C:\Users\Admin\AppData\LocalLow\Mozilla
2017-12-02 18:11 - 2017-12-02 21:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-12-02 18:11 - 2017-12-02 21:11 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-12-02 18:11 - 2017-12-02 18:11 - 034169320 _____ (Mozilla) C:\Users\Admin\Downloads\Firefox Setup 55.0.3.exe
2017-12-02 18:11 - 2017-12-02 18:11 - 000001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-12-02 18:11 - 2017-12-02 18:11 - 000001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2017-12-02 18:11 - 2017-12-02 18:11 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Mozilla
2017-12-02 18:11 - 2017-12-02 18:11 - 000000000 ____D C:\Users\Admin\AppData\Local\Mozilla
2017-12-02 17:58 - 2017-12-02 17:58 - 007094520 _____ C:\Users\Admin\Downloads\Intel MEI Driver Installer v11.0.6.1194.rar
2017-12-02 17:58 - 2017-12-02 17:58 - 000000000 ____D C:\Users\Admin\Downloads\Intel MEI Driver Installer v11.0.6.1194
2017-12-02 17:58 - 2017-12-02 17:58 - 000000000 ____D C:\ProgramData\Intel
2017-12-02 17:58 - 2017-12-02 17:58 - 000000000 ____D C:\Program Files (x86)\Intel
2017-12-02 17:56 - 2017-12-02 17:56 - 003152242 _____ C:\Users\Admin\Downloads\Intel MEI Driver Installer v11.7.0.1052.rar
2017-12-02 17:56 - 2017-12-02 17:56 - 000000000 ____D C:\Users\Admin\Downloads\Intel MEI Driver Installer v11.7.0.1052
2017-12-02 17:50 - 2017-12-02 17:50 - 001116482 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-12-02 17:50 - 2017-12-02 17:50 - 000000020 ___SH C:\Users\.NET v4.5\ntuser.ini
2017-12-02 17:50 - 2017-12-02 17:50 - 000000020 ___SH C:\Users\.NET v4.5 Classic\ntuser.ini
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Windows\SysWOW64\BestPractices
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Windows\system32\msmq
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Windows\system32\BestPractices
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Users\.NET v4.5 Classic
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Users\.NET v4.5
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\Program Files\MSBuild
2017-12-02 17:50 - 2017-12-02 17:50 - 000000000 ____D C:\inetpub
2017-12-02 17:49 - 2017-09-28 15:50 - 001166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-12-02 17:49 - 2017-09-28 15:50 - 000124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 17:49 - 2017-09-28 15:50 - 000035456 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-12-02 17:49 - 2017-09-22 18:19 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-12-02 17:49 - 2017-09-22 18:19 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-12-02 17:49 - 2017-09-22 18:19 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-12-02 17:47 - 2017-12-02 17:47 - 000000000 ____D C:\Users\Admin\Intel
2017-12-02 17:47 - 2017-12-02 17:47 - 000000000 ____D C:\Users\Admin\Downloads\mei
2017-12-02 17:47 - 2017-12-02 17:47 - 000000000 ____D C:\Users\Admin\Downloads\intel_mei_corporate_11.7.0.1054(www.station-drivers.com)
2017-12-02 17:45 - 2017-12-02 17:45 - 000000000 ____D C:\Program Files\Intel
2017-12-02 17:44 - 2017-12-02 17:44 - 003022731 _____ (Igor Pavlov) C:\Users\Admin\Downloads\Intel_Chipset_10.1.2.9(www.station-drivers.com).exe
2017-12-02 17:44 - 2017-12-02 17:44 - 000000000 ____D C:\Users\Admin\Downloads\Intel_Chipset_10.1.2.9(www.station-drivers.com)
2017-12-02 17:41 - 2017-12-02 17:41 - 005215330 _____ C:\Users\Admin\Downloads\Intel_Chipset_Win7-10_V101144_20170821.zip
2017-12-02 17:41 - 2017-12-02 17:41 - 000000000 ____D C:\Users\Admin\Downloads\Intel_Chipset_Win7-10_V101144_20170821
2017-12-02 17:40 - 2017-12-02 17:41 - 106801724 _____ C:\Users\Admin\Downloads\intel_mei_corporate_11.7.0.1054(www.station-drivers.com).zip
2017-12-02 17:40 - 2017-12-02 17:40 - 072749387 _____ (Igor Pavlov) C:\Users\Admin\Downloads\intel_mei_11.7.0.1054(station-drivers.com).exe
2017-12-02 17:34 - 2017-12-02 17:34 - 102615032 _____ C:\Users\Admin\Downloads\MEI_Consumer_V11051189.zip
2017-12-02 17:29 - 2017-12-02 18:05 - 000003412 _____ C:\Windows\System32\Tasks\EVGAPrecisionX
2017-12-02 17:25 - 2017-12-02 17:25 - 000002255 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2017-12-02 17:25 - 2017-12-02 17:25 - 000002182 _____ C:\Users\Public\Desktop\EVGA Precision XOC.lnk
2017-12-02 17:25 - 2015-05-27 14:51 - 000156160 _____ C:\Windows\system32\FW1FontWrapper_x64.dll
2017-12-02 17:23 - 2017-12-02 17:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2017-12-02 17:23 - 2017-12-02 17:25 - 000000000 ____D C:\Program Files (x86)\EVGA
2017-12-02 17:23 - 2017-12-02 17:23 - 000002126 _____ C:\Users\Public\Desktop\EVGA GVT.lnk
2017-12-02 17:22 - 2017-12-02 17:22 - 000016369 _____ C:\Users\Admin\Downloads\EVGA-GVT-patch.rar
2017-12-02 17:22 - 2017-12-02 17:22 - 000000000 ____D C:\Users\Admin\Downloads\EVGA-GVT-patch
2017-12-02 17:22 - 2017-12-02 17:22 - 000000000 ____D C:\Users\Admin\Downloads\EVGA GPU Voltage Tuner 1.0
2017-12-02 17:19 - 2017-12-02 17:19 - 003685006 _____ C:\Users\Admin\Downloads\EVGA GPU Voltage Tuner 1.0.rar
2017-12-02 17:18 - 2017-12-02 17:18 - 042698792 _____ (EVGA Corporation ) C:\Users\Admin\Downloads\EVGA_PrecisionX_OC_Setup_v6.2.3.exe
2017-12-02 17:05 - 2017-12-02 17:05 - 000293341 _____ C:\Users\Admin\Downloads\nvidiaInspector-1.9.7.8.zip
2017-12-02 17:05 - 2017-12-02 17:05 - 000000000 ____D C:\Users\Admin\Downloads\nvidiaInspector-1.9.7.8
2017-12-02 17:03 - 2017-12-02 17:11 - 000000000 ____D C:\Users\Admin\AppData\Local\Google
2017-12-02 17:03 - 2017-12-02 17:09 - 000003416 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-12-02 17:03 - 2017-12-02 17:09 - 000003292 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-12-02 17:03 - 2017-12-02 17:03 - 000002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-12-02 17:03 - 2017-12-02 17:03 - 000002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-12-02 17:03 - 2017-12-02 17:03 - 000000000 ____D C:\Program Files (x86)\Google
2017-12-02 16:54 - 2017-12-02 16:54 - 000003142 _____ C:\Windows\System32\Tasks\MSIAfterburner
2017-12-02 16:52 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-12-02 16:52 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-12-02 16:52 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-12-02 16:52 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-12-02 16:52 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-12-02 16:52 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-12-02 16:52 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-12-02 16:52 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-12-02 16:52 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-12-02 16:52 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-12-02 16:52 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-12-02 16:52 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-12-02 16:52 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-12-02 16:52 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-12-02 16:52 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-12-02 16:52 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 005631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 004379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 002605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 002036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 000519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-12-02 16:52 - 2008-10-10 04:52 - 000452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-12-02 16:52 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-12-02 16:52 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-12-02 16:52 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-12-02 16:52 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-12-02 16:52 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-12-02 16:52 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-12-02 16:52 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-12-02 16:52 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-12-02 16:52 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-12-02 16:52 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-12-02 16:52 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-12-02 16:52 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-12-02 16:52 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-12-02 16:52 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-12-02 16:52 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-12-02 16:52 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-12-02 16:52 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-12-02 16:52 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-12-02 16:52 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-12-02 16:52 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-12-02 16:52 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-12-02 16:52 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-12-02 16:52 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-12-02 16:52 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-12-02 16:52 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-12-02 16:52 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-12-02 16:52 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-12-02 16:52 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-12-02 16:52 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-12-02 16:52 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-12-02 16:52 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-12-02 16:52 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-12-02 16:52 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-12-02 16:52 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-12-02 16:52 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-12-02 16:52 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-12-02 16:52 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-12-02 16:52 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-12-02 16:52 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-12-02 16:52 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-12-02 16:52 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-12-02 16:52 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-12-02 16:52 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-12-02 16:52 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-12-02 16:52 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-12-02 16:52 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-12-02 16:52 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-12-02 16:52 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-12-02 16:52 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-12-02 16:52 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-12-02 16:52 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-12-02 16:52 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-12-02 16:52 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-12-02 16:52 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-12-02 16:52 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-12-02 16:52 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-12-02 16:52 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-12-02 16:52 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-12-02 16:52 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-12-02 16:52 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-12-02 16:52 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-12-02 16:52 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-12-02 16:52 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-12-02 16:52 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-12-02 16:52 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-12-02 16:52 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-12-02 16:52 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-12-02 16:52 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-12-02 16:52 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-12-02 16:52 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-12-02 16:52 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-12-02 16:52 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-12-02 16:52 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-12-02 16:52 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-12-02 16:52 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-12-02 16:52 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-12-02 16:52 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-12-02 16:52 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-12-02 16:52 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-12-02 16:52 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-12-02 16:52 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-12-02 16:52 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-12-02 16:52 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-12-02 16:52 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-12-02 16:52 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-12-02 16:52 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-12-02 16:52 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-12-02 16:52 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-12-02 16:52 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-12-02 16:52 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-12-02 16:52 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-12-02 16:52 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-12-02 16:52 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-12-02 16:52 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-12-02 16:52 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-12-02 16:52 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-12-02 16:52 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-12-02 16:52 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-12-02 16:52 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-12-02 16:52 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-12-02 16:52 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-12-02 16:51 - 2017-12-02 17:25 - 000000000 ____D C:\Windows\SysWOW64\directx
2017-12-02 16:51 - 2017-12-02 16:51 - 000001155 _____ C:\Users\Admin\Desktop\MSI Afterburner.lnk
2017-12-02 16:51 - 2017-12-02 16:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2017-12-02 16:51 - 2017-12-02 16:51 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2017-12-02 16:51 - 2017-12-02 16:51 - 000000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-12-02 16:51 - 2017-12-02 16:51 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-12-02 16:50 - 2017-12-02 16:50 - 039238133 _____ C:\Users\Admin\Downloads\[Guru3D.com]-MSIAfterburnerSetup440.zip
2017-12-02 16:50 - 2017-12-02 16:50 - 000000000 ____D C:\Users\Admin\Downloads\[Guru3D.com]-MSIAfterburnerSetup440
2017-12-02 16:49 - 2017-12-02 17:30 - 000000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2017-12-02 16:48 - 2017-12-02 16:48 - 000002134 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2017-12-02 16:47 - 2017-12-03 12:25 - 000000000 ____D C:\Users\Admin\AppData\Local\NVIDIA Corporation
2017-12-02 16:47 - 2017-12-02 16:47 - 000001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-12-02 16:43 - 2017-12-02 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-12-02 16:43 - 2017-12-02 16:43 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003696 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-12-02 16:43 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-12-02 16:43 - 2017-11-28 02:56 - 002404800 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-12-02 16:43 - 2017-11-28 02:56 - 002070976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-12-02 16:43 - 2017-11-28 02:56 - 001309120 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2017-12-02 16:43 - 2017-11-28 02:56 - 000186304 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-12-02 16:43 - 2017-11-28 02:56 - 000152512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-12-02 16:43 - 2017-11-28 02:56 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-12-02 16:43 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-12-02 16:43 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-12-02 16:43 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-12-02 16:43 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-12-02 16:43 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-12-02 16:43 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-12-02 16:42 - 2017-12-02 16:42 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-12-02 16:42 - 2017-11-28 01:16 - 000137200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-12-02 16:42 - 2017-09-14 00:20 - 000798008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-12-02 16:42 - 2017-09-14 00:20 - 000490296 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-12-02 16:42 - 2017-09-14 00:19 - 000927544 _____ C:\Windows\system32\vulkan-1.dll
2017-12-02 16:42 - 2017-09-14 00:19 - 000591160 _____ C:\Windows\system32\vulkaninfo.exe
2017-12-02 16:40 - 2017-11-28 02:56 - 040238576 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 036348400 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 035159072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 029378960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 023266584 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 019039304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 013866792 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 013255032 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 011780888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 010883744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 004485560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 004202808 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 003817584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 003615024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001991016 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438843.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001674552 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438843.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001321264 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001135464 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001101296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001038680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 001032688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000982000 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000932424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000885680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000794392 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000740152 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000634224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000616240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000599536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000506864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-12-02 16:40 - 2017-11-28 02:56 - 000057792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-12-02 16:40 - 2017-11-28 02:56 - 000050624 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-12-02 16:40 - 2017-11-28 02:56 - 000045496 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-12-02 16:38 - 2017-12-02 16:38 - 000000000 ____D C:\NVIDIA
2017-12-02 16:37 - 2017-12-02 16:38 - 462853280 _____ (NVIDIA Corporation) C:\Users\Admin\Downloads\388.43-desktop-win10-64bit-international-whql.exe
2017-12-02 16:02 - 2017-12-02 16:02 - 000002296 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler ScriptEditor.lnk
2017-12-02 16:02 - 2017-12-02 16:02 - 000002156 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fiddler 4.lnk
2017-12-02 16:02 - 2017-12-02 16:02 - 000000000 ____D C:\Users\Admin\AppData\Local\PeerDistRepub
2017-12-02 16:01 - 2017-12-02 16:01 - 000001151 _____ C:\Users\Public\Desktop\Quadsoft easyCrypt.lnk
2017-12-02 16:01 - 2017-12-02 16:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quadsoft easyCrypt
2017-12-02 16:01 - 2017-12-02 16:01 - 000000000 ____D C:\Program Files (x86)\Quadsoft easyCrypt
2017-12-02 16:00 - 2017-12-02 16:00 - 000001156 _____ C:\Users\Admin\Desktop\BrowserAutomationStudio.lnk
2017-12-02 16:00 - 2017-12-02 16:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAutomationStudio
2017-12-02 16:00 - 2017-12-02 16:00 - 000000000 ____D C:\Users\Admin\AppData\Roaming\BrowserAutomationStudio
2017-12-02 15:59 - 2017-12-02 15:59 - 000001415 _____ C:\Users\Public\Desktop\Advanced Installer 14.5.1.lnk
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\ProgramData\regid.2003-04.com.caphyon
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Installer 14.5.1
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\ProgramData\Caphyon
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\Program Files\7-Zip
2017-12-02 15:59 - 2017-12-02 15:59 - 000000000 ____D C:\Program Files (x86)\Caphyon
2017-12-02 15:58 - 2017-12-02 18:15 - 000000000 ____D C:\New folder
2017-12-02 15:51 - 2017-12-02 15:51 - 000000000 ____D C:\Users\Admin\AppData\Local\DBG
2017-12-02 15:47 - 2017-12-03 07:53 - 000000000 ____D C:\Users\Admin\Documents\Visual Studio 2015
2017-12-02 15:44 - 2017-12-02 15:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python Tools for Visual Studio 2015
2017-12-02 15:43 - 2017-12-02 15:43 - 000000000 ____D C:\Users\Admin\AppData\Local\VSIXInstaller
2017-12-02 15:43 - 2017-12-02 15:43 - 000000000 ____D C:\Program Files (x86)\AppInsights
2017-12-02 15:42 - 2017-12-02 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2017-12-02 15:42 - 2017-12-02 15:42 - 000000000 ____D C:\ProgramData\Git
2017-12-02 15:42 - 2017-12-02 15:42 - 000000000 ____D C:\Program Files\Git
2017-12-02 15:40 - 2017-12-02 15:40 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-12-02 15:40 - 2017-09-28 21:31 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\DxToolsReportGenerator.dll
2017-12-02 15:40 - 2017-09-28 20:54 - 000095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DxToolsReportGenerator.dll
2017-12-02 15:40 - 2017-09-28 19:15 - 017928704 _____ (Microsoft Corporation) C:\Windows\system32\DXCaptureReplay.dll
2017-12-02 15:40 - 2017-09-28 19:07 - 000398336 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\DXCpl.exe
2017-12-02 15:40 - 2017-09-28 19:05 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsProxyStub.dll
2017-12-02 15:40 - 2017-09-28 19:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\system32\VSD3DWARPDebug.dll
2017-12-02 15:40 - 2017-09-28 19:03 - 005784576 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsDesktopEngine.exe
2017-12-02 15:40 - 2017-09-28 19:01 - 004907008 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsRemoteEngine.exe
2017-12-02 15:40 - 2017-09-28 19:01 - 000334336 _____ (Microsoft Corporation) C:\Windows\system32\DXGIDebug.dll
2017-12-02 15:40 - 2017-09-28 18:58 - 001312256 _____ (Microsoft Corporation) C:\Windows\system32\d3d11_3SDKLayers.dll
2017-12-02 15:40 - 2017-09-28 18:58 - 000538624 _____ (Microsoft Corporation) C:\Windows\system32\d2d1debug3.dll
2017-12-02 15:40 - 2017-09-28 18:56 - 002771968 _____ (Microsoft Corporation) C:\Windows\system32\d3d12SDKLayers.dll
2017-12-02 15:40 - 2017-09-28 18:55 - 001992192 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsOfflineAnalysis.dll
2017-12-02 15:40 - 2017-09-28 18:55 - 001178112 _____ (Microsoft Corporation) C:\Windows\system32\DXCap.exe
2017-12-02 15:40 - 2017-09-28 18:55 - 000284160 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsExperiment.dll
2017-12-02 15:40 - 2017-09-28 18:55 - 000161792 _____ (Microsoft Corporation) C:\Windows\system32\VsGraphicsCapture.dll
2017-12-02 15:40 - 2017-09-28 18:54 - 000188416 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsMonitor.dll
2017-12-02 15:40 - 2017-09-28 18:54 - 000175616 _____ (Microsoft Corporation) C:\Windows\system32\DXToolsReporting.dll
2017-12-02 15:40 - 2017-09-28 18:51 - 000349696 _____ (Microsoft Corporation) C:\Windows\system32\perf_gputiming.dll
2017-12-02 15:40 - 2017-09-28 18:50 - 014014976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCaptureReplay.dll
2017-12-02 15:40 - 2017-09-28 18:46 - 000375296 _____ (Windows (R) Win 7 DDK provider) C:\Windows\SysWOW64\DXCpl.exe
2017-12-02 15:40 - 2017-09-28 18:44 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VSD3DWARPDebug.dll
2017-12-02 15:40 - 2017-09-28 18:44 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2017-12-02 15:40 - 2017-09-28 18:41 - 000239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXGIDebug.dll
2017-12-02 15:40 - 2017-09-28 18:40 - 003657216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsRemoteEngine.exe
2017-12-02 15:40 - 2017-09-28 18:40 - 001064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11_3SDKLayers.dll
2017-12-02 15:40 - 2017-09-28 18:38 - 000464384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1debug3.dll
2017-12-02 15:40 - 2017-09-28 18:37 - 004550144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2017-12-02 15:40 - 2017-09-28 18:35 - 002216960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d12SDKLayers.dll
2017-12-02 15:40 - 2017-09-28 18:35 - 001496064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsOfflineAnalysis.dll
2017-12-02 15:40 - 2017-09-28 18:35 - 000921088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXCap.exe
2017-12-02 15:40 - 2017-09-28 18:34 - 000218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsExperiment.dll
2017-12-02 15:40 - 2017-09-28 18:34 - 000142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsMonitor.dll
2017-12-02 15:40 - 2017-09-28 18:34 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsCapture.dll
2017-12-02 15:40 - 2017-09-28 18:34 - 000118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DXToolsReporting.dll
2017-12-02 15:40 - 2017-09-28 18:31 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\perf_gputiming.dll

soliver84 · 03.12.2017, 17:52

Firts2

Code:

ATTFilter

2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files\Windows Identity Foundation
2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files\SharePoint Client Components
2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files\Microsoft Identity Extensions
2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files (x86)\Workflow Manager Tools
2017-12-02 15:38 - 2017-12-02 15:38 - 000000000 ____D C:\Program Files (x86)\Open XML SDK
2017-12-02 15:37 - 2017-12-02 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2017-12-02 15:37 - 2017-12-02 15:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-12-02 15:37 - 2017-12-02 15:37 - 000000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\Program Files\Application Verifier
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2017-12-02 15:36 - 2017-12-02 15:36 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2017-12-02 15:35 - 2017-12-02 15:40 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\ProgramData\PreEmptive Solutions
2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\ProgramData\Microsoft DNX
2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\Program Files\Microsoft DNX
2017-12-02 15:35 - 2017-12-02 15:35 - 000000000 ____D C:\Program Files (x86)\ShellDir
2017-12-02 15:34 - 2017-12-02 15:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2017-12-02 15:33 - 2017-12-02 15:33 - 000000000 ____D C:\Program Files\IIS Express
2017-12-02 15:33 - 2017-12-02 15:33 - 000000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2017-12-02 15:33 - 2017-12-02 15:33 - 000000000 ____D C:\Program Files (x86)\IIS Express
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\ProgramData\NuGet
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\Program Files\IIS
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\Program Files (x86)\NuGet
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2017-12-02 15:32 - 2017-12-02 15:32 - 000000000 ____D C:\Program Files (x86)\IIS
2017-12-02 15:31 - 2017-12-02 15:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-12-02 15:31 - 2017-12-02 15:31 - 000001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2017-12-02 15:31 - 2017-12-02 15:31 - 000000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2017-12-02 15:31 - 2017-12-02 15:31 - 000000000 ____D C:\Program Files (x86)\HTML Help Workshop
2017-12-02 15:30 - 2017-12-02 15:30 - 000001474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Test Manager 2015.lnk
2017-12-02 15:29 - 2017-12-02 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2017-12-02 15:29 - 2017-12-02 15:29 - 000000000 ____D C:\Windows\symbols
2017-12-02 15:29 - 2017-12-02 15:29 - 000000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2017-12-02 15:28 - 2017-12-02 15:40 - 000000000 ____D C:\Program Files\Microsoft SQL Server
2017-12-02 15:28 - 2017-12-02 15:40 - 000000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2017-12-02 15:28 - 2017-12-02 15:30 - 000000000 ____D C:\Windows\SysWOW64\1033
2017-12-02 15:28 - 2017-12-02 15:28 - 000001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2017-12-02 15:28 - 2017-12-02 15:28 - 000000000 ____D C:\Windows\system32\1033
2017-12-02 15:27 - 2017-12-03 09:29 - 000000000 ____D C:\ProgramData\Package Cache
2017-12-02 15:27 - 2017-12-02 15:59 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-12-02 15:27 - 2017-12-02 15:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-12-02 15:27 - 2017-12-02 15:40 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-12-02 15:27 - 2017-12-02 15:35 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-12-02 15:27 - 2017-12-02 15:27 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-12-02 15:23 - 2017-12-02 15:37 - 000000000 ____D C:\Users\Admin\AppData\Local\PlaceholderTileLogoFolder
2017-12-02 15:22 - 2017-12-02 15:22 - 000000405 _____ C:\Users\Admin\Desktop\Control Panel.lnk
2017-12-02 15:21 - 2017-12-03 08:06 - 000000000 ____D C:\Users\Admin\AppData\Local\Comms
2017-12-02 15:20 - 2017-12-02 15:20 - 000000000 ____D C:\Users\Public\Creative
2017-12-02 15:18 - 2017-12-02 15:12 - 000545440 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2017-12-02 15:17 - 2017-12-03 13:07 - 000000000 ____D C:\ProgramData\NVIDIA
2017-12-02 15:17 - 2017-12-02 16:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-12-02 15:17 - 2017-12-02 16:43 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-12-02 15:17 - 2017-12-02 16:43 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-12-02 15:17 - 2017-11-28 02:56 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2017-12-02 15:17 - 2017-11-28 01:06 - 005965624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 002588976 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 001766288 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 000608240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 000450544 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 000122768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-12-02 15:17 - 2017-11-28 01:06 - 000082736 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-12-02 15:17 - 2017-11-20 12:04 - 007874971 _____ C:\Windows\system32\nvcoproc.bin
2017-12-02 15:17 - 2017-11-09 04:43 - 000540784 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-12-02 15:16 - 2017-12-02 15:16 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2017-12-02 15:16 - 2017-12-02 15:16 - 127017032 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-12-02 15:16 - 2017-12-02 15:16 - 000000000 ____D C:\Windows\system32\MRT
2017-12-02 15:14 - 2017-11-26 21:35 - 017084416 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2017-12-02 15:14 - 2017-11-26 21:32 - 021754368 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2017-12-02 15:14 - 2017-11-26 21:15 - 000882688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2017-12-02 15:14 - 2017-11-26 21:15 - 000666112 _____ (Microsoft Corporation) C:\Windows\system32\DHolographicDisplay.dll
2017-12-02 15:14 - 2017-11-26 17:43 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2017-12-02 15:14 - 2017-11-26 14:48 - 001200536 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2017-12-02 15:14 - 2017-11-26 14:47 - 001053592 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2017-12-02 15:14 - 2017-11-26 14:45 - 001642520 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2017-12-02 15:14 - 2017-11-26 14:45 - 000779440 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2017-12-02 15:14 - 2017-11-26 14:45 - 000319352 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-12-02 15:14 - 2017-11-26 14:45 - 000264040 _____ (Microsoft Corporation) C:\Windows\system32\MusNotifyIcon.exe
2017-12-02 15:14 - 2017-11-26 14:45 - 000198888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-12-02 15:14 - 2017-11-26 14:41 - 000285080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2017-12-02 15:14 - 2017-11-26 14:38 - 001636376 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2017-12-02 15:14 - 2017-11-26 14:37 - 001277848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2017-12-02 15:14 - 2017-11-26 14:35 - 001090440 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-12-02 15:14 - 2017-11-26 14:35 - 000924136 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-12-02 15:14 - 2017-11-26 14:33 - 008590744 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-12-02 15:14 - 2017-11-26 14:33 - 002395032 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2017-12-02 15:14 - 2017-11-26 14:33 - 001208184 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-12-02 15:14 - 2017-11-26 14:33 - 001003104 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-12-02 15:14 - 2017-11-26 14:33 - 000471960 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2017-12-02 15:14 - 2017-11-26 14:33 - 000398744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2017-12-02 15:14 - 2017-11-26 14:33 - 000166808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2017-12-02 15:14 - 2017-11-26 14:32 - 000630752 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2017-12-02 15:14 - 2017-11-26 14:32 - 000373656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-12-02 15:14 - 2017-11-26 14:32 - 000184984 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-12-02 15:14 - 2017-11-26 14:32 - 000082840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgr.sys
2017-12-02 15:14 - 2017-11-26 14:31 - 000571288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-12-02 15:14 - 2017-11-26 14:31 - 000525208 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2017-12-02 15:14 - 2017-11-26 14:31 - 000187288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2017-12-02 15:14 - 2017-11-26 14:30 - 001488792 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2017-12-02 15:14 - 2017-11-26 14:29 - 003903272 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2017-12-02 15:14 - 2017-11-26 14:29 - 003010720 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-12-02 15:14 - 2017-11-26 14:29 - 002573208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-12-02 15:14 - 2017-11-26 14:29 - 000891800 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2017-12-02 15:14 - 2017-11-26 14:29 - 000840440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Perception.Stub.dll
2017-12-02 15:14 - 2017-11-26 14:29 - 000749976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2017-12-02 15:14 - 2017-11-26 14:29 - 000703536 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-12-02 15:14 - 2017-11-26 14:29 - 000436120 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2017-12-02 15:14 - 2017-11-26 14:28 - 007676296 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2017-12-02 15:14 - 2017-11-26 14:28 - 001259344 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2017-12-02 15:14 - 2017-11-26 14:28 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Services.TargetedContent.dll
2017-12-02 15:14 - 2017-11-26 14:28 - 000713624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-12-02 15:14 - 2017-11-26 14:28 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2017-12-02 15:14 - 2017-11-26 14:28 - 000495000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-12-02 15:14 - 2017-11-26 14:28 - 000149400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2017-12-02 15:14 - 2017-11-26 14:27 - 002446744 _____ (Microsoft Corporation) C:\Windows\system32\UpdateAgent.dll
2017-12-02 15:14 - 2017-11-26 14:27 - 002412168 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2017-12-02 15:14 - 2017-11-26 14:27 - 001413760 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-12-02 15:14 - 2017-11-26 14:27 - 000464408 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2017-12-02 15:14 - 2017-11-26 14:27 - 000230296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-12-02 15:14 - 2017-11-26 14:27 - 000129432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvsocket.sys
2017-12-02 15:14 - 2017-11-26 14:26 - 000428952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2017-12-02 15:14 - 2017-11-26 14:26 - 000048112 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-12-02 15:14 - 2017-11-26 14:25 - 000902416 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2017-12-02 15:14 - 2017-11-26 14:24 - 021352136 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 007386664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 001694224 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 001426160 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 001170008 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 001054280 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 000754688 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2017-12-02 15:14 - 2017-11-26 14:23 - 000603920 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2017-12-02 15:14 - 2017-11-26 14:23 - 000374032 _____ (Microsoft Corporation) C:\Windows\system32\vac.exe
2017-12-02 15:14 - 2017-11-26 14:22 - 000404888 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 002220952 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystems64.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 001778584 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 001628056 _____ (Microsoft Corporation) C:\Windows\system32\AppVIntegration.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 001585376 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 001420696 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntSubsystemController.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000831384 _____ (Microsoft Corporation) C:\Windows\system32\AppVOrchestration.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000819096 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2017-12-02 15:14 - 2017-11-26 14:21 - 000813976 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntStreamingManager.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000744856 _____ (Microsoft Corporation) C:\Windows\system32\AppVReporting.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000669592 _____ (Microsoft Corporation) C:\Windows\system32\AppVCatalog.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000654048 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-12-02 15:14 - 2017-11-26 14:21 - 000645528 _____ (Microsoft Corporation) C:\Windows\system32\AppVPublishing.dll
2017-12-02 15:14 - 2017-11-26 14:20 - 000615768 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-12-02 15:14 - 2017-11-26 14:20 - 000519152 _____ (Microsoft Corporation) C:\Windows\system32\SecurityHealthService.exe
2017-12-02 15:14 - 2017-11-26 13:57 - 001664000 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 003670016 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2017-12-02 15:14 - 2017-11-26 13:55 - 001307136 _____ (Microsoft Corporation) C:\Windows\system32\InstallService.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 001289216 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\AcGenral.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 000301056 _____ (Microsoft Corporation) C:\Windows\system32\AcLayers.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 000211456 _____ (Microsoft Corporation) C:\Windows\system32\MusNotificationUx.exe
2017-12-02 15:14 - 2017-11-26 13:55 - 000175104 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll
2017-12-02 15:14 - 2017-11-26 13:55 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\DeviceUpdateAgent.dll
2017-12-02 15:14 - 2017-11-26 13:54 - 000327680 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2017-12-02 15:14 - 2017-11-26 13:54 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\usoapi.dll
2017-12-02 15:14 - 2017-11-26 13:48 - 012829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-12-02 15:14 - 2017-11-26 13:47 - 002890240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2017-12-02 15:14 - 2017-11-26 13:43 - 000239104 _____ (Microsoft Corporation) C:\Windows\system32\smartscreenps.dll
2017-12-02 15:14 - 2017-11-26 13:36 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2017-12-02 15:14 - 2017-11-26 13:36 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll
2017-12-02 15:14 - 2017-11-26 13:36 - 000168448 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_SIUF.dll
2017-12-02 15:14 - 2017-11-26 13:36 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2017-12-02 15:14 - 2017-11-26 13:35 - 000170496 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-02 15:14 - 2017-11-26 13:35 - 000057856 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2017-12-02 15:14 - 2017-11-26 13:34 - 000126464 _____ (Microsoft Corporation) C:\Windows\system32\cryptcatsvc.dll
2017-12-02 15:14 - 2017-11-26 13:33 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\SpatializerApo.dll
2017-12-02 15:14 - 2017-11-26 13:31 - 001495040 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2017-12-02 15:14 - 2017-11-26 13:31 - 000529408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2017-12-02 15:14 - 2017-11-26 13:31 - 000115200 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2017-12-02 15:14 - 2017-11-26 13:31 - 000073216 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2017-12-02 15:14 - 2017-11-26 13:29 - 002106880 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2017-12-02 15:14 - 2017-11-26 13:29 - 000540672 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2017-12-02 15:14 - 2017-11-26 13:29 - 000474112 _____ (Microsoft Corporation) C:\Windows\system32\DictationManager.dll
2017-12-02 15:14 - 2017-11-26 13:29 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2017-12-02 15:14 - 2017-11-26 13:29 - 000424960 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2017-12-02 15:14 - 2017-11-26 13:29 - 000238080 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll
2017-12-02 15:14 - 2017-11-26 13:28 - 000394752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2017-12-02 15:14 - 2017-11-26 13:26 - 000830464 _____ (Microsoft Corporation) C:\Windows\system32\d3d9on12.dll
2017-12-02 15:14 - 2017-11-26 13:26 - 000770048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2017-12-02 15:14 - 2017-11-26 13:26 - 000568832 _____ (Microsoft Corporation) C:\Windows\system32\TileDataRepository.dll
2017-12-02 15:14 - 2017-11-26 13:26 - 000432640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 025247744 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 001425408 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 000708096 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 000516096 _____ (Microsoft Corporation) C:\Windows\system32\ActivationManager.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 000354304 _____ (Microsoft Corporation) C:\Windows\system32\WwaApi.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 000292864 _____ (Microsoft Corporation) C:\Windows\system32\ExecModelClient.dll
2017-12-02 15:14 - 2017-11-26 13:25 - 000266752 _____ (Microsoft Corporation) C:\Windows\system32\SIHClient.exe
2017-12-02 15:14 - 2017-11-26 13:23 - 000588288 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2017-12-02 15:14 - 2017-11-26 13:22 - 000720896 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2017-12-02 15:14 - 2017-11-26 13:21 - 008099328 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2017-12-02 15:14 - 2017-11-26 13:19 - 001167360 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2017-12-02 15:14 - 2017-11-26 13:19 - 000887296 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2017-12-02 15:14 - 2017-11-26 13:19 - 000059392 _____ (Microsoft Corporation) C:\Windows\system32\aadjcsp.dll
2017-12-02 15:14 - 2017-11-26 13:18 - 003186688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.CloudStore.dll
2017-12-02 15:14 - 2017-11-26 13:18 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2017-12-02 15:14 - 2017-11-26 13:18 - 000556544 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2017-12-02 15:14 - 2017-11-26 13:17 - 003334144 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-12-02 15:14 - 2017-11-26 13:17 - 002208768 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2017-12-02 15:14 - 2017-11-26 13:17 - 001054720 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-12-02 15:14 - 2017-11-26 13:08 - 017159680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2017-12-02 15:14 - 2017-11-26 13:06 - 023659008 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-12-02 15:14 - 2017-11-26 13:06 - 007545344 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2017-12-02 15:14 - 2017-11-26 13:06 - 001822208 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-12-02 15:14 - 2017-11-26 13:05 - 000462336 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2017-12-02 15:14 - 2017-11-26 13:04 - 003578368 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2017-12-02 15:14 - 2017-11-26 13:04 - 002596352 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2017-12-02 15:14 - 2017-11-26 13:04 - 001353728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2017-12-02 15:14 - 2017-11-26 13:03 - 004772352 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2017-12-02 15:14 - 2017-11-26 13:03 - 004742144 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-12-02 15:14 - 2017-11-26 13:03 - 002862080 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2017-12-02 15:14 - 2017-11-26 13:03 - 002783744 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-12-02 15:14 - 2017-11-26 13:01 - 003163648 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2017-12-02 15:14 - 2017-11-26 13:00 - 000899584 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-12-02 15:14 - 2017-11-26 13:00 - 000685056 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2017-12-02 15:14 - 2017-11-26 12:59 - 004814848 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2017-12-02 15:14 - 2017-11-26 12:59 - 000726016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-12-02 15:14 - 2017-11-26 12:59 - 000259072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-12-02 15:14 - 2017-11-26 12:58 - 001485824 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2017-12-02 15:14 - 2017-11-26 12:58 - 000151040 _____ (Microsoft Corporation) C:\Windows\system32\umpo.dll
2017-12-02 15:14 - 2017-11-26 12:55 - 001739264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2017-12-02 15:14 - 2017-11-26 12:48 - 001570816 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2017-12-02 15:14 - 2017-11-26 12:48 - 000534528 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2017-12-02 15:14 - 2017-11-26 12:48 - 000079360 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2017-12-02 15:14 - 2017-11-26 12:21 - 001474680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2017-12-02 15:14 - 2017-11-26 12:21 - 001432816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2017-12-02 15:14 - 2017-11-26 12:20 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2017-12-02 15:14 - 2017-11-26 12:12 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-12-02 15:14 - 2017-11-26 12:04 - 001145112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-12-02 15:14 - 2017-11-26 12:04 - 000769096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-12-02 15:14 - 2017-11-26 12:02 - 003484848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2017-12-02 15:14 - 2017-11-26 12:02 - 001124760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 006092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 002339296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 000791960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2017-12-02 15:14 - 2017-11-26 12:01 - 000746904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 000590944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2017-12-02 15:14 - 2017-11-26 12:01 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2017-12-02 15:14 - 2017-11-26 12:00 - 001990160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2017-12-02 15:14 - 2017-11-26 12:00 - 000592280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2017-12-02 15:14 - 2017-11-26 12:00 - 000353848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-12-02 15:14 - 2017-11-26 11:59 - 000703568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 020286120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 006483176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 001148216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 001057824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2017-12-02 15:14 - 2017-11-26 11:58 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2017-12-02 15:14 - 2017-11-26 11:57 - 001490840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2017-12-02 15:14 - 2017-11-26 11:51 - 001558856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2017-12-02 15:14 - 2017-11-26 11:51 - 000661664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2017-12-02 15:14 - 2017-11-26 11:41 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 001005568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallService.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2017-12-02 15:14 - 2017-11-26 11:41 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2017-12-02 15:14 - 2017-11-26 11:40 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2017-12-02 15:14 - 2017-11-26 11:38 - 000271872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SpatializerApo.dll
2017-12-02 15:14 - 2017-11-26 11:37 - 000098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2017-12-02 15:14 - 2017-11-26 11:36 - 013703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2017-12-02 15:14 - 2017-11-26 11:36 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2017-12-02 15:14 - 2017-11-26 11:36 - 000444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActivationManager.dll
2017-12-02 15:14 - 2017-11-26 11:36 - 000351232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DictationManager.dll
2017-12-02 15:14 - 2017-11-26 11:36 - 000315392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-02 15:14 - 2017-11-26 11:35 - 018915840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2017-12-02 15:14 - 2017-11-26 11:35 - 000557056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9on12.dll
2017-12-02 15:14 - 2017-11-26 11:35 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2017-12-02 15:14 - 2017-11-26 11:35 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2017-12-02 15:14 - 2017-11-26 11:35 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExecModelClient.dll
2017-12-02 15:14 - 2017-11-26 11:34 - 019339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-12-02 15:14 - 2017-11-26 11:34 - 006466560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2017-12-02 15:14 - 2017-11-26 11:34 - 000559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-12-02 15:14 - 2017-11-26 11:32 - 011923456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-12-02 15:14 - 2017-11-26 11:31 - 000660480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2017-12-02 15:14 - 2017-11-26 11:31 - 000456704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2017-12-02 15:14 - 2017-11-26 11:30 - 006036480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2017-12-02 15:14 - 2017-11-26 11:30 - 004385280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2017-12-02 15:14 - 2017-11-26 11:30 - 003679232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-12-02 15:14 - 2017-11-26 11:30 - 002859520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2017-12-02 15:14 - 2017-11-26 11:30 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2017-12-02 15:14 - 2017-11-26 11:29 - 002869760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-12-02 15:14 - 2017-11-26 11:29 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-12-02 15:14 - 2017-11-26 11:29 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2017-12-02 15:14 - 2017-11-26 11:29 - 000823808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-12-02 15:14 - 2017-11-26 11:28 - 004249600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-12-02 15:14 - 2017-11-26 11:27 - 001509888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2017-12-02 15:14 - 2017-11-26 11:24 - 000614912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2017-12-02 15:14 - 2017-11-26 11:24 - 000068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2017-12-02 15:14 - 2017-11-19 08:35 - 003331520 _____ C:\Windows\system32\Windows.Mirage.dll
2017-12-02 15:14 - 2017-11-19 03:20 - 002491112 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2017-12-02 15:12 - 2017-12-02 15:12 - 000000000 ____D C:\ProgramData\USOShared
2017-12-02 15:08 - 2017-12-02 15:08 - 000003374 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-738614823-346164979-3814199400-1001
2017-12-02 15:08 - 2017-12-02 15:08 - 000002363 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-12-02 15:08 - 2017-12-02 15:08 - 000000000 ___RD C:\Users\Admin\OneDrive
2017-12-02 15:07 - 2017-12-03 13:13 - 001195994 _____ C:\Windows\system32\PerfStringBackup.INI
2017-12-02 15:07 - 2017-12-02 15:07 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-12-02 15:06 - 2017-12-03 08:05 - 000000000 ____D C:\Users\Admin\AppData\Local\Packages
2017-12-02 15:06 - 2017-12-02 15:27 - 000000000 ____D C:\Users\Admin\AppData\Local\Publishers
2017-12-02 15:06 - 2017-12-02 15:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-12-02 15:06 - 2017-12-02 15:20 - 000000000 ___RD C:\Users\Admin\3D Objects
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ___HD C:\Users\Admin\MicrosoftEdgeBackups
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ____D C:\Users\Admin\AppData\Local\MicrosoftEdge
2017-12-02 15:06 - 2017-12-02 15:06 - 000000000 ____D C:\Users\Admin\AppData\Local\ConnectedDevicesPlatform
2017-12-02 15:06 - 2017-09-29 04:05 - 012039168 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons0007.dll
2017-12-02 15:06 - 2017-09-29 04:04 - 011602432 _____ (Microsoft Corporation) C:\Windows\system32\prm0007.dll
2017-12-02 15:06 - 2017-09-29 03:55 - 002077184 _____ (Microsoft Corporation) C:\Windows\system32\NlsData0007.dll
2017-12-02 15:06 - 2017-09-29 03:44 - 012039168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons0007.dll
2017-12-02 15:06 - 2017-09-29 03:42 - 001993216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData0007.dll
2017-12-02 15:05 - 2017-12-03 13:04 - 000000000 ____D C:\Users\Admin
2017-12-02 15:05 - 2017-12-02 15:05 - 000000020 ___SH C:\Users\Admin\ntuser.ini
2017-12-02 15:03 - 2017-12-02 15:03 - 000000000 ____D C:\Windows\CSC
2017-12-02 15:03 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2017-11-20 23:43 - 2017-12-03 10:54 - 000000000 ____D C:\PSTools
2017-11-10 01:17 - 2017-11-10 01:17 - 013655552 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 012687360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 007831248 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 006791472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 006015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 005906264 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 004648528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 004487968 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 003478016 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002972672 _____ (Microsoft Corporation) C:\Windows\system32\twinui.pcshell.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002717392 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002633216 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002465848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 002269080 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001970520 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001954048 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001806336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001667584 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001634288 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001615720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001554216 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001547264 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001507736 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001463856 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001454568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001377080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001322496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001280000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 001015008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000975872 _____ C:\Windows\system32\FaceProcessor.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000956416 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2017-11-10 01:17 - 2017-11-10 01:17 - 000925184 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000812032 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000768512 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000739696 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000710920 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000677280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000665088 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000654848 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000612760 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000610712 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000559512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000555416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2017-11-10 01:17 - 2017-11-10 01:17 - 000542208 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000479912 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000478208 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000461312 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000442880 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000418712 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000362176 _____ (Microsoft Corporation) C:\Windows\system32\BioIso.exe
2017-11-10 01:17 - 2017-11-10 01:17 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000336896 _____ (Microsoft Corporation) C:\Windows\system32\HolographicRuntimes.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000269696 _____ C:\Windows\system32\FaceProcessorCore.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000227328 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManager.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000147864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000135168 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_CapabilityAccess.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmCx.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000097792 _____ C:\Windows\system32\runexehelper.exe
2017-11-10 01:17 - 2017-11-10 01:17 - 000095744 _____ (Microsoft Corporation) C:\Windows\system32\CapabilityAccessManagerClient.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000060824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\urscx01000.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000058880 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000057344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UcmUcsi.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000056320 _____ (Microsoft Corporation) C:\Windows\system32\AcSpecfc.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000046080 _____ (Microsoft Corporation) C:\Windows\system32\rdrleakdiag.exe
2017-11-10 01:17 - 2017-11-10 01:17 - 000045464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storufs.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
2017-11-10 01:17 - 2017-11-10 01:17 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2017-11-10 01:17 - 2017-11-10 01:17 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcVSp1res.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\msdtcVSp1res.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-11-10 01:17 - 2017-11-10 01:17 - 000000000 ____D C:\Windows\containers
2017-11-09 04:41 - 2017-11-28 02:56 - 000495664 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstusb.sys
2017-11-09 04:40 - 2017-11-28 02:56 - 001621552 _____ (NVIDIA Corporation) C:\Windows\system32\nvir3dgenco64.dll
2017-11-09 04:38 - 2017-11-28 02:56 - 001615472 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-11-09 04:38 - 2017-11-28 02:56 - 000225208 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-11-09 04:38 - 2017-11-09 04:38 - 001997752 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438813.dll
2017-11-09 04:38 - 2017-11-09 04:38 - 001682544 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438813.dll
2017-11-09 03:57 - 2017-11-28 02:56 - 000048442 _____ C:\Windows\system32\nvinfo.pb
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-11-09 03:57 - 2017-11-09 03:57 - 000000669 _____ C:\Windows\system32\nv-vk64.json

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-03 13:13 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2017-12-03 13:12 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2017-12-03 13:12 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\AppReadiness
2017-12-03 13:05 - 2017-09-29 09:45 - 000524288 _____ C:\Windows\system32\config\BBI
2017-12-03 09:13 - 2017-09-29 14:44 - 000000000 ____D C:\Windows\INF
2017-12-03 09:12 - 2017-09-29 14:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2017-12-03 03:18 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\appcompat
2017-12-03 00:02 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Sysprep
2017-12-03 00:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\PrintDialog
2017-12-03 00:01 - 2017-09-29 14:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2017-12-03 00:01 - 2017-09-29 09:45 - 000032768 _____ C:\Windows\system32\config\ELAM
2017-12-03 00:00 - 2017-09-29 14:46 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-12-02 18:06 - 2017-09-29 14:37 - 000000000 ____D C:\Windows\CbsTemp
2017-12-02 17:50 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\inetsrv
2017-12-02 17:50 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\inetsrv
2017-12-02 17:50 - 2017-09-29 14:43 - 000613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqsnap.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqutil.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000261632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000204288 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000156160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqrt.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000096256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa.tlb
2017-12-02 17:50 - 2017-09-29 14:43 - 000090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa30.tlb
2017-12-02 17:50 - 2017-09-29 14:43 - 000055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa20.tlb
2017-12-02 17:50 - 2017-09-29 14:43 - 000052736 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqoa10.tlb
2017-12-02 17:50 - 2017-09-29 14:43 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2017-12-02 17:50 - 2017-09-29 14:43 - 000014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqcertui.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\cngkeyhelper.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngkeyhelper.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2017-12-02 17:50 - 2017-09-29 14:43 - 000009096 _____ C:\Windows\SysWOW64\msmqtrc.mof
2017-12-02 17:50 - 2017-09-29 14:42 - 000054272 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2017-12-02 17:50 - 2017-09-29 14:42 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2017-12-02 17:50 - 2017-09-29 14:42 - 000015360 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2017-12-02 17:50 - 2017-09-29 14:42 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 001381888 _____ (Microsoft Corporation) C:\Windows\system32\mqqm.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000776192 _____ (Microsoft Corporation) C:\Windows\system32\mqsnap.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000564224 _____ (Microsoft Corporation) C:\Windows\system32\mqutil.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000306688 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000222720 _____ (Microsoft Corporation) C:\Windows\system32\mqrt.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000176128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mqac.sys
2017-12-02 17:50 - 2017-09-29 14:41 - 000125952 _____ (Microsoft Corporation) C:\Windows\system32\mqlogmgr.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000096256 _____ (Microsoft Corporation) C:\Windows\system32\mqoa.tlb
2017-12-02 17:50 - 2017-09-29 14:41 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\mqoa30.tlb
2017-12-02 17:50 - 2017-09-29 14:41 - 000055296 _____ (Microsoft Corporation) C:\Windows\system32\mqoa20.tlb
2017-12-02 17:50 - 2017-09-29 14:41 - 000053248 _____ (Microsoft Corporation) C:\Windows\system32\mqbkup.exe
2017-12-02 17:50 - 2017-09-29 14:41 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\mqoa10.tlb
2017-12-02 17:50 - 2017-09-29 14:41 - 000026112 _____ (Microsoft Corporation) C:\Windows\system32\mqsvc.exe
2017-12-02 17:50 - 2017-09-29 14:41 - 000017408 _____ (Microsoft Corporation) C:\Windows\system32\mqcertui.dll
2017-12-02 17:50 - 2017-09-29 14:41 - 000009096 _____ C:\Windows\system32\msmqtrc.mof
2017-12-02 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-12-02 15:38 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-12-02 15:19 - 2017-09-29 15:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\TextInput
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\WinMetadata
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\oobe
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\appraiser
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\ShellExperiences
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Provisioning
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Defender
2017-12-02 15:19 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2017-12-02 15:17 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\Help
2017-12-02 15:14 - 2017-09-29 14:42 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-12-02 15:14 - 2017-09-29 14:41 - 001856000 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-12-02 15:14 - 2017-09-29 14:41 - 000246168 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2017-12-02 15:14 - 2017-09-29 14:41 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2017-12-02 15:14 - 2017-09-29 14:41 - 000139672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-12-02 15:14 - 2017-09-29 14:41 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2017-12-02 15:14 - 2017-09-29 14:41 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-12-02 15:06 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\OCR
2017-12-02 15:05 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate
2017-12-02 15:03 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2017-12-02 15:03 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\spool
2017-12-02 15:03 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\FxsTmp
2017-11-10 01:18 - 2017-09-29 14:49 - 000835568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-11-10 01:18 - 2017-09-29 14:49 - 000177648 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\zu-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\yo-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\xh-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\wo-SN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\vi-VN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ur-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ug-CN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tt-RU
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tn-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tk-TM
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ti-ET
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\te-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ta-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sw-KE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sq-AL
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\si-LK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\rw-RW
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quz-PE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\prs-AF
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\or-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nso-ZA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\nn-NO
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ne-NP
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mt-MT
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mr-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mn-MN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ml-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mk-MK
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\mi-NZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lo-LA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\lb-LU
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ky-KG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kok-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kn-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\km-KH
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\kk-KZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ka-GE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\is-IS
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ig-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\id-ID
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\hy-AM
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gu-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\gd-GB
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ga-IE
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fil-PH
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\fa-IR
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\cy-GB
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\bn-BD
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\be-BY
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\as-IN
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\am-ET
2017-11-10 01:17 - 2017-09-29 15:41 - 000000000 ____D C:\Windows\system32\af-ZA
2017-11-10 01:17 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2017-11-10 01:17 - 2017-09-29 14:46 - 000000000 ___SD C:\Windows\system32\F12
2017-11-10 01:17 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\SysWOW64\Dism
2017-11-10 01:17 - 2017-09-29 14:46 - 000000000 ____D C:\Windows\system32\WinBioPlugIns
2017-11-10 01:17 - 2017-09-29 09:45 - 000000000 ____D C:\Windows\system32\Dism
2017-11-09 04:43 - 2017-09-29 15:42 - 000446392 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll

Some files in TEMP:
====================
2017-12-02 16:40 - 2017-10-27 17:06 - 000370296 _____ (NVIDIA Corporation) C:\Users\Admin\AppData\Local\Temp\nvStInst.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-12-03 00:01

==================== End of FRST.txt ============================

Assition

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2017
Ran by Admin (03-12-2017 14:31:15)
Running from C:\Users\Admin\Downloads
Windows 10 Pro Version 1709 16299.98 (X64) (2017-12-02 14:03:05)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-738614823-346164979-3814199400-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-738614823-346164979-3814199400-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-738614823-346164979-3814199400-503 - Limited - Disabled)
Guest (S-1-5-21-738614823-346164979-3814199400-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-738614823-346164979-3814199400-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Internet Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Internet Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Active Directory Authentication Library for SQL Server (HKLM\...\{32C0D7B2-1046-43AC-98AD-B748E1910916}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (HKLM-x32\...\{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}) (Version: 13.0.1601.5 - Microsoft Corporation) Hidden
Advanced Installer 14.5.1 (HKLM-x32\...\{70233294-842A-4032-BFCB-0D39B6AC852E}) (Version: 14.5.1 - Caphyon)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Azure AD Authentication Connected Service (HKLM-x32\...\{8A1AD070-269F-4A15-AAB5-76AB896EF195}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (HKLM-x32\...\{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}) (Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (HKLM-x32\...\{37E53780-3944-4A6A-842F-727128E8616E}) (Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Brave (HKU\S-1-5-21-738614823-346164979-3814199400-1001\...\Brave) (Version: 0.19.105 - Brave Software)
BrowserAutomationStudio (HKU\S-1-5-21-738614823-346164979-3814199400-1001\...\BrowserAutomationStudio) (Version: 20.6.4.0 - BrowserAutomationStudio)
ClickOnce Bootstrapper Package for Microsoft .NET Framework 4.6.2 on Visual Studio 2015 (HKLM-x32\...\{5C582D1D-0BAE-40FA-A6FA-401B4E088728}) (Version: 4.6.01590 - Microsoft Corporation)
CoinCollector (HKLM-x32\...\{DE24DA5E-6884-4465-A07E-81E040AD0DE1}) (Version: 5.1.0 - AutoClickBots) Hidden
CoinCollector V5 (HKLM-x32\...\CoinCollector 5.1.0) (Version: 5.1.0 - AutoClickBots)
Dotfuscator and Analytics Community Edition 5.22.0 (HKLM-x32\...\{60018889-9E0F-43E8-9B89-29E8C828B40A}) (Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
ESET Security (HKLM\...\{8B35CE46-1F7C-4B22-815E-AB6DC63EE3AB}) (Version: 11.0.149.0 - ESET, spol. s r.o.)
EVGA GPU Voltage Tuner (HKLM-x32\...\{148F9374-1290-464E-8512-B7706501CF3E}) (Version: 1.0.8.1 - EVGA)
EVGA Precision XOC (HKLM-x32\...\{43F43171-7008-4E3E-90A1-AF7FBFCE2C14}) (Version: 6.2.3 - EVGA Corporation)
Git version 2.14.1 (HKLM\...\Git_is1) (Version: 2.14.1 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.94 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HMA! Pro VPN (HKLM\...\{60A560F2-CB75-4C94-9C36-39AD2161DE73}_is1) (Version: 3.7.80 - Privax)
IIS 10.0 Express (HKLM\...\{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}) (Version: 10.0.1736 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intel(R) Chipset Device Software (HKLM-x32\...\{5fa248d9-79b2-48fb-9add-72660adaed4e}) (Version: 10.1.2.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.6.1194 - Intel Corporation)
LibreOffice 5.3.7.2 (HKLM\...\{117F3217-458C-4371-B222-00C69DE96CB2}) (Version: 5.3.7.2 - The Document Foundation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 SDK (HKLM-x32\...\{5F01B3C4-9BEC-465D-9C68-BB97D381FFAD}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (ENU) (HKLM-x32\...\{C80951BD-6904-474F-BBC5-03A6C777F37C}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Framework 4.6.2 Targeting Pack (HKLM-x32\...\{A18D4C2A-07A8-40E4-9797-DD324E6EA4FC}) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-738614823-346164979-3814199400-1001\...\OneDriveSetup.exe) (Version: 17.3.7076.1026 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB  (HKLM\...\{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (HKLM-x32\...\{0F1C8E2F-199A-4946-B3BF-0906DACFD032}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects  (x64) (HKLM\...\{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service  (HKLM-x32\...\{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}) (Version: 13.0.14500.10 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom  (HKLM\...\{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60519.0) (HKLM-x32\...\{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}) (Version: 14.0.60519.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM\...\{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 (HKLM-x32\...\{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}) (Version: 13.0.1601.5 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio Enterprise 2015 with Updates (HKLM-x32\...\{e2ccc441-0cf4-43f1-9306-c3c1c6cd4ce3}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mozilla Firefox 56.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 56.0 (x86 en-US)) (Version: 56.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.3 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (HKLM-x32\...\{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}) (Version: 14.0.25420 - Microsoft Corporation) Hidden
MSI Afterburner 4.4.0 (HKLM-x32\...\Afterburner) (Version: 4.4.0 - MSI Co., LTD)
Multi-Device Hybrid Apps using C# - Templates - ENU (HKLM-x32\...\{12D99739-FFD3-3761-8AA6-F929E0FE407E}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.43 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.11.0.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.11.0.73 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.43 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.2.0 (HKLM\...\{1E6A323C-1BE9-49B6-8FDC-107307DBC6CE}) (Version: 5.2.0 - Oracle Corporation)
PreEmptive Analytics Visual Studio Components (HKLM-x32\...\{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}) (Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{B7E94916-7AE6-4F7F-A377-7A410A42BA19}) (Version: 13.0.1601.5 - Microsoft Corporation)
Progress Telerik Fiddler (HKU\S-1-5-21-738614823-346164979-3814199400-1001\...\Fiddler2) (Version: 5.0.20173.48897 - Telerik)
Python Tools 2.2.6 for Visual Studio 2015 (HKLM-x32\...\{4EEC1067-703E-4948-BF79-70B4CB600E02}) (Version: 2.2.50113.00 - Microsoft Corporation)
Quadsoft easyCrypt Version 1.3.0.2 (HKLM-x32\...\{80D75FCC-2C8E-4C8B-BBFA-D3E946F5CDBB}_is1) (Version: 1.3.0.2 - Quadsoft)
RazorSQL 7.3.15 (HKLM-x32\...\RazorSQL_is1) (Version: 7.3.15 - Richardson Software, LLC)
RivaTuner Statistics Server 7.0.0 (HKLM-x32\...\RTSS) (Version: 7.0.0 - Unwinder)
Roslyn Language Services - x86 (HKLM-x32\...\{6970C7E1-F99D-388D-8903-DF8FCE677FED}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (HKLM-x32\...\{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation) Hidden
SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation) Hidden
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (HKLM-x32\...\{7A95671A-759E-3B83-B763-4289D1D24D73}) (Version: 14.102.25619 - Microsoft) Hidden
Tesseract-OCR - open source OCR engine (HKLM-x32\...\Tesseract-OCR) (Version: 3.02.02 - Tesseract-OCR community)
Test Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}) (Version: 14.0.23107 - Microsoft Corporation) Hidden
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 9.12 - Ghisler Software GmbH)
TypeScript Power Tool (HKLM-x32\...\{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}) (Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{BA5762C7-D35F-4725-A4BD-525854127018}) (Version: 1.8.36.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{1FBCBC17-4527-2340-0832-B1D49C41FF67}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (HKLM-x32\...\{284FA9A0-CEDD-81D3-5A19-5858E95FD0C4}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{8BFBEC30-33CC-13B4-849F-3B036F27466A}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{ABD37F71-FC3F-F525-C7B3-BDD95F684C51}) (Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{0460C87B-7F4C-3170-FAC9-B7A6AE5CE4E9}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{33952D66-D503-10CA-DD8E-E365C15EB4E0}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{B048B812-32DE-3474-FA64-223B6A63AD47}) (Version: 10.0.26624 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VS Update core components (HKLM-x32\...\{B2918D01-1D89-34D3-87EF-A28121BC6EB7}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
vs_update3notification (HKLM-x32\...\{AB3DF932-C990-34D4-BF43-970F760DA3CD}) (Version: 14.0.25431 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WCF Data Services 5.6.4 Runtime (HKLM-x32\...\{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (HKLM-x32\...\{0A3B508E-5638-4471-BCC9-954E1868CB86}) (Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Workflow Manager Client 1.0 (HKLM\...\{C056B194-9664-4443-9019-6C84B4CCC512}) (Version: 2.0.50408.1 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{4830FC51-95F2-48CB-A7D9-8FCF262F4204}) (Version: 2.0.50408.2 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2017-11-28] (NVIDIA Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-11-02] (ESET)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0D8E4131-6D4B-4E90-81D5-FE093A1F6FEC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-28] (NVIDIA Corporation)
Task: {1E6150D2-562E-421F-8179-E87E9507E9B1} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-11-28] (NVIDIA Corporation)
Task: {30D277F9-6969-4772-837D-B1BAFE0A7E2C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
Task: {4745B4F5-1AFA-4C05-91CD-CBF9CAF4FF82} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-28] (NVIDIA Corporation)
Task: {A94EE2AD-57B8-42B3-8CE2-D9C5D9BE32CD} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {B1A620E4-7059-43B2-BF0E-B0C77DE05DF0} - System32\Tasks\EVGAPrecisionX => C:\Program Files (x86)\EVGA\Precision XOC\PrecisionX_x64.exe [2017-11-08] (EVGA Corp.)
Task: {B45421A5-85A6-4E44-99C5-35D9079C39C4} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-11-28] (NVIDIA Corporation)
Task: {BDA8A132-E4FF-4F2A-9C6F-822216366237} - System32\Tasks\HMA! Pro VPN Update => C:\Program Files (x86)\HMA! Pro VPN\VpnUpdate.exe [2017-10-31] (Privax Limited)
Task: {CEF684C0-908C-4BBC-B416-C987E6F17E58} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-11-28] (NVIDIA Corporation)
Task: {D3B51B85-CC58-490E-A5C8-1FB8B1466967} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-11-28] (NVIDIA Corporation)
Task: {D45AFC7F-9B88-4FED-8022-DF7DB2A5CA9C} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-11-28] (NVIDIA Corporation)
Task: {ED071214-FAA3-490D-84C8-56592BDFCAE5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-12-02] (Google Inc.)
Task: {F6682DCC-D2FB-4AC6-AA23-3DE7BD60E2BF} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-11-28] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesseract-OCR\FAQ.lnk -> hxxp://code.google.com/p/tesseract-ocr/wiki/FA
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesseract-OCR\Homepage.lnk -> hxxp://code.google.com/p/tesseract-oc
Shortcut: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tesseract-OCR\ReadMe.lnk -> hxxp://code.google.com/p/tesseract-ocr/wiki/ReadM

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\Windows\SYSTEM32\inputhost.dll
2017-12-02 15:14 - 2017-11-26 13:23 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-02 15:14 - 2017-11-26 13:01 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-04 19:59 - 2017-12-03 09:55 - 048199246 _____ () C:\CoinCollector\CoinCollector.exe
2017-12-03 11:46 - 2017-12-03 11:46 - 000617472 _____ () C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\UBot Studio\Browser\5.9.44\Browser.exe
2017-12-02 17:03 - 2017-11-10 10:57 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libglesv2.dll
2017-12-02 17:03 - 2017-11-10 10:57 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.94\libegl.dll
2017-12-03 12:10 - 2017-10-31 17:44 - 000058936 _____ () C:\Program Files (x86)\HMA! Pro VPN\module_lifetime.dll
2017-12-03 12:10 - 2017-10-31 17:44 - 000244480 _____ () C:\Program Files (x86)\HMA! Pro VPN\tasks_core.dll
2017-12-03 12:10 - 2017-10-31 17:44 - 000152592 _____ () C:\Program Files (x86)\HMA! Pro VPN\network_notifications.dll
2017-12-03 12:10 - 2017-10-31 17:44 - 000084896 _____ () C:\Program Files (x86)\HMA! Pro VPN\WinUtils.dll
2017-12-03 12:10 - 2017-10-31 17:44 - 000238728 _____ () C:\Program Files (x86)\HMA! Pro VPN\event_routing_rpc.dll
2017-12-03 12:10 - 2017-12-03 12:10 - 048936448 _____ () C:\Program Files (x86)\HMA! Pro VPN\libcef.dll
2016-12-04 19:59 - 2017-12-03 09:55 - 000163856 _____ () C:\CoinCollector\Locker.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\AdBTCBot:{6D004E00-7700-3000-5300-4E0036005000} [728]
AlternateDataStreams: C:\CoinCollector:{6D004E00-7700-3000-5300-4E0036005000} [728]
AlternateDataStreams: C:\EasyHitsBot:{6D004E00-7700-3000-5300-4E0036005000} [728]
AlternateDataStreams: C:\FreebitBot:{6D004E00-7700-3000-5300-4E0036005000} [728]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 14:46 - 2017-09-29 14:44 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-738614823-346164979-3814199400-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.178.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{3819DA7A-1815-43F0-8A54-5B5B4DB664C5}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{E4BCE47A-50A1-4F01-A598-773C720BFBD9}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{13E6F821-1C8F-404F-86E8-5BC0EF54C43F}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{EF73E1CB-76E2-4436-BEAC-40B49C8075FE}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{4FE5560A-AF72-4B5A-8B61-64A27601E34B}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{2BCC4CFA-1891-4EA1-8164-5261F8178F82}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{29AD334A-AC79-423B-B35A-EF512FE94734}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{F799690C-5B83-4308-AB6F-865D391AA38D}] => (Allow) LPort=12292
FirewallRules: [{D7EE4638-13DC-4D09-9D1F-115189654D6F}] => (Allow) C:\Users\Admin\AppData\Local\Programs\Fiddler\Fiddler.exe
FirewallRules: [{0F9C73B7-2116-424E-B09B-F54A5A63D2AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B67C29A0-CF3C-4D8A-895A-BA415AAC7E26}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B6AD32C4-253D-4CA5-8ABF-E4104759F01B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

02-12-2017 15:07:48 Windows Update

==================== Faulty Device Manager Devices =============

Name: NVIDIA Stereoscopic 3D USB controller
Description: NVIDIA Stereoscopic 3D USB controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: NVIDIA
Service: NvStUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: NVIDIA GeForce GTX 780 Ti
Description: NVIDIA GeForce GTX 780 Ti
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: NVIDIA
Service: nvlddmkm
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2017 01:57:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CoinCollector.exe, version: 6.0.0.0, time stamp: 0x583b01b9
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc0000005
Fault offset: 0x000ee169
Faulting process id: 0x1dec
Faulting application start time: 0x01d36c3644f0193e
Faulting application path: C:\CoinCollector\CoinCollector.exe
Faulting module path: C:\Windows\System32\KERNELBASE.dll
Report Id: 055fbaed-e99c-4f5e-b20e-1c9f34c625a8
Faulting package full name: 
Faulting package-relative application ID:

Error: (12/03/2017 01:57:35 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: CoinCollector.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 7490E169

Error: (12/03/2017 01:50:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program RegFromApp.exe version 1.3.3.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1084

Start Time: 01d36c34e61748ac

Termination Time: 3

Application Path: C:\Users\Admin\Downloads\regfromapp-x64\RegFromApp.exe

Report Id: 9db4482d-5aae-4aa1-be31-89d70f2d9755

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 01:48:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CoinCollector.exe version 6.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 16dc

Start Time: 01d36c34f426dea4

Termination Time: 4294967295

Application Path: C:\CoinCollector\CoinCollector.exe

Report Id: e734d00a-71dd-457c-bf15-e6bbd9eb0058

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 01:00:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program AdwCleaner_7.0.4.0.exe version 7.0.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: b6c

Start Time: 01d36c2e3159e4e4

Termination Time: 4294967295

Application Path: C:\Users\Admin\Downloads\AdwCleaner_7.0.4.0.exe

Report Id: 1cf068a6-534a-4a4d-a75b-15ca4b11f31d

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 12:23:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2998

Start Time: 01d36c28ba7ce50a

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: bbf3a99d-0e9d-4e98-8682-94bf9ad6a1b5

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 12:23:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Brave.exe version 4.5.16.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8f0

Start Time: 01d36c28fa68e53a

Termination Time: 4294967295

Application Path: C:\Users\Admin\AppData\Local\brave\app-0.19.105\Brave.exe

Report Id: d39416b5-6425-4688-9609-6f4dd68b393c

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 12:20:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2270

Start Time: 01d36c28504a53f5

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: 2a9da81a-e361-499e-b706-dacf9283cbfa

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 12:20:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 62.0.3202.94 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1324

Start Time: 01d36c2863052fdd

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 9ee442fe-f70c-4634-992f-49a4e0b0c4c7

Faulting package full name: 

Faulting package-relative application ID:

Error: (12/03/2017 12:17:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 10.0.16299.98 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1b10

Start Time: 01d36ba7d1a3f17f

Termination Time: 0

Application Path: C:\Windows\explorer.exe

Report Id: b4297a18-1e7f-43bb-bc25-0acd270fc302

Faulting package full name: 

Faulting package-relative application ID:


System errors:
=============
Error: (12/03/2017 02:16:02 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-AJ07UJC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-AJ07UJC\Admin SID (S-1-5-21-738614823-346164979-3814199400-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 01:11:16 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-AJ07UJC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-AJ07UJC\Admin SID (S-1-5-21-738614823-346164979-3814199400-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 01:07:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000003b (0x00000000c0000094, 0xfffff804da9f431d, 0xfffffe82c262e930, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 69ec70b7-ffd7-4273-82f9-b456fdfecb91.

Error: (12/03/2017 01:07:04 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-AJ07UJC)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
{7022A3B3-D004-4F52-AF11-E9E987FEE25F}
 and APPID 
{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}
 to the user DESKTOP-AJ07UJC\Admin SID (S-1-5-21-738614823-346164979-3814199400-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/03/2017 01:07:01 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14

Error: (12/03/2017 01:07:01 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14

Error: (12/03/2017 01:07:01 PM) (Source: nvlddmkm) (EventID: 14) (User: )
Description: Event-ID 14

Error: (12/03/2017 01:04:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HMA! Pro VPN service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/03/2017 01:04:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Message Queuing service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (12/03/2017 01:04:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Telemetry Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-12-03 09:13:25.542
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume9\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-12-02 17:53:16.785
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-12-02 17:53:16.757
  Description: Code Integrity determined that a process (\Device\HarddiskVolume9\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume9\Windows\System32\nvspcap64.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Xeon(R) CPU E5-2697 v2 @ 2.70GHz
Percentage of memory in use: 12%
Total physical RAM: 32717.17 MB
Available physical RAM: 28497.38 MB
Total Virtual: 37837.17 MB
Available Virtual: 33348.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:372.01 GB) (Free:304.56 GB) NTFS
Drive d: (SAS 4TB) (Fixed) (Total:3726.02 GB) (Free:2978.7 GB) NTFS
Drive e: (System-reserviert) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Volume) (Fixed) (Total:476.81 GB) (Free:80.32 GB) NTFS
Drive g: (WD Green) (Fixed) (Total:3725.9 GB) (Free:950.74 GB) NTFS
Drive h: () (Removable) (Total:14.71 GB) (Free:10.04 GB) NTFS
Drive i: (alte TVSSD) (Fixed) (Total:232.4 GB) (Free:13.94 GB) NTFS
Drive k: (Transcend) (Removable) (Total:7.34 GB) (Free:6.24 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 63DDE126)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 3 (Size: 3726 GB) (Disk ID: 58B1884D)

Partition: GPT.

========================================================
Disk: 4 (Size: 372.6 GB) (Disk ID: 63106E2C)

Partition: GPT.

========================================================
Disk: 5 (MBR Code: Windows 7 or 8) (Size: 14.7 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=14.7 GB) - (Type=07 NTFS)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 7.4 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=7.4 GB) - (Type=0C)

==================== End of Addition.txt ============================

soliver84 · 03.12.2017, 18:00

Regestry Änderungen des Programms:

Code:

ATTFilter

Regshot 1.9.0 x64 ANSI
Kommentar:
Datum und Zeit:2017/12/3 13:03:23  ,  2017/12/3 13:07:52
Computer:DESKTOP-AJ07UJC , DESKTOP-AJ07UJC
Benutzername:Admin , Admin

----------------------------------
Schlüssel gelöscht:4
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\1f18fee0-7648-464e-b7d9-1179807078b7
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Group Policy\ServiceInstances\1f18fee0-7648-464e-b7d9-1179807078b7

----------------------------------
Schlüssel hinzugefügt:104
----------------------------------
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sln
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sln\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithList
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf7536a-cc85-b2a6-348d-149c27c70649}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKU\.DEFAULT\Software\Microsoft\Windows\Shell
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
HKU\.DEFAULT\System\CurrentControlSet
HKU\.DEFAULT\System\CurrentControlSet\Control
HKU\.DEFAULT\System\CurrentControlSet\Control\MediaProperties
HKU\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties
HKU\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick
HKU\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\hiv
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hiv\OpenWithList
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.hiv
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050562
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000603B4
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060720
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000708BE
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080792
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0266
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0862
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D01C4
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000F07BA
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001308E8
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000014012E
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001407EC
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000150406
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000016075C
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001802F4
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000002C0702
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.css\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.js\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sln
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sln\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xsl\OpenWithList
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdf7536a-cc85-b2a6-348d-149c27c70649}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
HKU\S-1-5-18\Software\Microsoft\Windows\Shell
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice
HKU\S-1-5-18\System\CurrentControlSet
HKU\S-1-5-18\System\CurrentControlSet\Control
HKU\S-1-5-18\System\CurrentControlSet\Control\MediaProperties
HKU\S-1-5-18\System\CurrentControlSet\Control\MediaProperties\PrivateProperties
HKU\S-1-5-18\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick
HKU\S-1-5-18\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm

----------------------------------
Werte gelöscht:1
----------------------------------
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\VolatileNotifications\41C64E6DA3F44055:  01 00 04 80 44 00 00 00 50 00 00 00 00 00 00 00 14 00 00 00 02 00 30 00 02 00 00 00 00 00 14 00 03 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 14 00 00 00 01 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00 20 00 00 00

----------------------------------
Werte hinzugefügt:87
----------------------------------
HKLM\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations:  5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 54 45 4D 50 5C 43 6F 73 74 75 72 61 5C 45 46 45 37 32 41 44 39 34 31 44 37 45 34 46 36 37 41 32 42 43 41 33 33 31 45 34 43 45 37 36 38 5C 33 32 5C 73 71 6C 69 74 65 2E 69 6E 74 65 72 6F 70 2E 64 6C 6C 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations:  5C 3F 3F 5C 43 3A 5C 57 69 6E 64 6F 77 73 5C 54 45 4D 50 5C 43 6F 73 74 75 72 61 5C 45 46 45 37 32 41 44 39 34 31 44 37 45 34 46 36 37 41 32 42 43 41 33 33 31 45 34 43 45 37 36 38 5C 33 32 5C 73 71 6C 69 74 65 2E 69 6E 74 65 72 6F 70 2E 64 6C 6C 00 00 00
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@%SystemRoot%\System32\ndfapi.dll,-40001: "Windows Network Diagnostics"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\.DEFAULT\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046: "Internet Shortcut"
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder: "fqbey26"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash: "HhZ5V0r0YEY="
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\ProgId: "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\Hash: "oOa5a5xHUpw="
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\ProgId: "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h"
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner\ProperTreeModuleInner:  9C 00 00 00 98 00 00 00 31 53 50 53 05 D5 CD D5 9C 2E 1B 10 93 97 08 00 2B 2C F9 AE 3B 00 00 00 2A 00 00 00 00 4E 00 61 00 76 00 50 00 61 00 6E 00 65 00 5F 00 43 00 46 00 44 00 5F 00 46 00 69 00 72 00 73 00 74 00 52 00 75 00 6E 00 00 00 0B 00 00 00 00 00 00 00 41 00 00 00 30 00 00 00 00 4E 00 61 00 76 00 50 00 61 00 6E 00 65 00 5F 00 53 00 68 00 6F 00 77 00 4C 00 69 00 62 00 72 00 61 00 72 00 79 00 50 00 61 00 6E 00 65 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\0:  43 00 6F 00 69 00 6E 00 43 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 1A 00 00 00 4B 03 00 00 27 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\0:  43 00 6F 00 69 00 6E 00 43 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 2E 00 65 00 78 00 65 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 7
4 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\0:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65
 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 74 00 32 00 5E 2D 00 00 73 4B 21 BE 20 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 00 54 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A8 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 20 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt\0:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 
65 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 74 00 32 00 5E 2D 00 00 73 4B 21 BE 20 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 00 54 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A8 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 20 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane\ExpandedState:  07 00 00 00 16 00 14 00 1F 80 CB 85 9F 67 20 02 80 40 B2 9B 55 40 CC 05 AA B6 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 60 98 3F FB B4 EA C1 8D 42 A7 8A D1 F5 65 9C BA 93 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 6
3 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 58 0D 1A 2C F0 21 BE 50 43 88 B0 73 67 FC 96 EF 3C 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 47 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 48 3A 5C 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 4B 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_https: 0x00000001
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4: 0x00000001
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.gif: 0x00000001
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} {000214E6-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 1C 45 F2 76 37 6C D3 01
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{289AF617-1CC3-42A6-926C-E6A863F0E3BA} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF:  01 00 00 00 00 00 00 00 21 D9 76 78 37 6C D3 01
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{35786D3C-B075-49B9-88DD-029876E11C01} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF:  01 00 00 00 00 00 00 00 4A 34 7A 78 37 6C D3 01
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214FA-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 04 54 6E 7B 37 6C D3 01
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\Hash: "1FWUoXQduYQ="
HKU\.DEFAULT\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\ProgId: "AppX90nv6nhay5n6a98fnetv7tpk64pp35es"
HKU\.DEFAULT\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel: 0x00000001
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\6:  52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2D 00 78 00 36 00 34 00 2D 00 41 00 4E 00 53 00 49 00 2E 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 59 04 00 00 8A 01 00 00 82 05 00 00 B5 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 03 00 00 A4 01 00 00 90 06 00 00 B1 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\5:  52 00 65 00 67 00 73 00 68 00 6F 00 74 00 2D 00 78 00 36 00 34 00 2D 00 41 00 4E 00 53 00 49 00 2E 00 65 00 78 00 65 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 14 00 2E 80 92 2B 16 D3 65 93 7A 46 95 6B 92 70 3A CA 08 AF 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\5:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 14 00 2E 80 92 2B 16 D3 65 93 7A 46 95 6B 92 70 3A CA 08 AF 66 00 32 00 00 00 00 00 00 00 00 00 80 00 73 63 68 75 73 73 20 31 2E 68 69 76 00 00 4A 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 00 00 1C 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\hiv\0:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 14 00 2E 80 92 2B 16 D3 65 93 7A 46 95 6B 92 70 3A CA 08 AF 66 00 32 00 00 00 00 00 00 00 00 00 80 00 73 63 68 75 73 73 20 31 2E 68 69 76 00 00 4A 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 00 00 1C 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\hiv\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.txt\OpenWithList\c: "CoinCollector.exe"
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\63:  73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 00 00 72 00 32 00 00 00 00 00 00 00 00 00 00 00 73 63 68 75 73 73 20 31 2E 68 69 76 2E 6C 6E 6B 00 00 52 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 2E 00 6C 00 6E 00 6B 00 00 00 20 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\64:  6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 80 00 32 00 00 00 00 00 00 00 00 00 00 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 2E 6C 6E 6B 00 5C 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 24 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\65:  4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 74 00 32 00 00 00 00 00 00 00 00 00 00 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65 2E 6C 6E 6B 00 54 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 20 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.txt\7:  6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 80 00 32 00 00 00 00 00 00 00 00 00 00 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 2E 6C 6E 6B 00 5C 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 2E 00 6C 00 6E 00 6B 00 00 00 24 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\Folder\22:  4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 74 00 32 00 00 00 00 00 00 00 00 00 00 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65 2E 6C 6E 6B 00 54 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 2E 00 6C 00 6E 00 6B 00 00 00 20 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.hiv\0:  73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 00 00 72 00 32 00 00 00 00 00 00 00 00 00 00 00 73 63 68 75 73 73 20 31 2E 68 69 76 2E 6C 6E 6B 00 00 52 00 09 00 04 00 EF BE 00 00 00 00 00 00 00 00 2E 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 00 63 00 68 00 75 00 73 00 73 00 20 00 31 00 2E 00 68 00 69 00 76 00 2E 00 6C 00 6E 00 6B 00 00 00 20 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.hiv\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000050562\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000603B4\VirtualDesktop:  10 00 00 00 30 30 44 56 FF F3 86 07 D6 FD 6B 44 B4 0D 27 D3 81 C0 22 9D
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000060720\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000708BE\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000080792\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000B0266\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000C0862\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000D01C4\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000000F07BA\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001308E8\VirtualDesktop:  10 00 00 00 30 30 44 56 FF F3 86 07 D6 FD 6B 44 B4 0D 27 D3 81 C0 22 9D
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000014012E\VirtualDesktop:  10 00 00 00 30 30 44 56 FF F3 86 07 D6 FD 6B 44 B4 0D 27 D3 81 C0 22 9D
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001407EC\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:0000000000150406\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:000000000016075C\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000001802F4\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-738614823-346164979-3814199400-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\ApplicationViewManagement\W32:00000000002C0702\VirtualDesktop:  10 00 00 00 30 30 44 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@%SystemRoot%\System32\ndfapi.dll,-40001: "Windows Network Diagnostics"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@C:\Windows\system32\NetworkExplorer.dll,-1: "Network"
HKU\S-1-5-18\Software\Classes\Local Settings\MuiCache\1ad\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046: "Internet Shortcut"
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main\ImageStoreRandomFolder: "fqbey26"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\Hash: "HhZ5V0r0YEY="
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice\ProgId: "AppX43hnxtbyyps62jhe9sqpdzxn1790zetc"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\Hash: "oOa5a5xHUpw="
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice\ProgId: "AppX6eg8h5sxqq90pv53845wmnbewywdqq5h"
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDOpen\Modules\GlobalSettings\ProperTreeModuleInner\ProperTreeModuleInner:  9C 00 00 00 98 00 00 00 31 53 50 53 05 D5 CD D5 9C 2E 1B 10 93 97 08 00 2B 2C F9 AE 3B 00 00 00 2A 00 00 00 00 4E 00 61 00 76 00 50 00 61 00 6E 00 65 00 5F 00 43 00 46 00 44 00 5F 00 46 00 69 00 72 00 73 00 74 00 52 00 75 00 6E 00 00 00 0B 00 00 00 00 00 00 00 41 00 00 00 30 00 00 00 00 4E 00 61 00 76 00 50 00 61 00 6E 00 65 00 5F 00 53 00 68 00 6F 00 77 00 4C 00 69 00 62 00 72 00 61 00 72 00 79 00 50 00 61 00 6E 00 65 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\0:  43 00 6F 00 69 00 6E 00 43 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 2E 00 65 00 78 00 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 00 00 00 27 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 1A 00 00 00 4B 03 00 00 27 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU\0:  43 00 6F 00 69 00 6E 00 43 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 2E 00 65 00 78 00 65 00 00 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 7
4 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\0:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 65
 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 74 00 32 00 5E 2D 00 00 73 4B 21 BE 20 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 00 54 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A8 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 20 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\*\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt\0:  14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 44 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 66 00 31 00 00 00 00 00 74 4B 67 B5 10 00 6B 6F 68 6C 65 20 6D 61 63 68 65 6E 00 00 4A 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 67 B5 2E 00 00 00 DF 07 05 00 00 00 0C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 5D 96 B8 00 6B 00 6F 00 68 00 6C 00 65 00 20 00 6D 00 61 00 63 00 68 00 65 00 6E 00 00 00 1C 00 80 00 31 00 00 00 00 00 74 4B 64 B5 10 00 41 4C 4C 20 42 4F 54 20 63 6F 69 6E 63 6F 6C 6C 65 63 74 6F 72 00 5C 00 09 00 04 00 EF BE 74 4B 62 B5 74 4B 64 B5 2E 00 00 00 E1 07 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2D 13 0E 00 41 00 4C 00 4C 00 20 00 42 00 4F 00 54 00 20 00 63 00 6F 00 69 00 6E 00 63 00 6F 00 6C 00 6C 00 65 00 63 00 74 00 6F 00 72 00 00 00 24 00 68 00 31 00 00 00 00 00 74 4B 64 B5 10 00 4F 72 67 69 6E 61 6C 20 4C 69 73 74 
65 00 4C 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A7 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 D3 0F 00 4F 00 72 00 67 00 69 00 6E 00 61 00 6C 00 20 00 4C 00 69 00 73 00 74 00 65 00 00 00 1C 00 74 00 32 00 5E 2D 00 00 73 4B 21 BE 20 00 6C 69 73 74 65 20 76 6F 6E 20 69 68 6D 2E 74 78 74 00 54 00 09 00 04 00 EF BE 74 4B 64 B5 74 4B 64 B5 2E 00 00 00 A8 08 05 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6C 00 69 00 73 00 74 00 65 00 20 00 76 00 6F 00 6E 00 20 00 69 00 68 00 6D 00 2E 00 74 00 78 00 74 00 00 00 20 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\txt\MRUListEx:  00 00 00 00 FF FF FF FF
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane\ExpandedState:  07 00 00 00 16 00 14 00 1F 80 CB 85 9F 67 20 02 80 40 B2 9B 55 40 CC 05 AA B6 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 60 98 3F FB B4 EA C1 8D 42 A7 8A D1 F5 65 9C BA 93 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 6
3 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 FF FF 00 00 00 00 00 00 00 00 00 00 16 00 14 00 1F 58 0D 1A 2C F0 21 BE 50 43 88 B0 73 67 FC 96 EF 3C 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 47 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 48 3A 5C 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 57 00 55 00 1F 00 2F 00 10 B7 A6 F5 19 00 2F 4B 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 74 1A 59 5E 96 DF D3 48 8D 67 17 33 BC EE 28 BA 77 2C FB F5 2F 0E 16 4A A3 81 3E 56 0C 68 BC 83 00 00 01 00 00 00 4D 00 00 00 1C 00 00 00 31 53 50 53 A6 6A 63 28 3D 95 D2 11 B5 D6 00 C0 4F D9 18 D0 00 00 00 00 2D 00 00 00 31 53 50 53 35 7E C7 77 E3 1B 50 43 A4 8C 75 63 D7 27 77 6D 11 00 00 00 02 00 00 00 00 0B 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_https: 0x00000001
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.mp4: 0x00000001
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\FileAssociations\ProgIds\_.gif: 0x00000001
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} {000214E6-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 1C 45 F2 76 37 6C D3 01
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{289AF617-1CC3-42A6-926C-E6A863F0E3BA} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF:  01 00 00 00 00 00 00 00 21 D9 76 78 37 6C D3 01
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{35786D3C-B075-49B9-88DD-029876E11C01} {ADD8BA80-002B-11D0-8F0F-00C04FD7D062} 0xFFFF:  01 00 00 00 00 00 00 00 4A 34 7A 78 37 6C D3 01
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{FBF23B40-E3F0-101B-8488-00AA003E56F8} {000214FA-0000-0000-C000-000000000046} 0xFFFF:  01 00 00 00 00 00 00 00 04 54 6E 7B 37 6C D3 01
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\Hash: "1FWUoXQduYQ="
HKU\S-1-5-18\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\https\UserChoice\ProgId: "AppX90nv6nhay5n6a98fnetv7tpk64pp35es"
HKU\S-1-5-18\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm\wheel: 0x00000001

----------------------------------
Werte geändert:46
----------------------------------
HKLM\SOFTWARE\Microsoft\SMB1Uninstall\SMB1ClientCounter: 0x0000003E
HKLM\SOFTWARE\Microsoft\SMB1Uninstall\SMB1ClientCounter: 0x0000003F
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.CriticalPersistence_0\FireCount: 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.CriticalPersistence_0\FireCount: 0x00000001
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.CriticalPersistence_0\SentinelSn: 0x00000019
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.CriticalPersistence_0\SentinelSn: 0x0000001A
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.Normal_0\SentinelSn: 0x00000032
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\EventMonitors\Microsoft.Windows.Sentinels.Normal_0\SentinelSn: 0x00000033
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default\LastHeartBeatTime:  06 1A F7 6B 33 6C D3 01
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default\LastHeartBeatTime:  6A 9C DA 9C 37 6C D3 01
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default\HeartBeatSequenceNumber: 0x00000032
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default\HeartBeatSequenceNumber: 0x00000033
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC3475:  2E 04 00 00 00 00 00 00 04 00 04 00 01 02 0A 00 00 00 00 00 42 00 00 00 0D 78 79 00 01 00 00 00 4A AA 81 00 0F 00 00 00 6B 50 7E 00 07 00 00 00 81 06 95 00 02 00 00 00 81 E0 7E 00 31 00 00 00 87 DE 83 00 12 00 00 00 9C A6 C3 00 6F 19 00 00 A1 9F 5E 00 0C 00 00 00 F4 A4 C3 00 1F 00 00 00 FE D3 7A 00 09 00 01 00 00 00 09 00 00 00 00 7D 75 00 CE 09 00 00 56 73 7D 00 69 00 00 00 6B 50 7E 00 09 00 00 00 8A 83 85 00 04 00 00 00 98 29 B7 00 01 00 00 00 9B 19 BB 00 15 00 00 00 AB 19 BB 00 26 00 00 00 B0 87 B4 00 69 00 00 00 E6 C5 31 00 02 00 04 00 00 00 A4 01 00 00 1A 9C B2 00 01 00 00 00 4E A0 59 00 01 00 05 00 00 00 0D 00 00 00 16 F0 B2 00 01 00 08 00 00 00 00 77 01 00 8A 83 85 00 01 00 09 00 00 00 56 1C 00 00 8A 83 85 00 02 00 64 00 00 00 00 77 01 00 8A 83 85 00 5B 01 00 00 E7 9E B5 00 06 00 65 00 00 00 A7 00 00 00 1C 95 5C 00 06 00 00 00 1E 76 B7 00 5B 01 00 00 2F BD B7 00 1C 00 00 00 9C A6 B4 00 3F 04 
00 00 A2 05 06 00 5C F3 00 00 E6 C5 31 00 02 00 66 00 00 00 5B 01 00 00 46 BD B7 00 F7 00 00 00 A2 05 06 00 01 00 67 00 00 00 97 02 00 00 A2 05 06 00 01 00 68 00 00 00 95 01 00 00 A2 05 06 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Notifications\Data\418A073AA3BC3475:  33 04 00 00 00 00 00 00 04 00 04 00 01 02 0A 00 00 00 00 00 42 00 00 00 0D 78 79 00 01 00 00 00 4A AA 81 00 0F 00 00 00 6B 50 7E 00 07 00 00 00 81 06 95 00 02 00 00 00 81 E0 7E 00 31 00 00 00 87 DE 83 00 12 00 00 00 9C A6 C3 00 70 19 00 00 A1 9F 5E 00 0C 00 00 00 F4 A4 C3 00 1F 00 00 00 FE D3 7A 00 09 00 01 00 00 00 0A 00 00 00 00 7D 75 00 E4 09 00 00 56 73 7D 00 69 00 00 00 6B 50 7E 00 09 00 00 00 8A 83 85 00 04 00 00 00 98 29 B7 00 01 00 00 00 9B 19 BB 00 15 00 00 00 AB 19 BB 00 26 00 00 00 B0 87 B4 00 69 00 00 00 E6 C5 31 00 02 00 04 00 00 00 A4 01 00 00 1A 9C B2 00 01 00 00 00 4E A0 59 00 01 00 05 00 00 00 0D 00 00 00 16 F0 B2 00 01 00 08 00 00 00 00 77 01 00 8A 83 85 00 01 00 09 00 00 00 56 1C 00 00 8A 83 85 00 02 00 64 00 00 00 00 77 01 00 8A 83 85 00 5B 01 00 00 E7 9E B5 00 06 00 65 00 00 00 A9 00 00 00 1C 95 5C 00 06 00 00 00 1E 76 B7 00 5B 01 00 00 2F BD B7 00 1C 00 00 00 9C A6 B4 00 5E 04 
00 00 A2 05 06 00 5C F3 00 00 E6 C5 31 00 02 00 66 00 00 00 5B 01 00 00 46 BD B7 00 F9 00 00 00 A2 05 06 00 01 00 67 00 00 00 B4 02 00 00 A2 05 06 00 01 00 68 00 00 00 95 01 00 00 A2 05 06 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch\PfAp\ApLaunch_a7381c58:  4D 41 4D 84 A8 6C 00 00 64 52 05 9B 94 A9 AA BA 0B BA AA A9 BA A9 AB BB AB 0A 0A AA 99 A0 99 9A 99 9A 8A B7 88 78 88 88 97 09 BB A0 79 78 78 98 97 AB 7A 89 97 79 88 8A A9 98 0A 8B 79 79 77 77 78 79 77 77 98 77 77 88 78 A9 0B AB AA 9A 9A 9B 9B B0 BA AB AA 0A AA AA AA A9 9B AA AA AB BB 99 AA AA A9 B9 A9 AA A9 AB AA BA B9 89 AA BB 0A AA 9B B9 9A 9B 9A 9B 98 B9 AB AA BB AB BA AA A9 BA AA A9 9B A9 A0 9A AB B0 AA 9A 0A BA 0B 00 00 00 00 00 00 00 09 00 00 00 00 00 00 B0 07 0B 00 00 00 00 0B B0 A7 9B BB 00 00 00 00 60 A7 A9 B0 00 00 00 00 90 A8 B0 B0 00 B0 00 0A A0 09 AA 6B 00 00 A0 B0 80 BB 00 60 00 00 00 0B 90 86 99 78 00 00 A0 00 50 96 99 AA 00 00 00 00 60 76 97 AA 0B BB 0A B0 60 75 A7 AA 0A B0 BA A0 60 80 B6 99 A9 0B 00 B0 6B 80 B7 B9 AA B0 0B 00 70 A0 08 0B 0A 0B 00 0A 90 00 00 00 00 00 00 00 00 80 D9 86 02 B4 08 03 1B 78 10 C1 0E 11 EC 3E A0 C1 04 4A A4 69 10 00 78 A1 66 2A 01 0B 60 F8 98 42 05 14 33 50
 E1 06 16 02 0C 4E 86 A1 12 06 D2 EF A5 DF A7 69 0D 85 7F 2D 37 83 AC 7A 8B F7 EA F9 E6 56 8B 2E 99 64 6F 32 7A E9 48 42 62 12 A4 60 00 D1 2D 66 D1 CB 4E 7A 42 CB 0B 7E 78 F8 1D 4B 5F 63 50 3C 0B 8C 87 94 CB 22 13 A8 90 0C 89 D0 81 A0 E0 86 8E 8F B9 26 92 D7 0E 36 EF AB 25 73 13 70 91 06 02 96 15 00 D4 A4 E1 B5 2E 29 33 AE 0C B0 40 61 86 04 63 C4 4C DC 05 4D C7 90 A9 92 81 35 E7 DC 35 DF 30 AE 68 4C 42 14 4C 00 00 A7 8B 4E 5B 4E 3D 08 20 8C 62 09 42 BC 0C 20 72 14 2A 5B 84 19 6E 58 93 BE 1D 36 8B 4F 4A EA 21 CC 4F CA 02 20 30 0A 4C 02 A3 81 8F C1 81 03 33 A6 97 07 27 70 13 C0 A4 84 53 CD C9 59 95 23 CC 69 38 2D 00 13 FE C2 28 4D F4 09 24 66 FB 8D D6 50 CE 02 37 8D DE 5B 71 9F D6 29 70 01 F2 3A B4 8A 2D 3F F1 11 C5 D7 03 83 D2 A2 16 1E E0 D0 0A 4C 5D 4F 0D 03 A2 9B 65 00 1C 71 62 66 F0 AC 85 83 35 76 C4 92 57 52 5A 0A 62 EF 74 48 F1 04 4F 4F B8 07 C8 0E CC 18 AF 9C 98 30 76 AC 08 96 1C DA 64 33 19 AA 2D 1B 9A 18 4E 65 C8 1C 20 83 4E 83 51 81 26 09 38 8D EB 01 6F 58 2E 75 06 A6 9E 1B 7D 
E9 26 80 CF 0D 35 56 D9 C4 55 5A 60 02 6B 59 FC 01 B0 B3 18 AB A8 3A 86 39 63 66 9C 3A 8C 28 51 5E D5 42 32 66 42 28 12 A6 0E 78 6A 0B 81 80 13 AA 0D AD A3 96 96 D1 D6 64 DC 07 36 DB C0 E2 66 1A 30 9F C0 00 C9 2D C0 E9 33 D3 65 95 A1 A5 D3 35 6F C1 99 31 A0 46 B6 C8 26 87 AD B2 1E DC C1 FE 7A 03 6B AB E7 36 CB 7F 60 C4 81 35 EE FC 02 DA 05 C7 75 2C 56 8B 4A 75 62 1F 22 38 3C 60 16 41 63 8C B6 26 AC 18 18 76 D4 6D 70 63 4C A8 D2 C1 0F 9E 14 06 67 D2 81 A7 28 99 3E 0E AC 63 71 36 4C 7E 13 4C 29 D6 0A 87 54 D6 00 14 08 80 F1 0D E4 91 22 0C 15 1A 81 90 81 27 CA 12 75 B9 60 42 80 67 36 9D E0 A1 13 0F AC C3 E9 02 0F 93 47 76 97 61 14 B3 8B 8F 13 68 93 33 0C E7 DC 86 71 01 5F C7 06 AC 3D C6 F0 09 78 81 75 B9 7A 64 99 06 18 9F 6F 36 2C BE E2 2A BB 80 1C 0C 8C 4B 45 02 95 62 20 8C 07 29 7D E6 C8 1D 4F B0 0A 46 C1 17 C3 19 E1 28 78 4A 67 B2 C2 70 18 9A 09 34 80 83 9A A6 E3 A6 86 71 10 05 38 C1 32 D8 23 01 CF 0F A4 D3 F4 B0 C7 7C 19 36 A6 C2 18 31 39 0D 7A 55 02 82 31 0A 3B 61 72 3B DA 6C 0E B0 7
2 F8 C3 4F 2E BF 4E 0E AA 1E 06 11 A0 E4 2B 0D A5 71 10 A4 CA A4 BA 24 DE 21 0E 45 27 30 F0 D8 2E 04 A5 9B 05 FE 53 4E D6 A0 82 06 36 9F D9 14 C7 F0 C0 48 83 02 C8 9F 00 58 32 A0 91 84 57 11 23 99 00 28 96 13 03 B1 84 0B 60 7E E8 EC A9 3B 06 36 7C E4 FC 4D 4C A8 F9 4E 8E 99 4D 32 26 C1 48 8C 46 4B 26 B5 0C 8E 82 25 60 68 70 9A 42 27 72 58 68 02 F3 CF 4A 48 5E 3C 43 BB CA A9 32 EC 5C 38 08 65 41 4C 06 10 00 51 A0 42 B4 8D 8D 0B C5 94 81 37 E3 CA C7 BE B0 8A 56 1A 09 FF 01 98 40 A1 71 9B 99 B5 88 22 43 9E E0 8C 0D 19 51 70 D0 52 5C C8 B1 88 6A 13 CC 57 6D 8C 51 09 6C 41 8A A5 40 09 D1 00 A2 6F 85 0D 04 2B 06 37 87 37 E2 EA 6A 30 93 4F 29 26 C1 18 CC 25 6A 44 89 55 4C CC 31 30 34 59 E1 62 8D 39 68 89 30 61 01 63 34 44 31 9B CA 78 3C 09 41 72 66 A9 96 4B 17 F5 35 24 78 80 0C 49 61 02 3C E6 82 C9 C6 82 3B D2 63 6E 54 1B 52 78 06 52 E7 4E 51 1A B4 EE C0 37 9E B6 C1 89 F4 4C 97 DE 96 6A 12 D1 CC E6 1E 88 03 A4 4A 07 45 4F C7 E1 CE B6 68 AB F1 80 28 A2 21 5A DB 6D D1 F9 7C 30 5F BC 37 96 C6 56
 F1 C2 03 C9 0B 03 6B 9E 38 23 A7 7D 7D 58 32 0B 11 40 37 29 0D 56 EC 85 07 62 77 79 10 B9 E2 02 14 BB 05 36 B3 35 C9 DD D6 C8 F4 02 12 61 68 26 FA A4 88 E8 1E FF 4C E6 0C E8 32 27 F8 4C B5 AD AA 3C 1C 30 49 CB 36 A5 6F AE 80 2E C6 40 36 F9 F2 C1 9A 2A 30 15 44 1A 9C 9F 1F B9 2C 68 02 47 47 09 1F 20 62 A5 35 47 DB 8A 76 D2 9B 0B 37 79 CF 12 BA AC C1 92 05 18 D3 0D C5 81 70 EA 89 B2 ED 83 5B 2D 0C 67 D1 42 85 20 76 F8 2F 80 8A 7B 03 01 CB 1E 37 54 6E 26 56 D1 FA 8F CC 9D 4E D3 8E 33 26 FC DC 3A 30 82 13 22 C7 8F FC 60 91 E3 04 CC 34 C4 07 18 18 6F A8 60 08 A4 C2 C2 EB 74 05 03 A0 51 48 47 E8 48 0D CB 71 C6 00 A4 6E 97 E5 37 C8 21 9D 36 36 DC B3 11 71 16 18 32 A4 E7 5A 01 BC 60 70 9D 59 45 42 15 11 0E EC 74 19 0C AB 99 F5 EA 11 2C 8A 26 5F 40 E2 C5 60 60 CF CE 39 37 A5 D3 54 80 05 21 4A 7A 02 52 69 C1 59 31 7D 19 64 ED 0E 0E BF B5 66 45 0A 14 38 7F 51 F0 40 7E 40 D6 52 9E 72 80 38 4B 7D 29 27 3A AC 36 98 C0 E8 04 0A 11 BD 00 62 D4 BB 8D 92 6B EA A9 D3 06 31 09 BB 48 78 37 20 37 C6 9B 40 
FB 05 26 23 66 1C A4 9A CA BF 0F E8 BC E6 F1 A5 C8 0D D2 7E B4 1C 65 13 E9 02 81 98 50 86 EA 2D 3A BC 32 5A 21 56 0D 10 24 00 8B 0B 00 76 5A 41 67 40 C2 B1 E4 05 45 03 EC 77 B1 64 3B 07 2E 5E BE 37 D0 AB 62 FB A1 60 02 1C 46 68 B5 28 EB 62 BC 3C 70 5C 94 3D 29 0C F2 4E 7D C4 47 C3 0D E6 AC 18 48 B3 0C 5C 2D 9D 36 90 F3 A5 27 32 01 06 0A 26 65 1C D1 80 C9 0B 4C 14 06 46 99 9D A7 A8 02 F0 51 1F 40 80 46 3D 3B 95 1F 19 59 B1 F3 25 99 16 E1 B2 B6 EA E4 79 A4 01 3A 8F 70 70 4C 87 34 43 15 4D 3A 78 C6 0C 99 4E DC 06 02 EE D3 94 3C F2 E1 45 40 03 55 B5 36 CE 5D 01 23 0D AC CF E8 02 5B 84 56 33 42 96 7F 24 0C D9 50 A7 3F 60 62 C6 0F 1F 72 24 01 2D 2F E4 C1 A5 90 EF 6B 9F DC 15 C8 0C 5A 77 11 42 8B 82 37 EE 7F 45 3D 09 74 FC 82 02 F1 61 55 D8 EB 85 63 C8 F2 3E DA 18 CA CA 54 A7 66 E0 7C 75 69 78 D0 5E 0C FE 9D 2A AB DD 60 56 E7 4A 4A B3 07 36 FA AD 22 D9 08 A1 97 1A 02 94 60 EE 0D 29 C5 06 DA BC 2A 0D 72 42 14 4C 20 5D 72 85 EC 99 D2 07 36 2B EB 82 37 08 B3 48 73 02 1A 88 00 0F 0F 14 DC 04 08 B
F 40 BD EE 88 13 B7 CA C2 06 34 35 E5 7A EC B6 58 BE 7A 43 2C 18 31 A8 FB 60 79 60 69 EA 7A 43 A6 15 9F 95 2B 34 40 AA 72 D0 37 7E 9C 88 5A CD A2 C8 FF 59 F0 73 03 97 A3 03 A8 CF 07 7A 0B 30 7A BC 24 C9 EB 30 90 79 48 60 39 C9 33 E1 04 E8 35 0C 36 D1 3E E4 AF 7A 03 46 88 00 5E 05 00 98 8D 09 8E 6C 1C 61 01 D7 1C 2D 2D D4 E1 04 94 2F 6B A8 44 3B B3 A4 EA 91 60 92 F3 0D 37 EF A0 9E 30 00 4B 14 4C 0A 12 10 21 D3 46 85 16 12 C9 C2 00 41 84 52 11 FA 70 9F DC 16 6C 86 83 FB BD 1F 36 D3 53 60 C4 56 F3 29 05 0A 89 2F 89 72 DC D3 58 47 F4 D0 39 1C 35 FD 6E A3 40 AC 39 B0 6D E3 5F 16 D3 06 4E 13 16 3F 8E 0C 37 60 20 9C EB 30 D4 96 50 26 08 D2 A0 45 E8 81 88 95 7C 18 6A A6 C3 E3 70 1F A6 31 35 71 9D DC E5 B0 06 F6 3C 02 AE 01 0A 60 15 1B 4D 49 88 50 BA F9 B1 BD 87 E4 A3 86 F1 31 B0 BE DB 36 B5 47 8A 25 23 09 9F 8C 4B 83 3F C9 B0 44 04 50 F9 F8 CC A4 80 90 8F 4F 4D 9D 4A 42 6E 4C 05 28 34 7A 13 56 C2 15 82 9F 1F 2B 8F 54 A8 D7 D5 21 01 32 B0 E3 AD 7F 75 20 40 71 5D 37 EF 1C 88 B7 E5 C0 C0 28 FF AA
 01 FA A1 25 63 4E D6 FC 41 79 60 C0 89 7B C4 EE A0 8A 16 54 12 3F 4A 9F 03 3D 97 E3 7C 45 E4 3F 0A DA 40 68 7E 94 42 DA 0B 3A 53 8C 92 D2 E9 78 81 89 39 B0 99 D0 7F 8F F3 3D 27 81 C5 EE D0 EA A3 FA 00 4E 22 CC 8C AF 14 65 57 20 09 F6 15 10 B8 14 1A 6E 81 E9 E0 48 BE 68 56 04 80 03 B5 A1 93 F8 E7 63 43 F4 67 F6 67 C0 02 BC B3 E1 21 BA AB F8 5A 58 7E C3 D4 B6 C7 75 0B B0 BA 46 0A 16 17 DA 90 EC 48 06 92 18 6F 20 DE 0F 8F 04 F7 C0 85 80 40 C6 40 37 BD ED 3A A7 73 56 0D EE 27 22 02 6E 39 00 CC DE 33 68 DD 93 89 47 85 04 85 7A 21 20 12 10 36 60 64 F8 B7 EE A3 5B 0A 36 EE 8E A8 D8 6F DA 46 08 00 10 0A 00 3A A1 56 E8 B4 17 6A 72 1C A9 6F EE E7 20 31 3A CC C4 6B EB 64 CB 24 A8 2A 8A B8 A8 C3 03 18 C4 0A 6F F5 82 CB CD 70 9F D9 3C 37 0F FB 26 98 32 05 1A 1C 4A 6B D8 CA 8A 99 33 99 02 E0 39 A3 67 E9 6D 2C 26 C4 12 19 86 40 82 23 BD 98 94 27 03 37 CD 59 84 ED 6B B0 7C 01 10 C7 98 31 3C 7B 78 23 14 0C B7 E2 8A 2F 10 AD 0D 08 CC 7C 83 60 BA 01 9A EC 83 CB 7D 1E 8F C1 04 FC EB ED AA E5 DF 32 1E 6E 
91 B7 05 73 CE FC B8 26 EC F4 0F 10 E6 25 C4 28 0B A3 C1 16 6D 35 6F DD C0 D8 B5 01 84 AD 92 37 BF AD 80 09 89 4E 0A 04 30 00 CC F1 14 CD A2 26 6F 01 13 2F 01 A0 A0 96 3A 38 DC A5 C5 12 78 F7 61 00 81 05 00 82 A3 1A CE 8B 8D 1C 30 A7 50 25 91 20 28 11 CF 6B CF 88 EC 4C F9 C2 85 76 CA AB D3 D9 00 D8 60 BE 37 61 B8 7F 30 E0 BC 0A CE 5E 2A 5D E1 91 12 E5 C3 0C 88 7D 9A ED 03 E1 C5 55 98 0C C8 55 15 25 D0 06 C2 DC 5F 9A AF DC 30 69 CF 05 36 C3 96 E1 FA 7F 00 20 63 7B D7 60 42 CC B2 36 4F 4F 2C A0 98 2B 61 06 8A 13 2B C1 14 D8 12 C7 17 04 78 FA E9 47 29 EA E0 37 99 7A 04 8E 42 AB A7 1C 14 1E 38 19 7D 3E 5A D4 DA C0 64 05 1D 32 D3 DD 71 65 40 98 7E 0A 03 7E 81 64 3B DD 9B 18 09 BE 89 24 51 81 02 43 CB 64 30 68 3B 15 D9 76 E6 F4 35 CA B3 0F AE 84 59 AC 6D 49 08 BA A4 CA 56 07 81 36 A0 21 D2 6D 50 93 27 98 06 8E 02 82 9D D9 B1 85 C7 38 AB 24 38 73 72 64 15 82 3C 00 5E C6 8C 57 26 58 7F 0F 37 E2 74 89 1F 5C 83 0A 0A EC 9E 51 C1 63 50 21 0C C0 78 02 51 13 B3 02 53 2D 8C 48 91 29 20 36 BB F7 3C A
F E1 56 29 10 02 1F 02 0B 9F 15 38 58 6A E4 0D 81 E6 8C 71 E7 67 11 05 C3 6F CF 58 7B AF C2 59 B2 BB C1 37 28 5C 44 29 E9 C1 0A 4B 05 E6 33 2D 33 C1 81 A5 C1 8D 59 67 46 1E 34 C4 AE 66 0F D6 B3 B4 44 FE 14 4C 3B 6C 37 58 29 F1 60 0B 23 D8 08 F2 03 AC 60 C0 4C 92 05 6B 0D 97 08 0F 44 D9 77 9C E3 AD 08 CF EA 38 36 B7 0E 2B 75 D4 F2 83 A8 60 C7 01 07 B3 42 05 98 11 88 95 15 8D 1D A0 DE 3B 4C BC 8F 18 36 F1 A9 91 71 84 00 79 C1 02 7A 45 41 16 1C 9C 1F 07 1A 70 0C 88 B4 AA DF 09 87 0B BF 14 13 8D 76 07 36 0B D7 92 CD 98 E0 96 16 02 67 B5 46 13 D7 00 53 60 32 E1 84 55 0C 4E C8 52 D7 27 64 A2 01 15 3D 16 02 04 97 30 E1 A5 3E F8 67 10 66 00 EA 6D 60 42 06 86 97 AD 8C 4E 02 0F 99 8A 04 CF 02 17 F0 64 68 7D C0 A3 90 09 04 05 8C 5E 62 CF 05 B5 37 6E 45 3E 5B 01 54 52 30 8A 48 02 35 CE 61 4C 1A 2D 00 BE 0C B6 6E C8 7B 1F 84 34 E8 60 36 2C 77 9F E7 E5 6F 01 7D 2A 58 03 12 F5 A1 9C DA 21 54 89 0F C1 40 56 EE AC D1 CA 62 30 DF 76 36 D7 B3 0E C4 67 56 49 71 4A 9D 40 0B 2C D1 AD C4 13 32 7B 66 82 A6 1B
 5A 84 29 E1 A6 B0 2B 5A 4F 41 25 67 2C 7E 4A 32 09 F1 67 3C 3C 5C 51 B6 CB 29 94 AD E4 D9 C8 0D 76 34 04 E9 99 D6 92 19 AE 8C 7D 3B 4E 0E 1A 88 F5 78 F0 61 14 6A AF 99 B2 27 90 2A B1 43 B8 52 2A 0E 37 89 DD 94 C2 4D 97 D3 EB 02 25 A1 FC C0 B1 6B 99 8C 3D 66 BE FD 00 B5 86 87 5E 98 C2 01 CF 3E 8D E6 E0 36 58 F2 7A BD 09 50 48 83 02 D1 8B 00 86 08 F8 C0 69 E6 23 B2 AB FC 13 5A FF 4C 1F BF E3 09 DB 38 AA FA 9E F4 3B F0 A3 FA 67 35 84 EB 40 AE AF 59 0B E8 89 46 37 2A DB A6 3C F5 2A A2 24 0C 16 43 16 CE E0 B7 54 CA 94 0F 16 55 9D CC F1 99 F6 30 01 57 75 36 3E EC 78 D0 B8 40 0A 05 17 17 E9 76 6A 2B 18 2F 41 22 1F 4E 6A 59 8F CC AB 21 11 28 08 AF 02 D2 2B 74 44 25 5F 1F 37 BF B9 A2 FB 1E AB 26 06 00 20 F6 53 40 04 68 C0 D3 85 72 DA C4 CB B7 BD D0 0F C0 1A 5D B8 36 FB 72 98 B8 04 13 18 E0 A1 67 59 06 A5 66 17 B5 5D EA 81 EB E0 88 31 D7 D3 E1 0D 9C 09 84 AC 59 85 0F 37 B5 49 84 DC A8 C1 1A 78 12 55 70 1E 50 DD B3 E3 D4 1E AD 53 02 C6 25 01 91 AB E1 3B CF 77 09 51 7C 83 37 77 BE 49 AD 52 72 18 
92 10 9A 98 B1 73 81 4F 57 81 CC EB 45 3E 9B 72 52 C9 05 25 75 4F 66 CF 98 71 06 B5 71 3F 6B D9 E4 ED 3F BA 0B CE 42 68 78 05 B5 02 39 A8 C6 5E 07 B6 29 E9 02 EC 6E F0 02 11 10 8F 5E 4D 25 16 67 80 26 30 A0 2E 66 02 9A 4B 78 0D 08 17 47 CA 18 30 8B 9D BC 84 CB 04 02 78 67 F1 1C 06 EC C3 FF 36 64 D2 55 7C 27 B6 2E 30 04 D0 45 0C 1D 27 D0 F4 09 D2 97 27 20 C9 31 7C CE B8 89 3B 07 13 37 47 36 F6 6C B8 84 02 6B B0 FD 02 02 EF A2 60 5F 05 8C F8 82 E4 BC 22 0A 72 42 14 62 20 D7 70 84 48 4E 1B 4C 83 EE 36 26 28 DF 05 0B 4B FC 2C 04 58 A5 0C 1D 4D 4E 71 9A 9C 2E 27 76 52 7D 4E 6D A6 0A 14 8A 50 4E 4D 29 43 49 A8 C2 81 E0 A4 C2 4C 16 53 1E 8A 38 31 61 5C 50 04 F6 12 90 8B A4 4D 5A 93 69 09 8F E3 DE E5 87 C1 04 E8 71 36 79 FA 00 D0 00 00 BE 0F 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch\PfAp\ApLaunch_a7381c58:  4D 41 4D 84 A8 6C 00 00 8D 8B 65 54 94 A9 AA BA 0B BA AA B9 BA A9 AB BB AB 0A 0A AA 99 A0 99 9A 99 9A 8A A7 88 88 78 88 97 09 BB A0 79 78 88 98 97 AB 8A 89 97 79 88 8A A9 99 0A 8B 79 79 77 77 77 89 87 77 97 77 77 78 88 A9 0B AB AA 9A 9A 9B 9B B0 BA AB AA 0A AA AA AA A9 9B AA AA AB BB 99 AA AA A9 B9 A9 AA A9 AB AA BA B9 89 AA BB 0A AA 9B B9 9A 9B 9A 9B 98 B9 AB AA BB AB BA AA A9 BA AA A9 9B A9 A0 9A AB 00 AA 9A BA BA 0B 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 B0 08 00 00 00 00 00 0B 00 A6 AB BB B0 B0 00 B0 60 B7 B9 B0 00 00 00 00 80 A7 B0 A0 00 B0 BB 0B A0 BA BB 6B 0B 00 AA 00 80 B0 00 60 0B 00 00 0B 90 86 9A 79 BB 00 A0 B0 50 96 98 AA 00 00 BB 00 60 75 97 AA 0B B0 BB B0 60 76 A7 9A 0B BB BB A0 6B 80 A6 9A BA 00 0A A0 60 80 A7 A9 BA 00 0B 00 70 90 B8 BB 09 00 00 00 90 00 00 00 00 00 00 00 00 00 D8 86 02 A0 B4 E0 06 1E C4 A0 03 5A 7B 07 34 A0 C0 20 29 90 A3 04 65 41 20 E4 65 E1 07 82 F6 0C FA 31 E1 27
 D4 21 32 0A 3C 54 50 08 10 C1 54 18 54 98 20 25 85 0C 44 89 16 E0 2D 1D AC 0E F7 3F FA C3 A5 9C EF 93 BB 97 29 DE 36 B3 1A AD BF DE 32 ED A5 45 F3 26 10 E4 0A 02 06 A1 00 C2 9D 29 C2 2D 98 E6 07 09 23 BD 73 0C 58 81 00 14 12 AA DE 86 51 FA 67 30 EE 35 36 9E 7F 40 2F 14 93 FC 05 00 27 C4 A6 26 08 28 6C 0F 02 5C AF 4E 0C AC 10 14 16 89 8B CA 84 68 86 1D 4C 53 8E 36 E8 85 CC CB CA 21 9E E4 02 F8 37 00 C7 D4 34 21 84 2E 0C 81 66 46 10 42 60 31 66 A9 20 0B 89 2E B9 90 27 83 78 50 D9 41 35 70 E7 30 FF 42 BE 50 4C 00 E9 34 55 8C 22 A2 F8 EC 12 6C B0 C1 46 4E 3C CD 38 20 EC 1A 6B C4 91 12 52 B2 D8 C0 E0 25 48 C5 06 D8 52 70 0F A8 A1 5D 9E 00 83 B1 65 36 3C A4 66 1B 4C 27 FE 35 BC AC D0 94 29 98 8D 3F 02 A0 C0 18 2C 18 1E C0 90 46 C5 60 02 0C FC 0D 0B A3 54 D1 27 92 99 6D 8D 98 53 7B 0B 37 35 1A EF C5 44 A0 5F 20 01 60 87 0A 3A 5E 90 00 80 1C 67 36 1A 23 0A 94 57 4A 44 1A 93 42 28 38 A2 70 40 0D 0C 1E 5D 2B 1A 0C 23 44 DB 39 95 66 59 60 8E EC 7C 36 B5 15 36 4C 66 05 A6 F8 2D D0 C2 0A 25 70 75 
42 3D 03 61 40 C1 B3 0D 84 9B A3 E0 09 30 A7 B8 89 C6 D4 0A 63 46 A9 4D 09 03 42 8C 20 26 65 A9 C1 4D 91 69 02 39 03 78 4E 60 39 A9 D1 19 9B 6D F6 6D F0 A8 6C 83 35 95 F4 22 75 9D 60 08 A4 35 60 F4 33 53 96 53 8D 0D 5C 6C 9C 5B D1 50 46 A8 D4 62 6A E2 6F B7 C1 FC B9 98 00 0C 3E 36 FE F3 1B 46 01 05 07 E1 60 F3 01 78 17 8E 2B AC 74 22 4B CD DD CF 08 6E 0D 18 30 DF 60 56 44 0C 13 C1 01 A9 11 22 ED C3 B3 0D ED 4C 81 D7 14 3C C5 E5 20 36 D3 96 A2 71 9C 60 0A A5 D2 0D 52 B0 66 6C 40 AE 8D F7 2F BF 1C D7 C5 74 A4 CB 03 13 0E 3C 36 E4 F8 8E A6 7F 60 02 FC 6A 0E A1 E4 8C 0B C6 A9 D9 C4 87 EC 03 73 EA 0C CE A1 8D A2 01 7F 8E 0D 28 7A CD E1 15 F1 22 E9 72 7A E8 B2 0C C6 33 E7 36 5A 7C C5 5D 76 41 B1 1D 3A 2A 25 92 3C D5 81 3B 3F 58 E8 37 6B E8 31 53 14 AD 04 C8 63 6A 1F 16 BC 45 0C A7 74 26 72 3B 10 96 04 9A EE B0 90 06 E4 71 78 12 92 3C 77 58 03 44 8C EE 33 47 A5 4E D0 C0 1E 33 66 36 18 2B 60 C3 E5 38 FB 03 02 06 B0 2A 26 9A 53 7E 76 21 6A 8C B9 3F CC E4 7A 00 F5 EC 94 63 6A C7 D4 BE AA 0D 1D 4
7 10 55 F6 55 06 FC 28 38 70 39 21 81 33 38 82 6E 09 59 FF C8 39 A2 A1 81 36 68 B6 F0 31 0F D8 2B 08 02 F8 93 4B 06 00 1E 53 F0 0A 11 05 94 00 57 72 59 AC 00 46 62 00 0B 1B 60 FC CD D8 73 7F 0C 36 F6 BA C9 DB B4 70 BC 7D A0 E4 00 30 50 99 89 87 A5 25 49 98 26 54 A9 6E 84 80 6E 66 2A C8 13 67 48 42 71 F6 26 46 27 5A 31 28 26 0B F4 10 7D A1 10 22 79 31 37 47 CC 0D 4B 88 81 30 29 5E 52 97 B6 93 09 12 7E C1 91 C8 A4 09 D9 21 48 1E 1A 84 4D D5 A0 91 C9 CD AD 51 08 F5 A2 0D DA 42 4D 21 93 8C B7 12 88 A5 D5 90 29 08 50 61 0E B2 21 2D 61 C6 46 A1 98 E2 65 40 37 D8 72 95 FF 80 0D 02 E6 F7 E8 12 99 49 07 AC 27 C4 04 09 FA 87 08 1F F1 8B 28 CB 5D 60 A2 B6 D0 1C ED 98 B8 EE 3D 37 DC 33 7E 4A 80 45 72 D3 FC 98 88 89 A0 4D 14 12 AB D8 0D 26 30 4C 4C 21 B8 9A 83 98 90 D2 5A 42 95 12 45 41 AF 26 56 19 83 93 34 A0 C9 CC 57 53 84 11 CC 21 63 01 0C 8E 4F 12 70 E4 FA 6C CE 34 80 62 66 92 BC 7D 94 01 59 EC B9 60 42 36 ED 37 71 3E 36 C4 1F 0D 91 A5 12 B3 EC 14 F3 5C 8F A0 16 02 1E 18 15 A0 C4 04 1B AD 0C 0C
 69 81 B9 13 A6 1C 68 2F D0 4C 6F 2E 37 76 3D 53 DA 60 82 91 5E 12 3F A2 79 48 A0 15 1E C5 07 C1 0A A4 B6 78 E0 A3 4A 9C 20 F0 2D 41 D0 31 1B 4D D7 2D A4 98 39 20 44 B9 63 36 D5 1C 98 58 31 2F 0A 86 E2 29 99 17 18 23 3E 45 32 1C 71 0D 2F 9E 8E 23 71 BB B6 08 9C F0 2C 5A DD 02 36 D8 9B E5 6E 73 54 6C 01 18 B4 70 60 E0 60 53 73 B2 95 83 77 1A 0C DF A2 42 C3 24 B6 F6 2F 80 52 BB 83 26 CB 20 37 58 67 21 5E 57 30 F8 22 02 D2 F6 00 ED 24 1A 54 8A A0 DB 46 D4 1C 0E CB C2 9C 11 5E 1B 8C 37 E3 9D 9F 77 07 13 94 9C 0A 07 0B 27 61 17 44 16 56 D3 B8 51 94 83 01 83 D9 E0 E0 45 C8 DB 14 3C 50 5F 8A 35 2B 3F F0 3E 88 4E 7D A9 26 3A 4C 36 98 C8 DE 2F 0A 10 5D 41 5E 44 80 16 B1 5E 47 54 D6 82 1D 6D 8F 07 8F 81 8E 10 0A 28 00 8B F5 48 2C 12 C2 5F 60 0F E3 39 B8 37 BB 6E AA 9F 15 2E 96 37 96 BD B4 42 C4 E8 08 E5 E7 00 30 E6 12 69 CC B4 C9 A7 D4 19 1C C2 80 99 31 35 95 AA 38 05 30 D4 50 81 70 84 85 AA A0 2A 44 68 11 7A 52 99 80 7C ED D2 A8 FB C3 CD C4 63 03 36 7D D9 05 5F 80 0D 55 E3 4B 0A 02 B1 64 96 28 
5F B2 31 C6 F2 D6 25 A9 2F 0C B7 D8 E7 4F 1B CA 4D D1 66 19 08 36 FD 4B 8A F3 C1 29 52 30 A9 79 02 A0 40 0D 17 74 32 C1 34 02 C1 31 79 5A D2 01 52 64 8A 31 D5 EF AE 08 76 0F DC BD 60 37 C1 63 09 30 48 D2 0A 00 34 F0 14 28 EF C2 CC 27 C8 47 97 D6 8E A5 46 46 1A 81 15 48 22 2D F0 86 3A B2 EA F1 DB 15 7A B8 04 1A 2A A5 E8 6C 20 05 96 B4 00 F3 D5 BF 28 90 F3 44 58 97 7C 55 24 02 20 0E AC 11 9E 0D 9D F1 72 B7 C0 96 A0 58 4A FA 2C C0 3D 80 68 80 2E CA 36 6E 98 21 23 13 B3 C6 49 88 82 95 47 1C DC CF 66 5C A5 64 81 02 33 4D 65 1B CE CA 01 01 C5 00 1B BA 62 F0 19 3B 72 5C 8C 88 FE 48 0C 64 42 C4 E8 83 26 1F C1 1A A0 7E 1F 17 62 E0 98 0D F2 1C 59 5C 11 20 12 71 68 7E C6 28 2D 0A 37 B2 E7 55 FD 60 02 94 D4 02 D7 AB C6 86 E1 7D B4 B1 2A FF 17 8B 33 03 C9 7F 65 E7 42 7B 0C F9 7E 2A 60 AF B6 57 81 FC 24 96 1E 36 E4 B3 CB 64 20 84 41 6F 02 1B 54 95 AE D2 29 FD 60 21 5E 0D 12 59 14 B8 25 85 B5 CE 81 10 3A F1 36 BD 6A BC C8 1C C2 43 AE 02 0E EE 00 05 F7 14 48 5C 08 6D C0 88 87 DD BF 07 29 C9 7E 06 35 B
3 E5 FE 6B 43 30 41 7A 3B 76 E4 4B 5B 8F E9 BE 12 4D 04 35 A3 88 E3 8B 28 22 E0 38 68 37 27 EE 44 2F AA 58 F3 6F 23 70 E7 70 5E 23 90 AA CF 07 7A 0C 80 7A 5E 12 C9 3B EB 90 F5 85 54 A3 27 6E 1B 20 C3 81 F6 81 1B 6D 87 36 27 B1 0B C8 1B 6D 35 F2 60 0A AE 24 30 AB 71 84 05 5D 63 80 66 3E 47 C6 0B F4 A2 9F 62 00 1F A1 B2 67 22 5D 81 71 73 BB 37 B6 5D C4 17 1E 60 79 9A 00 41 DF 1C 3F 32 AD 68 41 8E 30 24 B6 01 84 66 5A 12 5E 3C 7D 47 E2 B6 C2 08 73 E4 DC 87 0D 19 36 B3 D1 AA 62 8A A4 5F 10 67 EB 70 69 39 C5 4F 83 5E D2 20 E7 08 D5 F7 DD 46 81 B1 36 10 BA 4C D3 7A A8 C9 6A 01 C2 61 62 B5 08 18 4C C2 50 73 42 C1 50 B0 90 33 61 4A 5B 16 A3 84 21 95 32 62 BB B9 00 8F C0 7D 96 C6 35 C7 6D 70 8D C0 1C B0 D4 02 52 0D 50 50 55 E9 BA 24 1A C2 BA D6 C7 BE 1E 8D 8F 9C C6 C7 C0 36 19 EE BC 2E 27 A6 08 E4 76 B2 95 B6 7E 90 40 89 09 9F 39 D4 BA A4 41 5F 87 3A 99 3A 2B 21 B8 35 27 A8 49 B4 12 3C 85 D0 5A 3B 21 4F 23 D5 E9 75 35 F8 24 4B 1D 4C AD 9C 53 21 02 EB 02 37 E5 89 54 FD 0A 36 2A 79 81 52 01 9A E6
 19 03 E0 27 18 A7 5B E3 F1 D1 65 0F 1F F3 C5 02 F9 7A DA 32 5B 93 44 5E F0 43 3A 62 D5 42 FF 09 DF 40 31 0B 37 96 34 43 33 3D 7F 01 F2 E7 27 FE C5 5C C7 C1 EF 66 00 17 11 28 C6 A1 82 57 5C 09 25 D8 10 FD 3E 1A 43 76 5B 7F FB F6 A2 18 51 EA 0D D7 86 9C A2 EF 84 3E 74 88 F9 D6 BB ED 7F 01 97 EE 9E D3 87 61 AD 0D 6B DA E2 A8 EF 80 3D 05 A0 0A B8 E0 86 C4 23 F6 C1 84 83 9A 20 03 BF 81 F4 EF 27 A0 7D 85 10 22 DB 31 37 5D 37 97 CB FB 9C B9 82 02 06 26 00 6E B7 B4 A6 A5 19 8F 18 09 13 F5 0A 21 24 0B 10 94 48 54 C1 64 E9 F6 05 A5 E3 FE 36 37 B8 36 2E C7 8F C0 92 00 05 14 70 0F 1D 9C 7B 89 7E 4B 25 A0 D4 C9 BC C3 1A 9D D5 E0 03 52 F2 78 7E 12 52 41 19 A0 78 00 8B 78 0A AC 1E 82 F9 F7 EE 83 9B 07 37 55 0F 84 EF AE C0 1A 45 41 A0 1B AC B8 99 13 F6 6A CF 80 DB 44 6C A2 25 58 19 61 88 82 79 0D 74 EA 03 D8 57 29 37 EC CA 30 A5 01 73 88 7C 10 3C C7 78 35 14 7B E2 23 0C 12 F7 8A 0D 2F 08 7C ED 76 9C 81 01 B5 DB 45 ED 90 C1 E0 3E 75 C8 04 2D 3E EB 76 8F EA 48 01 05 97 F3 05 EC 96 E3 BE 83 09 07 CF 10 
10 F3 6F 7E 86 F1 B0 95 5B 4D 4F 3F C0 35 EA B0 C1 EB 64 37 2F 2B 60 C2 A2 13 0A 01 6C 00 36 38 14 6F 51 C9 97 40 85 4F 48 27 38 96 3A 9E F6 80 1A 02 BF 3E 4C 00 B0 E0 00 F3 34 30 F3 03 F1 EC 6C 47 1B 93 92 33 F2 65 85 17 F3 40 DB 11 E4 59 B8 AC C3 5E 7B 3C 17 00 37 1F CC 26 00 43 0F 0A 17 38 AE B1 24 90 B1 71 73 54 4D 31 1D AE 98 A1 09 87 54 02 79 24 9C 3D 66 9A CA 65 9B F6 5C 00 36 0C F9 B4 46 0F 0A C8 28 5E 35 A1 D0 B0 08 3F F2 7C 1E F2 82 91 6E 3A 92 1C 40 9C 1C 08 3A 0C 0C B9 12 E3 25 09 CB FA DE 1A 06 54 BE 0B 0A F4 DC 78 E4 3C 40 93 7D 74 37 B6 1C 5D F6 0E A1 1A 36 14 FA AC B4 2A B5 7D 0A A4 C0 E4 C8 5B 7B BF A6 20 24 F2 1A 35 BF 9D EA D9 E8 42 16 98 80 48 02 2F 53 C2 DA E2 5B 07 D7 95 32 EB A6 0C 45 1A 9F 0B E0 25 6D B2 D2 08 4C AD 38 36 7E 0B A6 7C C1 04 6F 38 02 D2 09 C1 16 8D C9 8D 0E 38 E5 AA 90 21 6B 12 E4 04 F0 C6 35 F6 98 68 8D 3D 37 82 D3 26 7E 53 0D 0A 69 B0 C7 D1 42 82 F0 A0 0C 02 2A 00 45 A2 5E 5E 8C 24 A3 B0 9B DD 36 36 BC 6E 7B C1 40 84 0E AD 02 3A 05 6C 16 78 0A 5
A 30 46 9A 17 C0 C8 1A 3B 7E 25 AA 73 48 F5 19 C2 6F EF 38 4F FB 36 37 FD 84 4C FC 48 1E 0A B3 54 63 3E A1 38 F4 44 4F 95 67 00 C5 FC ED 98 58 D8 28 37 9E 75 70 8E 60 0E 4C 78 02 B9 11 3D 05 11 8B 69 82 A8 31 0D 21 14 12 DD 6F 3D 9C 41 5B 9E C4 71 10 36 FD 13 DC 3E EA 5F E8 04 C2 83 01 B3 60 03 07 63 B4 4B 31 15 3A 12 CF B6 A0 91 7A 62 30 37 7E 36 C6 B7 02 C3 05 13 25 E5 02 5B E8 38 5B B8 40 70 1F B4 1C 0C 09 86 AA 8B DC 08 87 87 BF 07 13 D7 6A 36 CA 0D E0 94 28 98 7B 35 02 60 00 75 0D 3E 65 25 13 4B 48 0C DD 84 1C A0 40 D3 2E D1 AA 8A 4A 23 C0 84 21 4B AC D4 4C FC 26 C0 F5 A3 68 C9 2A 29 65 42 07 68 B8 74 64 77 16 54 20 7E 41 BB 03 26 8B 77 48 30 C0 96 5E F5 DC A0 CA AC 3B 37 E8 CB 80 0B 0A 26 61 40 02 CE 16 26 67 10 5B D1 32 C2 4F 3B CD D0 18 A3 BD 39 36 3B AF B7 A9 E1 FA 94 6D 01 16 21 20 96 9D 68 0E 9E 32 58 D7 36 61 65 BB 98 60 5B 31 36 CB 37 61 EA 1C DC AE C0 02 E8 45 00 87 30 1D 12 C1 8C 96 24 95 66 38 BF 86 91 3A E6 3C D2 11 0F 6A 8F 0C AD B3 8C 8F F9 BC 87 29 49 83 06 35 B8 A8
 38 7A 12 60 B0 66 00 07 77 66 C9 30 23 0F 5C E4 D0 64 8C 89 6B D5 E8 21 4D 92 20 42 3C AA D9 C7 6E 18 03 B7 13 8E 2B 07 36 C6 93 89 79 3C 41 71 3A E9 58 FB 49 29 41 CA 2C 2E 2D 47 0A 4C 57 28 C8 B2 62 B0 16 4B 4D 4E B0 28 5A 29 01 A0 68 AC 24 4C 2A AA 0E 1D 9B A6 34 25 16 E2 E0 50 37 DF 58 0C 03 E1 02 18 6B 88 76 5F 49 EB 62 41 96 51 ED BA 1D 87 51 2D 99 B0 7F B8 4E 31 27 3B D3 4A 0E E4 37 DD 12 C3 8A 77 16 E9 47 AB 71 02 D2 8B 14 4C 30 E8 81 76 3E AE 7C 48 A7 9C 15 EF 0D 16 E6 91 08 1C 96 53 74 93 E7 0F 8C 37 D9 93 37 E0 EB 12 52 08 A8 CD 02 42 4F 2C 99 77 CC DD E2 A0 57 22 73 5A E0 B5 90 4C 24 81 9A 0E A9 28 1B 89 27 97 90 64 D7 08 4F 4B 3A 36 23 F6 2F 62 98 90 76 3F 02 5A E9 70 5C 29 F0 B8 D1 27 9B CB E0 A9 A1 79 5C 30 B9 2E 36 C0 8D 0A 4C 8F 24 18 82 01 07 0A 07 75 20 2A 11 AD 5D 91 08 E2 C1 CD 31 0D 12 A6 84 C3 F8 0F C2 49 69 37 EE E9 60 42 E6 5D 0A 64 59 4E C0 3A A6 C1 90 C9 91 3B C6 8E 1C F1 CC 19 75 0E 36 B3 4D 14 D3 E1 E1 FB 02 02 FF 46 FF 9D 21 53 00 67 88 26 EC 02 1B 22 A2 
09 E9 00 61 50 E7 50 41 8A 98 8C 17 03 9D 91 D8 CF 97 00 79 6F 30 F1 3C 6F 36 26 0D A8 48 AE A4 8C A1 10 B0 96 1B 37 5F 5A E4 45 02 75 C9 56 CF 25 71 60 B5 99 43 06 D7 6A F4 EB 39 E3 0B E9 DF 3B BF 5A D4 D4 82 02 7F 1C 59 57 DE 55 E6 14 27 05 02 76 FC A5 06 3C 4D A0 35 35 EC D7 90 35 36 A8 8D A9 51 C0 64 F5 5B AD 5D 91 F4 F3 B0 47 B5 1B 37 B7 F3 53 6A 60 42 7F BF 02 E0 E1 05 14 1C 12 FE 23 DC 8E 48 AA AB 98 09 2B C4 46 22 14 0F 2B 84 E3 74 08 0F 7D 37 36 54 0E 01 F6 AA 71 0B FE AF 82 25 32 3C 0B A5 0C AC F5 E9 4A 4C 80 29 19 23 37 D2 3E 89 F6 2A 55 26 49 A0 A6 C9 94 BB 0B D2 04 DA 17 0E AA 81 5D AF 81 35 65 91 B2 52 BA 8A B6 29 E0 26 4D 9E B4 69 7D 13 03 97 09 C7 E3 82 36 F4 CE 60 33 00 00 1F 00 00 44 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch\PfAp\UserTime_a7381c58:  00 00 00 00 00 00 00 00 FB 76 C0 F0 2E 6C D3 01 5B 93 9B 84 93 6C D3 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch\PfAp\UserTime_a7381c58:  00 00 00 00 00 00 00 00 5B 83 69 B4 37 6C D3 01 9B 43 8E 43 9C 6C D3 01
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-21-738614823-346164979-3814199400-1001\RefCount:  0E 00 00 00
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileService\References\S-1-5-21-738614823-346164979-3814199400-1001\RefCount:  0F 00 00 00
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000023
HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\GlobalAssocChangedCounter: 0x00000026
HKLM\SYSTEM\ControlSet001\Control\Nsi\{eb004a01-9b1a-11d4-9123-0050047759bc}\28\d7e411314c2be545a10015e7bfc63a64:  00 00 00 00 00 00 00 00 6A 2C 4B 80 0E 6C D3 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

03.12.2017, 16:48	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse Aha. Und was genau ist jetzt eigentlich das Problem? Was genau erwartest du von einer bitcoin-Software? Was genau sollen "komischen Sachen"sein? Warum wird ein Malbefall herbeigeredet? __________________ __________________

03.12.2017, 16:59	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse Ich versteh dich nicht. Du traust dem Programm nicht und es tut nicht das was es soll. Aber anstatt es zu deinstallieren lässt du es einfach drauf. Muss man nicht verstehen oder? __________________ Logfiles bitte immer in CODE-Tags posten

03.12.2017, 17:34	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse Du sollst die Logs in CODE-Tags posten. Der Lesestoff ist doch nun wirklich nicht zu übersehen. Und nochmal, nur weil das Programm nicht das tut was du willst ist es ein wenig lächerlich gleich einen Befall herbeizureden. __________________ Logfiles bitte immer in CODE-Tags posten

EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse

Diskussionsforum: EVENTUELLE computer übernahe von Programm trotz ESET. Regestry änderunegn Analyse