Highly infected laptop

Jay Pfoutz · Nov 27, 2012

Sure.

Sador27 · Nov 30, 2012

A"Silent Runners.vbs", revision 64, http://www.silentrunners.org/
Operating System: Microsoft Windows 7 Home Premium Service Pack 1 (64-bit)
Output of all locations checked and all values found.

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Google Update = "C:\Users\Sad0r\AppData\Local\Google\Update\GoogleUpdate.exe" /c [Google Inc.]

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
IgfxTray = C:\Windows\system32\igfxtray.exe [Intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [Intel Corporation]
ETDCtrl = C:\Program Files\Elantech\ETDCtrl.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [Adobe Systems Incorporated]
ASUSPRP = "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" [ASUSTek Computer Inc.]
ASUSWebStorage = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S [null data]
USB3MON = "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [Intel Corporation]
Wireless Console 3 = C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [ASUSTeK Computer Inc.]
ATKOSD2 = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [ASUSTek Computer Inc.]
ATKMEDIA = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [ASUSTek Computer Inc.]
HControlUser = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [ASUS]

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = Microsoft Windows Media Player
\StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\

>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}\(Default) = Microsoft Windows Media Player
\StubPath = C:\Windows\system32\unregmp2.exe /ShowWMP [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\(Default) = AcroIEHelperStub
-> {HKLM…Wow…CLSID} = Adobe PDF Link Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe Systems Incorporated]

{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\(Default) = Norton Identity Protection
-> {HKLM…Wow…CLSID} = Norton Identity Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll [Symantec Corporation]

{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\(Default) = Norton Vulnerability Protection
-> {HKLM…Wow…CLSID} = Norton Vulnerability Protection
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\IPS\IPSBHO.DLL [Symantec Corporation]

{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]

{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\(Default) = (no title provided)
-> {HKLM…Wow…CLSID} = Bing Bar Helper
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

AsusWSShellExt_B\(Default) = {6D4133E5-0742-4ADC-8A8C-9303440F7190}
-> {HKLM…CLSID} = AsusWSShellExt_B64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]

AsusWSShellExt_O\(Default) = {64174815-8D98-4CE6-8646-4C039977D808}
-> {HKLM…CLSID} = AsusWSShellExt_O64 Class
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [eCareme Technologies, Inc.]

EnhancedStorageShell\(Default) = {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
-> {HKLM…CLSID} = Enhanced Storage Icon Overlay Handler Class
\InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS]

OverlayExcluded\(Default) = {4433A54A-1AC8-432F-90FC-85F045CF383C}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

OverlayPending\(Default) = {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

OverlayProtected\(Default) = {476D0EA3-80F9-48B5-B70B-05E677C9C148}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

SharingPrivate\(Default) = {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
-> {HKLM…CLSID} = Sharing Overlay (Private)
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

EnhancedStorageShell\(Default) = {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
-> {HKLM…Wow…CLSID} = Enhanced Storage Icon Overlay Handler Class
\InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS]

SharingPrivate\(Default) = {08244EE6-92F0-47f2-9FC9-929BAA2E7235}
-> {HKLM…Wow…CLSID} = Sharing Overlay (Private)
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00C6D95F-329C-409a-81D7-C46C66EA7F33} = (no title provided)
-> {HKLM…CLSID} = DefaultLocation
\InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS]

{80009818-f38f-4af1-87b5-eadab9433e58} = MF ADTS Property Handler
-> {HKLM…CLSID} = MF ADTS Property Handler
\InProcServer32\(Default) = C:\Windows\System32\mf.dll [MS]

{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
-> {HKLM…CLSID} = WebCheckWebCrawler
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]

{F5175861-2688-11d0-9C5E-00AA00A45957} = Subscription Folder
-> {HKLM…CLSID} = Subscription Folder
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]

{7D559C10-9FE9-11d0-93F7-00AA0059CE02} = Code Download Agent
-> {HKLM…CLSID} = Code Download Agent
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]

{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} = Subscription Mgr
-> {HKLM…CLSID} = Subscription Mgr
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]

{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} = WebCheck SyncMgr Handler
-> {HKLM…CLSID} = WebCheck SyncMgr Handler
\InProcServer32\(Default) = C:\Windows\System32\webcheck.dll [MS]

{d6044399-0b9e-4084-a9ac-c4b7c7800fcf} = FolderItem
-> {HKLM…CLSID} = ASUS WebStorage Drive
\InProcServer32\(Default) = mscoree.dll [MS]

{b1b96b20-da1d-4a3c-92c1-7229b32f2325} = BackupContextMenuExtension
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]

{0066D4B3-8DE0-4D08-AA83-EDD50E2431F0} = ELAN Control Panel
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Elantech\ETDMcpl.dll [ELAN Microelectronics Corp.]

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

{00C6D95F-329C-409a-81D7-C46C66EA7F33} = (no title provided)
-> {HKLM…Wow…CLSID} = DefaultLocation
\InProcServer32\(Default) = C:\Windows\System32\shdocvw.dll [MS]

{80009818-f38f-4af1-87b5-eadab9433e58} = MF ADTS Property Handler
-> {HKLM…Wow…CLSID} = MF ADTS Property Handler
\InProcServer32\(Default) = C:\Windows\System32\mf.dll [MS]

{08165EA0-E946-11CF-9C87-00AA005127ED} = WebCheckWebCrawler
-> {HKLM…Wow…CLSID} = WebCheckWebCrawler
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]

{F5175861-2688-11d0-9C5E-00AA00A45957} = Subscription Folder
-> {HKLM…Wow…CLSID} = Subscription Folder
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]

{7D559C10-9FE9-11d0-93F7-00AA0059CE02} = Code Download Agent
-> {HKLM…Wow…CLSID} = Code Download Agent
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]

{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE} = Subscription Mgr
-> {HKLM…Wow…CLSID} = Subscription Mgr
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]

{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB} = WebCheck SyncMgr Handler
-> {HKLM…Wow…CLSID} = WebCheck SyncMgr Handler
\InProcServer32\(Default) = C:\Windows\SysWOW64\webcheck.dll [MS]

{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM…Wow…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\DeviceNotificationCallbacks\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

HKCU\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\

HKCU\Software\Microsoft\Command Processor\
AutoRun = (name not found)

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\
Shell = (name not found)

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\
Shell = (name not found)

HKLM\SOFTWARE\Microsoft\Command Processor\
AutoRun = (name not found)

HKLM\Wow6432Node\Software\Microsoft\Command Processor\
AutoRun = (name not found)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs = (empty string)

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs = (empty string)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
IconServiceLib = IconCodecService.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
GinaDLL = (name not found)
Shell = explorer.exe [MS]
System = (name not found)
Taskman = (name not found)
Userinit = C:\Windows\system32\userinit.exe, [MS]
VmApplet = SystemPropertiesPerformance.exe /pagefile

HKLM\SYSTEM\CurrentControlSet\Control\ServiceControlManagerExtension
ServiceControlManagerExtension = C:\Windows\system32\scext.dll [MS]

HKLM\SYSTEM\CurrentControlSet\Control\BootVerificationProgram\
ImagePath = (name not found)

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
Authentication Packages = msv1_0

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
Notification Packages = scecli

HKLM\SYSTEM\CurrentControlSet\Control\Lsa\
<<!>> (livessp [MS]) Security Packages = kerberos|msv1_0|schannel|wdigest|tspkg|pku2u|livessp

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option\
UseAlternateShell = (name not found)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\
AlternateShell = cmd.exe [MS]

HKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\
SecurityProviders = credssp.dll

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\
BootExecute = autocheck autochk *
Execute = (name not found)
SetupExecute = (value not set)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters\

{DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}\(Default) = GenericFilter
-> {HKLM…CLSID} = GenericFilter
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers\

{06FE45A8-6D92-44ba-A0F1-9A9BCDC8F5A7}\(Default) = FaceCredentialProvider64
-> {HKLM…CLSID} = FaceCredentialProvider64
\InProcServer32\(Default) = C:\Program Files (x86)\ASUS\FaceLogon\system\FaceCredentialProvider64.dll [ASUS]

{25CBB996-92ED-457e-B28C-4774084BD562}\(Default) = GenericProvider
-> {HKLM…CLSID} = GenericProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]

{3dd6bec0-8193-4ffe-ae25-e08e39ea4063}\(Default) = NPProvider
-> {HKLM…CLSID} = NPProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]

{503739d0-4c5e-4cfd-b3ba-d881334f0df2}\(Default) = VaultCredProvider
-> {HKLM…CLSID} = VaultCredProvider
\InProcServer32\(Default) = C:\Windows\System32\VaultCredProvider.dll [MS]

{6f45dc1e-5384-457a-bc13-2cd81b0d28ed}\(Default) = PasswordProvider
-> {HKLM…CLSID} = PasswordProvider
\InProcServer32\(Default) = C:\Windows\system32\authui.dll [MS]

{8bf9a910-a8ff-457f-999f-a5ca10b4a885}\(Default) = Smartcard Credential Provider
-> {HKLM…CLSID} = Smartcard Credential Provider
\InProcServer32\(Default) = SmartcardCredentialProvider.dll [MS]

{94596c7e-3744-41ce-893e-bbf09122f76a}\(Default) = Smartcard Pin Provider
-> {HKLM…CLSID} = Smartcard Pin Provider
\InProcServer32\(Default) = SmartcardCredentialProvider.dll [MS]

{AC3AC249-E820-4343-A65B-377AC634DC09}\(Default) = WinBio Credential Provider
-> {HKLM…CLSID} = WinBio Credential Provider
\InProcServer32\(Default) = C:\Windows\System32\BioCredProv.dll [MS]

{e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}\(Default) = CertCredProvider
-> {HKLM…CLSID} = CCertProvider
\InProcServer32\(Default) = C:\Windows\system32\certCredProvider.dll [MS]

{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}\(Default) = WLIDCredentialProvider
-> {HKLM…CLSID} = WLIDCredentialProvider
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [MS]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers\

{5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}\(Default) = RasProvider
-> {HKLM…CLSID} = CRasProvider
\InProcServer32\(Default) = C:\Windows\system32\rasplap.dll [MS]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\

HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logon\

HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Logoff\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Startup\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\Scripts\Shutdown\

HKCU\Software\Classes\PROTOCOLS\Filter\

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\

application/octet-stream\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]

application/x-complus\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]

application/x-msdownload\CLSID = {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
-> {HKLM…CLSID} = Cor MIME Filter, CorFltr, CorFltr 1
\InProcServer32\(Default) = mscoree.dll [MS]

HKCU\Software\Classes\PROTOCOLS\Handler\

HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\

about\CLSID = {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML About Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]

cdl\CLSID = {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
-> {HKLM…CLSID} = CDL: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

dvd\CLSID = {12D51199-0DB5-46FE-A120-47A3D7D937CC}
-> {HKLM…CLSID} = DVD: Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\msvidctl.dll [MS]

file\CLSID = {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = file:, local: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

ftp\CLSID = {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = ftp: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

http\CLSID = {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = http: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

https\CLSID = {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = https: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

its\CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6}
-> {HKLM…CLSID} = Microsoft InfoTech Protocols for IE 4.0
\InProcServer32\(Default) = C:\Windows\System32\itss.dll [MS]

javascript\CLSID = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Javascript Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]

local\CLSID = {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = file:, local: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

mailto\CLSID = {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Mailto Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]

mhtml\CLSID = {05300401-BCBC-11d0-85E3-00C04FD85AB4}
-> {HKLM…CLSID} = MHTML Asynchronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\inetcomm.dll [MS]

mk\CLSID = {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
-> {HKLM…CLSID} = mk: Asychronous Pluggable Protocol Handler
\InProcServer32\(Default) = C:\Windows\system32\urlmon.dll [MS]

ms-its\CLSID = {9D148291-B9C8-11D0-A4CC-0000F80149F6}
-> {HKLM…CLSID} = Microsoft InfoTech Protocols for IE 4.0
\InProcServer32\(Default) = C:\Windows\System32\itss.dll [MS]

res\CLSID = {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Resource Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]

tv\CLSID = {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
-> {HKLM…CLSID} = TV: Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\msvidctl.dll [MS]

vbscript\CLSID = {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
-> {HKLM…CLSID} = Microsoft HTML Javascript Pluggable Protocol
\InProcServer32\(Default) = C:\Windows\System32\mshtml.dll [MS]

HKCU\Software\Classes\*\shellex\ColumnHandlers\

HKLM\SOFTWARE\Classes\*\shellex\ColumnHandlers\

HKLM\Wow3264Node\Software\Classes\*\shellex\ColumnHandlers\

HKCU\Software\Classes\*\shellex\ContextMenuHandlers\

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\

BriefcaseMenu\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]

BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

FormatFactoryShell\(Default) = {A3777921-CFD3-4A6B-89BF-08E6B95716E8}
-> {HKLM…CLSID} = FormatFactoryShell
\InProcServer32\(Default) = C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_100.dll [Free Time]

Open With\(Default) = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
-> {HKLM…CLSID} = Open With Context Menu Handler
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

Open With EncryptionMenu\(Default) = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
-> {HKLM…CLSID} = Encryption Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\NavShExt.dll" [Symantec Corporation]

{90AA3A4E-1CBA-4233-B8BB-535773D48449}\(Default) = Taskband Pin
-> {HKLM…CLSID} = Taskband Pin
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}\(Default) = Start Menu Pin
-> {HKLM…CLSID} = Start Menu Pin
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

HKLM\Wow3264Node\Software\Classes\*\shellex\ContextMenuHandlers\

HKCU\Software\Classes\*\shellex\CopyHookHandlers\

HKLM\SOFTWARE\Classes\*\shellex\CopyHookHandlers\

HKLM\Wow3264Node\Software\Classes\*\shellex\CopyHookHandlers\

HKCU\Software\Classes\*\shellex\DragDropHandlers\

HKLM\SOFTWARE\Classes\*\shellex\DragDropHandlers\

HKLM\Wow3264Node\Software\Classes\*\shellex\DragDropHandlers\

HKCU\Software\Classes\*\shellex\PropertySheetHandlers\

HKLM\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\

BriefcasePage\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]

BuPropertySheet\(Default) = {B59987EA-25FE-44B4-8802-E4DE67073D8C}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

CryptoSignMenu\(Default) = {7444C719-39BF-11D1-8CD9-00C04FC29D45}
-> {HKLM…CLSID} = CryptSig Class
\InProcServer32\(Default) = C:\Windows\system32\cryptext.dll [MS]

{1f2e5c40-9550-11ce-99d2-00aa006e086c}\(Default) = (no title provided)
-> {HKLM…CLSID} = Security Shell Extension
\InProcServer32\(Default) = C:\Windows\system32\rshx32.dll [MS]

{3EA48300-8CF6-101B-84FB-666CCB9BCD32}\(Default) = OLE DocFile Property Page
-> {HKLM…CLSID} = OLE Docfile Property Page
\InProcServer32\(Default) = C:\Windows\system32\docprop.dll [MS]

{883373C3-BF89-11D1-BE35-080036B11A03}\(Default) = Summary Properties Page
-> {HKLM…CLSID} = Summary Properties Page
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

HKLM\Wow3264Node\Software\Classes\*\shellex\PropertySheetHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ColumnHandlers\

HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\ColumnHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

BackupContextMenuExtension\(Default) = {b1b96b20-da1d-4a3c-92c1-7229b32f2325}
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.BackupContextMenuExtension.BackupContextMenuExtension
\InProcServer32\(Default) = mscoree.dll [MS]

CopyAsPathMenu\(Default) = {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
-> {HKLM…CLSID} = Copy as Path Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

SendTo\(Default) = {7BA4C740-9E81-11CF-99D3-00AA004AE837}
-> {HKLM…CLSID} = Microsoft SendTo Service
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]

HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\

HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\CopyHookHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\DragDropHandlers\

HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\DragDropHandlers\

HKCU\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

PropertySheetExtension1\(Default) = {506d8021-4fcf-446f-bf22-2ad5c3c28109}
-> {HKLM…CLSID} = XPClient.FileSystemBrowser.PropertySheetExtension.PropertySheetExtension1
\InProcServer32\(Default) = mscoree.dll [MS]

{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]

HKLM\Wow3264Node\Software\Classes\AllFilesystemObjects\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\shellex\ColumnHandlers\

HKLM\SOFTWARE\Classes\Directory\shellex\ColumnHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\shellex\ColumnHandlers\

HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\

EncryptionMenu\(Default) = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
-> {HKLM…CLSID} = Encryption Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

FormatFactoryShell\(Default) = {A3777921-CFD3-4A6B-89BF-08E6B95716E8}
-> {HKLM…CLSID} = FormatFactoryShell
\InProcServer32\(Default) = C:\Program Files (x86)\FreeTime\FormatFactory\ShellEx64_100.dll [Free Time]

Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]

HKLM\Wow3264Node\Software\Classes\Directory\shellex\ContextMenuHandlers\

HKCU\Software\Classes\Directory\shellex\CopyHookHandlers\

HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\

FileSystem\(Default) = {217FC9C0-3AEA-1069-A2DB-08002B30309D}
-> {HKLM…CLSID} = Shell Copy Hook
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

Sharing\(Default) = {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

HKLM\Wow3264Node\Software\Classes\Directory\shellex\CopyHookHandlers\

HKCU\Software\Classes\Directory\shellex\DragDropHandlers\

HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\shellex\DragDropHandlers\

HKCU\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKLM\SOFTWARE\Classes\Directory\shellex\PropertySheetHandlers\

Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

{1f2e5c40-9550-11ce-99d2-00aa006e086c}\(Default) = (no title provided)
-> {HKLM…CLSID} = Security Shell Extension
\InProcServer32\(Default) = C:\Windows\system32\rshx32.dll [MS]

{4a7ded0a-ad25-11d0-98a8-0800361b1103}\(Default) = (no title provided)
-> {HKLM…CLSID} = MyFolder menu and properties
\InProcServer32\(Default) = C:\Windows\system32\mydocs.dll [MS]

{596AB062-B4D2-4215-9F74-E9109B0A8153}\(Default) = (no title provided)
-> {HKLM…CLSID} = Previous Versions Property Page
\InProcServer32\(Default) = C:\Windows\system32\twext.dll [MS]

{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}\(Default) = (no title provided)
-> {HKLM…CLSID} = DfsShell Class
\InProcServer32\(Default) = C:\Windows\system32\DfsShlEx.dll [MS]

{ef43ecfe-2ab9-4632-bf21-58909dd177f0}\(Default) = (no title provided)
-> {HKLM…CLSID} = Folder Customization Tab
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

HKLM\Wow3264Node\Software\Classes\Directory\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Directory\Background\shellex\ColumnHandlers\

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ColumnHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\ColumnHandlers\

HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\

Gadgets\(Default) = {6B9228DA-9C15-419e-856C-19E768A13BDC}
-> {HKLM…CLSID} = Windows Desktop Gadgets
\InProcServer32\(Default) = C:\Program Files\Windows Sidebar\sbdrop.dll [MS]

igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM…CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [Intel Corporation]

New\(Default) = {D969A300-E7FF-11d0-A93B-00A0C90F2719}
-> {HKLM…CLSID} = New Menu Handler
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

Sharing\(Default) = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
-> {HKLM…CLSID} = Shell extensions for sharing
\InProcServer32\(Default) = C:\Windows\system32\ntshrui.dll [MS]

HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\

HKCU\Software\Classes\Directory\Background\shellex\CopyHookHandlers\

HKLM\SOFTWARE\Classes\Directory\Background\shellex\CopyHookHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\CopyHookHandlers\

HKCU\Software\Classes\Directory\Background\shellex\DragDropHandlers\

HKLM\SOFTWARE\Classes\Directory\Background\shellex\DragDropHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\DragDropHandlers\

HKCU\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\SOFTWARE\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKLM\Wow3264Node\Software\Classes\Directory\Background\shellex\PropertySheetHandlers\

HKCU\Software\Classes\Folder\shellex\ColumnHandlers\

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\

HKLM\Wow3264Node\Software\Classes\Folder\shellex\ColumnHandlers\

HKCU\Software\Classes\Folder\shellex\ContextMenuHandlers\

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\

BriefcaseMenu\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]

BUContextMenu\(Default) = {F7CAA2A1-67A2-44BB-B20F-202FD8EB1DAB}
-> {HKLM…CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\buShell.dll [Symantec Corporation]

Library Location\(Default) = {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
-> {HKLM…CLSID} = Include In Library Sub Context Menu
\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

MBAMShlExt\(Default) = {57CE581A-0CB6-4266-9CA0-19364C90A0B3}
-> {HKLM…CLSID} = MBAMShlExt Class
\InProcServer32\(Default) = C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll [Malwarebytes Corporation]

Symantec.Norton.Antivirus.IEContextMenu\(Default) = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
-> {HKLM…CLSID} = IEContextMenu Class
\InProcServer32\(Default) = "C:\Program Files (x86)\Norton 360\Engine64\20.2.0.19\NavShExt.dll" [Symantec Corporation]

HKLM\Wow3264Node\Software\Classes\Folder\shellex\ContextMenuHandlers\

HKCU\Software\Classes\Folder\shellex\CopyHookHandlers\

HKLM\SOFTWARE\Classes\Folder\shellex\CopyHookHandlers\

HKLM\Wow3264Node\Software\Classes\Folder\shellex\CopyHookHandlers\

HKCU\Software\Classes\Folder\shellex\DragDropHandlers\

HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\

{BD472F60-27FA-11cf-B8B4-444553540000}\(Default) = (no title provided)
-> {HKLM…CLSID} = Compressed (zipped) Folder Right Drag Handler
\InProcServer32\(Default) = C:\Windows\system32\zipfldr.dll [MS]

HKLM\Wow3264Node\Software\Classes\Folder\shellex\DragDropHandlers\

HKCU\Software\Classes\Folder\shellex\PropertySheetHandlers\

HKLM\SOFTWARE\Classes\Folder\shellex\PropertySheetHandlers\

BriefcasePage\(Default) = {85BBD920-42A0-1069-A2E4-08002B30309D}
-> {HKLM…CLSID} = Briefcase
\InProcServer32\(Default) = C:\Windows\system32\syncui.dll [MS]

HKLM\Wow3264Node\Software\Classes\Folder\shellex\PropertySheetHandlers\

Default executables:
--------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cmd\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.exe\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hta\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pif\UserChoice\

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.scr\UserChoice\

HKLM\SOFTWARE\Classes\.bat\(Default) = batfile
HKLM\SOFTWARE\Classes\batfile\shell\open\command\(Default) = "%1" %*

HKLM\SOFTWARE\Classes\.cmd\(Default) = cmdfile
HKLM\SOFTWARE\Classes\cmdfile\shell\open\command\(Default) = "%1" %*

HKLM\SOFTWARE\Classes\.com\(Default) = comfile
HKLM\SOFTWARE\Classes\comfile\shell\open\command\(Default) = "%1" %*

HKLM\SOFTWARE\Classes\.exe\(Default) = exefile
HKLM\SOFTWARE\Classes\exefile\shell\open\command\(Default) = "%1" %*

HKLM\SOFTWARE\Classes\.hta\(Default) = htafile
HKLM\SOFTWARE\Classes\htafile\shell\open\command\(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

HKLM\SOFTWARE\Classes\.pif\(Default) = piffile
HKLM\SOFTWARE\Classes\piffile\shell\open\command\(Default) = "%1" %*

HKLM\SOFTWARE\Classes\.scr\(Default) = scrfile
HKLM\SOFTWARE\Classes\scrfile\shell\open\command\(Default) = "%1" /S

Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------

Note: detected settings may not have any effect.

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoDriveAutoRun = (REG_DWORD) dword:0x00000020
{Turn off autoplay for drive letter}

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\

NoActiveDesktop = (REG_DWORD) dword:0x00000001
{not in GPedit.msc under Computer Configuration|
Disable Active Desktop and prevent users from enabling it}

ForceActiveDesktopOn = (REG_DWORD) dword:0x00000000
{not in GPedit.msc under Computer Configuration|
Enable Active Desktop and prevent users from disabling it}

NoDriveTypeAutoRun = (REG_DWORD) dword:0x000000FF
{Computer Configuration|Administrative Templates|Windows Components|AutoPlay Policies|
Turn off Autoplay}

NoDriveAutoRun = (REG_DWORD) dword:0x03FFFFFF
{Turn off autoplay for drive letter}

HonorAutorunSetting = (REG_DWORD) dword:0x00000001
{not in GPedit.msc|
Per MSKB 967715, enable Autorun settings in Hotfixes 950582, 967715, and 953252}

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowCpl\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall\

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\

HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\

HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\

HKCU\Software\Policies\Microsoft\Internet Explorer\Download\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Download\

HKCU\Software\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions\

HKCU\Software\Policies\Microsoft\Internet Explorer\Main\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\

HKCU\Software\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS\

HKCU\Software\Policies\Microsoft\Internet Explorer\PhishingFilter\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\PhishingFilter\

HKCU\Software\Policies\Microsoft\Internet Explorer\Privacy\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Privacy\

HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Restrictions\

HKCU\Software\Policies\Microsoft\Internet Explorer\Security\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Security\

HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar\

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Toolbar\

HKCU\Software\Policies\Microsoft\MMC\{0E752416-F29E-4195-A9DD-7F0D4D5A9D71}\

HKCU\Software\Policies\Microsoft\MMC\{0F3621F1-23C6-11D1-AD97-00AA00B88E5A}\

HKCU\Software\Policies\Microsoft\MMC\{0F6B957D-509E-11D1-A7CC-0000F87571E3}\

HKCU\Software\Policies\Microsoft\MMC\{0F6B957E-509E-11D1-A7CC-0000F87571E3}\

HKCU\Software\Policies\Microsoft\MMC\{394C052E-B830-11D0-9A86-00C04FD8DBF7}\

HKCU\Software\Policies\Microsoft\MMC\{58221C66-EA27-11CF-ADCF-00AA00A80033}\

HKCU\Software\Policies\Microsoft\MMC\{58221C67-EA27-11CF-ADCF-00AA00A80033}\

HKCU\Software\Policies\Microsoft\MMC\{5D6179C8-17EC-11D1-9AA9-00C04FD8FE93}\

HKCU\Software\Policies\Microsoft\MMC\{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}\

HKCU\Software\Policies\Microsoft\MMC\{84DE202D-5D95-4764-9014-A46F994CE856}\

HKCU\Software\Policies\Microsoft\MMC\{84DE202E-5D95-4764-9014-A46F994CE856}\

HKCU\Software\Policies\Microsoft\MMC\{8FC0B734-A0E1-11D1-A7D3-0000F87571E3}\

HKCU\Software\Policies\Microsoft\MMC\{975797FC-4E2A-11D0-B702-00C04FD8DBF7}\

HKCU\Software\Policies\Microsoft\MMC\{D02B1F72-3407-48ae-BA88-E8213C6761F1}\

HKCU\Software\Policies\Microsoft\MMC\{D02B1F73-3407-48ae-BA88-E8213C6761F1}\

HKCU\Software\Policies\Microsoft\MMC\{E12BBB5D-D59D-4E61-947A-301D25AE8C23}\

HKCU\Software\Policies\Microsoft\MMC\{FC715823-C5FB-11D1-9EEF-00A0C90347FF}\

HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ac-fe9c-4368-be02-7a4cbb7cbe11}\

HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ad-fe9c-4363-be05-7a4cbb7cb510}\

HKCU\Software\Policies\Microsoft\MMC\FX:{b05566ae-fe9c-4363-be05-7a4cbb7cb510}\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\

HKCU\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4\

HKCU\Software\Policies\Microsoft\Windows\Network Connections\

HKCU\Software\Policies\Microsoft\Windows\System\

HKCU\Software\Policies\Microsoft\Windows\Task Scheduler5.0\

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0\

HKCU\Software\Policies\Microsoft\Windows Defender\

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\

HKCU\Software\Policies\Microsoft\Windows Defender\Real-time Protection\

HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Real-time Protection\

HKCU\Software\Policies\Microsoft\Windows\Windows Error Reporting\

HKLM\SOFTWARE\Policies\Microsoft\Windows\Windows Error Reporting\

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

ConsentPromptBehaviorAdmin = (REG_DWORD) dword:0x00000002
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Administrators In Admin Approval Mode}

ConsentPromptBehaviorUser = (REG_DWORD) dword:0x00000003
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Behavior Of The Elevation Prompt For Standard Users}

Sador27 · Nov 30, 2012

EnableInstallerDetection = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Detect Application Installations And Prompt For Elevation}

EnableLUA = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Run All Administrators In Admin Approval Mode}

EnableSecureUIAPaths = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate UIAccess applications that are installed in secure locations}

EnableUIADesktopToggle = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Allow UIAcess applications to prompt for elevation without using the secure desktop}

EnableVirtualization = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Virtualize file and registry write failures to per-user locations}

PromptOnSecureDesktop = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Switch to the secure desktop when prompting for elevation}

ValidateAdminCodeSignatures = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Only elevate executables that are signed and validated}

dontdisplaylastusername = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Do not display last user name}

legalnoticecaption = (REG_SZ) (empty string)
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Message title for users attempting to log on}

legalnoticetext = (REG_SZ) (empty string)
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Message text for users attempting to log on}

scforceoption = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Interactive logon: Require smart card}

shutdownwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Shutdown: Allow system to be shut down without having to log on}

undockwithoutlogon = (REG_DWORD) dword:0x00000001
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
Devices: Allow undock without having to log on}

FilterAdministratorToken = (REG_DWORD) dword:0x00000000
{Computer Configuration|Windows Settings|Security Settings|Local Policies|Security Options|
User Account Control: Admin Approval Mode for the Built-in Administrator Account}

HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Sad0r\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

Active Desktop web content (hidden if disabled):

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\

Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
SCRNSAVE.EXE = C:\Windows\system32\Bubbles.scr [MS]

IniFileMapping Pointers to .INI Files:
--------------------------------------

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\

System.ini\
drivers32 = SYS:Microsoft\Windows NT\CurrentVersion\Drivers32

system.ini\boot\
(Default) = SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot
SCRNSAVE.EXE = USR:Control Panel\Desktop
Shell = SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

win.ini\
Winlogon = SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
AeDebug = SYS:Microsoft\Windows NT\CurrentVersion\AeDebug
Devices = USR:Software\Microsoft\Windows NT\CurrentVersion\Devices

win.ini\Windows\
(Default) = USR:Software\Microsoft\Windows NT\CurrentVersion\Windows
APPINIT_DLLS = SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

ArcSoftVideoCameraArrival\
Provider = ArcSoft ShowBiz DVD 2
ProgID = Shell.HWEventHandlerShellExecute
InitCmdLine = C:\PROGRA~2\ArcSoft\SHOWBI~1\showbiz.exe /capture
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
-> {HKLM…CLSID} = Shell Execute Hardware Event Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} [MS]

DVDDecrypterPlayDVDMovieOnArrival\
Provider = DVD Decrypter
InvokeProgID = DVDDecrypter
InvokeVerb = PlayDVDMovieOnArrival_Decrypt
HKLM\SOFTWARE\Classes\DVDDecrypter\shell\PlayDVDMovieOnArrival_Decrypt\Command\(Default) = "C:\Program Files (x86)\DVD Decrypter\DVDDecrypter.exe" /MODE READ /SOURCE "%1" [LIGHTNING UK!]

MagicUSBCable\
Provider = @%windir%\system32\migwiz\wet.dll,-588
CLSID = {0C776A5A-FC42-4870-8D65-D62ADD9184FF}
-> {HKLM…CLSID} = Magic USB Cable Class ID
\LocalServer32\(Default) = MigAutoPlay.exe [MS]

MSCDBurningOnArrival\
Provider = @C:\Windows\system32\shell32.dll,-17417
InvokeProgID = Shell.CDBurn
InvokeVerb = Prepare
HKLM\SOFTWARE\Classes\Shell.CDBurn\shell\Prepare\Command\(Default) = C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,PrepareDiscForBurnRunDll %L [MS]

MSCreateRdbCache\
Provider = @C:\Windows\system32\sysmain.dll,-200
InvokeProgID = RDB.AutoPlayHandler
InvokeVerb = properties
HKLM\SOFTWARE\Classes\RDB.AutoPlayHandler\shell\properties\command\(Default) = C:\Windows\system32\rundll32.exe C:\Windows\system32\sysmain.dll,RDBMgmtLaunchProperties %L [MS]

MSDVDArrivalDvdMaker\
Provider = @C:\Program Files\DVD maker\dvdmaker.exe,-61403
InvokeProgID = DVDMaker.DVD
InvokeVerb = burn
HKLM\SOFTWARE\Classes\DVDMaker.DVD\shell\burn\command\(Default) = "C:\Program Files\DVD Maker\dvdmaker.exe" -drive:%L [MS]

MSEnhancedStorageHandler\
Provider = @C:\Windows\system32\EhStorShell.dll,-106
ProgID = EhStorShell.AutoplayHandler
InitCmdLine = Authorize
HKLM\SOFTWARE\Classes\EhStorShell.AutoplayHandler\CLSID\(Default) = {36F54939-CD3B-4C73-92D5-F9A389ED631C}
-> {HKLM…CLSID} = Enhanced Storage Autoplay Handler Class
\InProcServer32\(Default) = C:\Windows\system32\EhStorShell.dll [MS]

MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM…CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]

MSOpenFolder\
Provider = @C:\Windows\system32\shell32.dll,-17411
InvokeProgID = Folder
InvokeVerb = open
HKLM\SOFTWARE\Classes\Folder\shell\open\command\(Default) = C:\Windows\Explorer.exe [MS]

MSPhotoAcqHWEventHandler\
Provider = @C:\Program Files\Windows Photo Viewer\PhotoAcq.dll,-401
ProgID = Microsoft.PhotoAcqHWEventHandler
HKLM\SOFTWARE\Classes\Microsoft.PhotoAcqHWEventHandler\CLSID\(Default) = {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
-> {HKLM…CLSID} = PhotoAcqHWEventHandler
\LocalServer32\(Default) = "C:\Windows\System32\rundll32.exe" "C:\Program Files\Windows Photo Viewer\PhotoAcq.dll",AutoplayComServerW {00f2b433-44e4-4d88-b2b0-2698a0a91dba} [MS]

MSPhotoAcquireDropHandler\
Provider = @C:\Program Files\Windows Photo Viewer\PhotoAcq.dll,-401
InvokeProgID = Microsoft.PhotoAcqDropTarget.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.PhotoAcqDropTarget.1\shell\open\DropTarget\CLSID = {00f20eb5-8fd6-4d9d-b75e-36801766c8f1}
-> {HKLM…CLSID} = PhotoAcqDropTarget
\InProcServer32\(Default) = C:\Program Files\Windows Photo Viewer\PhotoAcq.dll [MS]

MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]

MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /deviceVD "%L" [MS]

MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]

MSPromptEachTime\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTime
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM…CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSPromptEachTimeNoContent\
Provider = @C:\Windows\system32\shell32.dll,-17411
ProgID = Shell.Autoplay
InitCmdLine = PromptEachTimeNoContent
HKLM\SOFTWARE\Classes\Shell.Autoplay\CLSID\(Default) = {995C996E-D918-4a8c-A302-45719A6F4EA7}
-> {HKLM…CLSID} = Shell Hardware Mixed Content Handler
\LocalServer32\(Default) = C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} [MS]

MSSdConfigBackup\
Provider = @C:\Windows\system32\sdautoplay.dll,-100
InvokeProgID = SDConfig.AutoPlayHandler
InvokeVerb = config
HKLM\SOFTWARE\Classes\SDConfig.AutoPlayHandler\shell\config\command\(Default) = C:\Windows\system32\sdclt.exe /CONFIGELEV %L [MS]

MSSdRunBackup\
Provider = @C:\Windows\system32\sdautoplay.dll,-100
InvokeProgID = SDRun.AutoPlayHandler
InvokeVerb = run
HKLM\SOFTWARE\Classes\SDRun.AutoPlayHandler\shell\run\command\(Default) = C:\Windows\system32\sdclt.exe /KICKOFFELEV [MS]

MSWcnImportWireless\
Provider = @C:\Windows\system32\wzcdlg.dll,-2102
InvokeProgID = WCN.AutoPlayHandler
InvokeVerb = open
HKLM\SOFTWARE\Classes\WCN.AutoPlayHandler\shell\open\command\(Default) = C:\Windows\system32\rundll32.exe C:\Windows\system32\wzcdlg.dll,ImportFlashProfile %L [MS]

MSWMDMHandler\
Provider = @wmploc.dll,-6502
ProgID = WMP.Device
HKLM\SOFTWARE\Classes\WMP.Device\CLSID\(Default) = {94E03510-31B9-47a0-A44E-E932AC86BB17}
-> {HKLM…CLSID} = Windows Media Player Device Autoplay
\LocalServer32\(Default) = "C:\Program Files\Windows Media Player\wmlaunch.exe" [MS]

MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]

MSWPDNetworkConfigHandler\
Provider = @C:\Windows\system32\wpdshext.dll,-503
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
InitCmdLine = /NetworkConfig;rundll32;xwizards.dll,RunWizard {34c219bd-85c1-4338-95e8-788a36901dc2} /z %s
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

MSWPDShellNamespaceHandler\
Provider = @C:\Windows\system32\wpdshext.dll,-501
CLSID = {A55803CC-4D53-404c-8557-FD63DBA95D24}
-> {HKLM…CLSID} = WPDShextAutoplay
\LocalServer32\(Default) = C:\Windows\system32\WPDShextAutoplay.exe [MS]

P2GCDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankCD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

P2GDVDBurningOnArrival\
Provider = Power2Go
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPower2Go
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" "%L" [CyberLink Corp.]

Power2GoPlayCDAudioOnArrival\
Provider = Power2Go
InvokeProgID = AudioCD
InvokeVerb = PlayWithPower2Go
HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithPower2Go\Command\(Default) = "C:\Program Files (x86)\CyberLink\Power2Go\Power2Go.exe" /AudioRipper "%L" [CyberLink Corp.]

PStarterBlankCDArrival\
Provider = Media Suite
InvokeProgID = BlankCD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankCD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterDVDBurningOnArrival\
Provider = Media Suite
InvokeProgID = BlankDVD
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\BlankDVD\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMixedCDArrival\
Provider = Media Suite
InvokeProgID = MixedContent
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MixedContent\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterMusicFilesArrival\
Provider = Media Suite
InvokeProgID = MusicFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\MusicFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterPicturesArrival\
Provider = Media Suite
InvokeProgID = Picture
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\Picture\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

PStarterVideoFilesArrival\
Provider = Media Suite
InvokeProgID = VideoFiles
InvokeVerb = OpenWithPowerStarter
HKLM\SOFTWARE\Classes\VideoFiles\shell\OpenWithPowerStarter\Command\(Default) = "C:\Program Files (x86)\CyberLink\Media Suite\PS.exe" "%L" [CyberLink Corp.]

VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = play
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\play\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda://%1 [the VideoLAN Team]

VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = play
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\play\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd://%1 [the VideoLAN Team]

DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------

C:\$Recycle.Bin\S-1-5-21-3254260356-3574314768-983753981-1000\DESKTOP.INI
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

C:\$Recycle.Bin\S-1-5-21-3254260356-3574314768-983753981-500\DESKTOP.INI
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

C:\Users\Sad0r\AppData\Local\History\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\History\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\History\Low\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\History\Low\History.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Users\Sad0r\AppData\Local\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\assembly\DESKTOP.INI
[.ShellClassInfo]
CLSID={1D2680C9-0E2A-469d-B787-065558BC7D43}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\system32\mscoree.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\mscoree.dll [MS]

C:\Windows\Fonts\DESKTOP.INI
[.ShellClassInfo]
CLSID={BD84B380-8CA2-1069-AB1D-08000948F534}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\system32\fontext.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\system32\fontext.dll [MS]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\DESKTOP.INI
[.ShellClassInfo]
CLSID={FF393560-C2A7-11CF-BFF4-444553540000}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HM69YR8O\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OKG9U2FZ\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RGUQFBA3\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TXA1G3IW\DESKTOP.INI
[.ShellClassInfo]
UICLSID={7BD29E00-76C1-11CF-9DD0-00A0C9034933}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

Permission Errors on C:
C:\Documents and Settings, C:\ProgramData\Application Data, C:\ProgramData\Desktop
C:\ProgramData\Documents, C:\ProgramData\Favorites
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp, C:\ProgramData\Start Menu
C:\ProgramData\Templates, C:\Qoobox\BackEnv, C:\Users\All Users\Application Data
C:\Users\All Users\Desktop, C:\Users\All Users\Documents, C:\Users\All Users\Favorites
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine
C:\Users\All Users\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp
C:\Users\All Users\Start Menu, C:\Users\All Users\Templates
C:\Users\Default\AppData\Local\Application Data, C:\Users\Default\AppData\Local\History
C:\Users\Default\AppData\Local\Temporary Internet Files, C:\Users\Default\Application Data
C:\Users\Default\Documents\My Music, C:\Users\Default\Documents\My Pictures
C:\Users\Default\Documents\My Videos, C:\Users\Default\Local Settings, C:\Users\Default\My Documents
C:\Users\Default\NetHood, C:\Users\Default\PrintHood, C:\Users\Default\Recent
C:\Users\Default\SendTo, C:\Users\Default\Start Menu, C:\Users\Default\Templates
C:\Users\Default User, C:\Users\Public\Documents\My Music, C:\Users\Public\Documents\My Pictures
C:\Users\Public\Documents\My Videos, C:\Users\Sad0r\AppData\Local\Application Data
C:\Users\Sad0r\AppData\Local\History, C:\Users\Sad0r\AppData\Local\Temporary Internet Files
C:\Users\Sad0r\Application Data, C:\Users\Sad0r\Cookies, C:\Users\Sad0r\Documents\My Music
C:\Users\Sad0r\Documents\My Pictures, C:\Users\Sad0r\Documents\My Videos
C:\Users\Sad0r\Local Settings, C:\Users\Sad0r\My Documents, C:\Users\Sad0r\NetHood
C:\Users\Sad0r\PrintHood, C:\Users\Sad0r\Recent, C:\Users\Sad0r\SendTo, C:\Users\Sad0r\Start Menu
C:\Users\Sad0r\Templates, C:\Windows\System32\LogFiles\WMI\RtBackup

D:\$RECYCLE.BIN\S-1-5-21-3254260356-3574314768-983753981-1000\DESKTOP.INI
[.ShellClassInfo]
CLSID={645FF040-5081-101B-9F08-00AA002F954E}
-> {HKLM…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]
-> {HKLM…Wow…CLSID}\InProcServer32\(Default) = C:\Windows\system32\shell32.dll [MS]

Startup items in "Sad0r" & "All Users" startup folders:
-------------------------------------------------------

C:\Users\Sad0r\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher -> shortcut to: C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [ASUSTeK Computer Inc.]
Secunia PSI Tray -> shortcut to: C:\Program Files (x86)\Secunia\PSI\psi_tray.exe [Secunia]

Windows Sidebar Gadgets:
------------------------

C:\Users\Sad0r\AppData\Local\Microsoft\Windows Sidebar\Settings.ini

Non-disabled Scheduled Tasks:
-----------------------------

C:\Windows\System32\Tasks
ASUS Live Update -> launches: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [null data]
ASUS P4G -> launches: C:\Program Files\ASUS\P4G\BatteryLife.exe [ASUS]
ASUS Quick Gesture -> launches: C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [ASUSTeK Computer Inc.]
ASUS Quick Gesture (x64) -> launches: C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [ASUSTeK Computer Inc.]
ASUS USB Charger Plus -> launches: "C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [ASUSTek Computer Inc.]
ATKOSD2 -> launches: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [ASUSTek Computer Inc.]
Norton WSC Integration -> (HIDDEN!) launches: "C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\WSCStub.exe" /taskschd [Symantec Corporation]
SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM…Wow…CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\AppID
PolicyConverter -> launches: %windir%\system32\appidpolicyconverter.exe [MS]
VerifiedPublisherCertStoreCheck -> launches: %windir%\system32\appidcertstorecheck.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM…Wow…CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM…CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM…Wow…CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM…CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM…Wow…CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Media Center
ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS]
ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS]
DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS]
ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS]
InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS]
mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS]
mcupdate_scheduled -> launches: %SystemRoot%\ehome\mcupdate -crl -hms -pscn 15 [MS]
MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS]
ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS]
OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS]
OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS]
PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS]
PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS]
PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS]
PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS]
PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS]
RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS]
ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS]
SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS]
StartRecording -> launches: %SystemRoot%\ehome\ehrec /StartRecording [MS]
UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM…CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM…CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\MUI
Lpksetup -> launches: C:\Windows\System32\lpksetup.exe -v [MS]
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
Mcbuilder -> launches: C:\Windows\System32\mcbuilder.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM…Wow…CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]

Sador27 · Nov 30, 2012

C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM…Wow…CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM…CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM…CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SideShow
GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61}
-> {HKLM…CLSID} = GadgetsManager Class
\InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TabletPC
InputPersonalization -> launches: %CommonProgramFiles%\Microsoft Shared\Ink\InputPersonalization.exe [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM…Wow…CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM…Wow…CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM…Wow…CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies
ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS]
ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]

C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
AutomaticBackup -> launches: %systemroot%\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup [MS]
Windows Backup Monitor -> launches: %systemroot%\system32\sdclt.exe /CHECKSKIPPED [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]

C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM…Wow…CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]

C:\Windows\System32\Tasks\Norton 360
Norton Error Analyzer -> launches: C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\SymErr.exe /analyze [Symantec Corporation]
Norton Error Processor -> launches: C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\SymErr.exe /submit [Symantec Corporation]

C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-3254260356-3574314768-983753981-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000007\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\

HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8DCB7100-DF86-4384-8842-8FA844297B3F} = Bing
-> {HKLM…Wow…CLSID} = Bing Bar
\InProcServer32\(Default) = "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" [Microsoft Corporation.]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} = Norton Toolbar
-> {HKLM…Wow…CLSID} = Norton Toolbar
\InProcServer32\(Default) = C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\coIEPlg.dll [Symantec Corporation]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = IE Search Band
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]

HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30D02401-6A81-11D0-8274-00C04FD5AE38}\(Default) = IE Search Band
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\Windows\SysWOW64\ieframe.dll [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\

HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions\

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM…Wow…CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]

Internet Explorer Address Prefixes:
-----------------------------------

Prefix for bare domain ("domain-name-here.com")

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Default Prefix\
(Default) = http://

Prefix for specific service (I.e., "www")

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\
mosaic = http://
www = http://
home = http://
ftp = ftp://

Miscellaneous IE Hijack Points
------------------------------

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} = (no title provided)
-> {HKLM…CLSID} = Microsoft Url Search Hook
\InProcServer32\(Default) = C:\Windows\System32\ieframe.dll [MS]

HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\
blank = res://mshtml.dll/blank.htm [MS]
NoAdd-onsInfo = res://ieframe.dll/noaddoninfo.htm [MS]
InPrivate = res://ieframe.dll/inprivate.htm [MS]
NavigationFailure = res://ieframe.dll/navcancl.htm [MS]
NoAdd-ons = res://ieframe.dll/noaddon.htm [MS]
Home = dword:0x0000010E
PostNotCached = res://ieframe.dll/repost.htm [MS]
DesktopItemNavigationFailure = res://ieframe.dll/navcancl.htm [MS]
NavigationCanceled = res://ieframe.dll/navcancl.htm [MS]
OfflineInformation = res://ieframe.dll/offcancl.htm [MS]
SecurityRisk = res://ieframe.dll/securityatrisk.htm [MS]

HOSTS file
----------

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
DataBasePath = C:\Windows\System32\drivers\etc

C:\Windows\System32\drivers\etc\HOSTS

maps: no domain names to IP addresses

All Running Services (Display Name, Service Name, Path {Service DLL}):
----------------------------------------------------------------------

AFBAgent, AFBAgent, "C:\Windows\system32\FBAgent.exe" [ASUSTeK Computer Inc.]
Application Experience, AeLookupSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\aelupsvc.dll [MS]}
Application Information, Appinfo, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\appinfo.dll [MS]}
ASLDR Service, ASLDRService, C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [ASUS]
ASUS InstantOn Service, ASUS InstantOn, C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [ASUS]
ATKGFNEX Service, ATKGFNEXSrv, C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [ASUS]
Background Intelligent Transfer Service, BITS, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\qmgr.dll [MS]}
Base Filtering Engine, BFE, C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork {C:\Windows\System32\bfe.dll [MS]}
Certificate Propagation, CertPropSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\certprop.dll [MS]}
CNG Key Isolation, KeyIso, C:\Windows\system32\lsass.exe [MS]
COM+ Event System, EventSystem, C:\Windows\system32\svchost.exe -k LocalService {C:\Windows\system32\es.dll [MS]}
Cryptographic Services, CryptSvc, C:\Windows\system32\svchost.exe -k NetworkService {C:\Windows\system32\cryptsvc.dll [MS]}
DCOM Server Process Launcher, DcomLaunch, C:\Windows\system32\svchost.exe -k DcomLaunch {C:\Windows\system32\rpcss.dll [MS]}
Desktop Window Manager Session Manager, UxSms, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\uxsms.dll [MS]}
DHCP Client, Dhcp, C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\system32\dhcpcore.dll [MS]}
Diagnostic Policy Service, DPS, C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork {C:\Windows\system32\dps.dll [MS]}
Diagnostic Service Host, WdiServiceHost, C:\Windows\System32\svchost.exe -k LocalService {C:\Windows\system32\wdi.dll [MS]}
Diagnostic System Host, WdiSystemHost, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\system32\wdi.dll [MS]}
Distributed Link Tracking Client, TrkWks, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\trkwks.dll [MS]}
DNS Client, Dnscache, C:\Windows\system32\svchost.exe -k NetworkService {C:\Windows\System32\dnsrslvr.dll [MS]}
Encrypting File System (EFS), EFS, C:\Windows\System32\lsass.exe [MS]
Extensible Authentication Protocol, EapHost, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\eapsvc.dll [MS]}
Function Discovery Provider Host, fdPHost, C:\Windows\system32\svchost.exe -k LocalService {C:\Windows\system32\fdPHost.dll [MS]}
Function Discovery Resource Publication, FDResPub, C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation {C:\Windows\system32\fdrespub.dll [MS]}
Group Policy Client, gpsvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\gpsvc.dll [MS]}
HomeGroup Provider, HomeGroupProvider, C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\system32\provsvc.dll [MS]}
Human Interface Device Access, hidserv, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\system32\hidserv.dll [MS]}
IKE and AuthIP IPsec Keying Modules, IKEEXT, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\ikeext.dll [MS]}
Intel(R) Capability Licensing Service Interface, Intel(R) Capability Licensing Service Interface, "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [Intel(R) Corporation]
Intel(R) Dynamic Application Loader Host Interface Service, jhi_service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [Intel Corporation]
Intel(R) Management and Security Application Local Management Service, LMS, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [Intel Corporation]
Intel(R) Management and Security Application User Notification Service, UNS, "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [Intel Corporation]
Intel(R) ME Service, Intel(R) ME Service, C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [null data]
IP Helper, iphlpsvc, C:\Windows\System32\svchost.exe -k NetSvcs {C:\Windows\System32\iphlpsvc.dll [MS]}
IPsec Policy Agent, PolicyAgent, C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted {C:\Windows\System32\ipsecsvc.dll [MS]}
Multimedia Class Scheduler, MMCSS, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\mmcss.dll [MS]}
Network Connections, Netman, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\netman.dll [MS]}
Network List Service, netprofm, C:\Windows\System32\svchost.exe -k LocalService {C:\Windows\System32\netprofm.dll [MS]}
Network Location Awareness, NlaSvc, C:\Windows\System32\svchost.exe -k NetworkService {C:\Windows\System32\nlasvc.dll [MS]}
Network Store Interface Service, nsi, C:\Windows\system32\svchost.exe -k LocalService {C:\Windows\system32\nsisvc.dll [MS]}
Norton 360, N360, "C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\ccSvcHst.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\20.2.0.19\diMaster.dll" /prefetch:1 [Symantec Corporation]
Plug and Play, PlugPlay, C:\Windows\system32\svchost.exe -k DcomLaunch {C:\Windows\system32\umpnpmgr.dll [MS]}
Power, Power, C:\Windows\system32\svchost.exe -k DcomLaunch {C:\Windows\system32\umpo.dll [MS]}
Print Spooler, Spooler, C:\Windows\System32\spoolsv.exe [MS]
Program Compatibility Assistant Service, PcaSvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\pcasvc.dll [MS]}
Remote Procedure Call (RPC), RpcSs, C:\Windows\system32\svchost.exe -k rpcss {C:\Windows\system32\rpcss.dll [MS]}
RPC Endpoint Mapper, RpcEptMapper, C:\Windows\system32\svchost.exe -k RPCSS {C:\Windows\System32\RpcEpMap.dll [MS]}
SeaPort, SeaPort, "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" [MS]
Secunia PSI Agent, Secunia PSI Agent, "C:\Program Files (x86)\Secunia\PSI\PSIA.exe" --start-service [Secunia]
Secunia Update Agent, Secunia Update Agent, "C:\Program Files (x86)\Secunia\PSI\sua.exe" --start-service [Secunia]
Security Accounts Manager, SamSs, C:\Windows\system32\lsass.exe [MS]
Security Center, wscsvc, C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\System32\wscsvc.dll [MS]}
Server, LanmanServer, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\srvsvc.dll [MS]}
Shell Hardware Detection, ShellHWDetection, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\System32\shsvcs.dll [MS]}
Smart Card, SCardSvr, C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation {C:\Windows\System32\SCardSvr.dll [MS]}
SSDP Discovery, SSDPSRV, C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation {C:\Windows\System32\ssdpsrv.dll [MS]}
Superfetch, SysMain, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\system32\sysmain.dll [MS]}
System Event Notification Service, SENS, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\System32\sens.dll [MS]}
Tablet PC Input Service, TabletInputService, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\TabSvc.dll [MS]}
Task Scheduler, Schedule, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\schedsvc.dll [MS]}
TCP/IP NetBIOS Helper, lmhosts, C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\System32\lmhsvc.dll [MS]}
Themes, Themes, C:\Windows\System32\svchost.exe -k netsvcs {C:\Windows\system32\themeservice.dll [MS]}
User Profile Service, ProfSvc, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\profsvc.dll [MS]}
Windows Audio, AudioSrv, C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\System32\Audiosrv.dll [MS]}
Windows Audio Endpoint Builder, AudioEndpointBuilder, C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\Audiosrv.dll [MS]}
Windows Backup, SDRSVC, C:\Windows\system32\svchost.exe -k SDRSVC {C:\Windows\System32\SDRSVC.dll [MS]}
Windows Defender, WinDefend, C:\Windows\System32\svchost.exe -k secsvcs {C:\Program Files\Windows Defender\mpsvc.dll [MS]}
Windows Driver Foundation - User-mode Driver Framework, wudfsvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\WUDFSvc.dll [MS]}
Windows Event Log, eventlog, C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted {C:\Windows\System32\wevtsvc.dll [MS]}
Windows Firewall, MpsSvc, C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork {C:\Windows\system32\mpssvc.dll [MS]}
Windows Font Cache Service, FontCache, C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation {C:\Windows\system32\FntCache.dll [MS]}
Windows Image Acquisition (WIA), stisvc, C:\Windows\system32\svchost.exe -k imgsvc {C:\Windows\System32\wiaservc.dll [MS]}
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Windows Management Instrumentation, Winmgmt, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\wbem\WMIsvc.dll [MS]}
Windows Media Player Network Sharing Service, WMPNetworkSvc, "C:\Program Files\Windows Media Player\wmpnetwk.exe" [MS]
Windows Presentation Foundation Font Cache 3.0.0.0, FontCache3.0.0.0, C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [MS]
Windows Search, WSearch, C:\Windows\system32\SearchIndexer.exe /Embedding [MS]
Windows Update, wuauserv, C:\Windows\system32\svchost.exe -k netsvcs {C:\Windows\system32\wuaueng.dll [MS]}
WinHTTP Web Proxy Auto-Discovery Service, WinHttpAutoProxySvc, C:\Windows\system32\svchost.exe -k LocalService {winhttp.dll [MS]}
WLAN AutoConfig, Wlansvc, C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted {C:\Windows\System32\wlansvc.dll [MS]}
Workstation, LanmanWorkstation, C:\Windows\System32\svchost.exe -k NetworkService {C:\Windows\System32\wkssvc.dll [MS]}

Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------

HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\

<<!>> 00705352.sys, Driver
<<!>> 08657672.sys, Driver
<<!>> 77118655.sys, Driver
<<!>> 95310364.sys, Driver
<<!>> 97384014.sys, Driver
AppInfo, Service
AppMgmt, Service
Base, Driver Group
Boot Bus Extender, Driver Group
Boot file system, Driver Group
CryptSvc, Service
DcomLaunch, Service
EFS, Service
EventLog, Service
File system, Driver Group
Filter, Driver Group
HelpSvc, Service
KeyIso, Service
<<!>> MCODS,
Netlogon, Service
NTDS, Service
PCI Configuration, Driver Group
PlugPlay, Service
PNP Filter, Driver Group
Power, Service
Primary disk, Driver Group
ProfSvc, Service
RpcEptMapper, Service
RpcSs, Service
sacsvr, Service
SCSI Class, Driver Group
sermouse.sys, Driver
SWPRV, Service
System Bus Extender, Driver Group
TabletInputService, Service
TBS, Service
TrustedInstaller, Service
VDS, Service
vga.sys, Driver
vgasave.sys, Driver
vmms, Service
volmgr.sys, Driver
volmgrx.sys, Driver
WinDefend, Service
WinMgmt, Service
WudfPf, Driver
WudfRd, Driver
WudfSvc, Service
{36FC9E60-C465-11CF-8056-444553540000}, Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318}, CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318}, DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318}, Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318}, Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318}, Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318}, Mouse
{4D36E977-E325-11CE-BFC1-08002BE10318}, PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318}, SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318}, System
{4D36E980-E325-11CE-BFC1-08002BE10318}, Floppy disk drive
{533C5B84-EC70-11D2-9505-00C04F79DEAF}, Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}, IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F}, Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}, SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}, SecurityDevices

HKLM\System\CurrentControlSet\Control\SafeBoot\Network\

<<!>> 00705352.sys, Driver
<<!>> 08657672.sys, Driver
<<!>> 77118655.sys, Driver
<<!>> 95310364.sys, Driver
<<!>> 97384014.sys, Driver
AFD, Service
AppInfo, Service
AppMgmt, Service
Base, Driver Group
BFE, Service
Boot Bus Extender, Driver Group
Boot file system, Driver Group
bowser, Driver
Browser, Service
CryptSvc, Service
DcomLaunch, Service
dfsc, Driver
Dhcp, Service
DnsCache, Service
Dot3Svc, Service
Eaphost, Service
EFS, Service
EventLog, Service
File system, Driver Group
Filter, Driver Group
HelpSvc, Service
IKEEXT, Service
ipnat.sys, Driver
KeyIso, Service
LanmanServer, Service
LanmanWorkstation, Service
LmHosts, Service
<<!>> MCODS,
Messenger, Service
MPSDrv, Driver
MPSSvc, Service
mrxsmb, Driver
mrxsmb10, Driver
mrxsmb20, Driver
NativeWifiP, Service
NDIS, Driver Group
NDIS Wrapper, Driver Group
ndiscap, Driver
Ndisuio, Service
NetBIOS, Service
NetBIOSGroup, Driver Group
NetBT, Service
NetDDEGroup, Driver Group
Netlogon, Service
NetMan, Service
netprofm, Service
Network, Driver Group
NetworkProvider, Driver Group
NlaSvc, Service
Nsi, Service
nsiproxy.sys, Driver
NTDS, Service
PCI Configuration, Driver Group
PlugPlay, Service
PNP Filter, Driver Group
PNP_TDI, Driver Group
PolicyAgent, Service
Power, Service
Primary disk, Driver Group
ProfSvc, Service
rdbss, Driver
rdpencdd.sys, Driver
rdsessmgr, Service
RpcEptMapper, Service
RpcSs, Service
sacsvr, Service
SCardSvr, Service
SCSI Class, Driver Group
sermouse.sys, Driver
SharedAccess, Service
Streams Drivers, Driver Group
SWPRV, Service
System Bus Extender, Driver Group
TabletInputService, Service
TBS, Service
Tcpip, Service
TDI, Driver Group
TrustedInstaller, Service
VaultSvc, Service
VDS, Service
vga.sys, Driver
vgasave.sys, Driver
vmms, Service
volmgr.sys, Driver
volmgrx.sys, Driver
WinDefend, Service
WinMgmt, Service
Wlansvc, Service
WudfPf, Driver
WudfRd, Driver
WudfSvc, Service
WudfUsbccidDriver, Driver
{36FC9E60-C465-11CF-8056-444553540000}, Universal Serial Bus controllers
{4D36E965-E325-11CE-BFC1-08002BE10318}, CD-ROM Drive
{4D36E967-E325-11CE-BFC1-08002BE10318}, DiskDrive
{4D36E969-E325-11CE-BFC1-08002BE10318}, Standard floppy disk controller
{4D36E96A-E325-11CE-BFC1-08002BE10318}, Hdc
{4D36E96B-E325-11CE-BFC1-08002BE10318}, Keyboard
{4D36E96F-E325-11CE-BFC1-08002BE10318}, Mouse
{4D36E972-E325-11CE-BFC1-08002BE10318}, Net
{4D36E973-E325-11CE-BFC1-08002BE10318}, NetClient
{4D36E974-E325-11CE-BFC1-08002BE10318}, NetService
{4D36E975-E325-11CE-BFC1-08002BE10318}, NetTrans
{4D36E977-E325-11CE-BFC1-08002BE10318}, PCMCIA Adapters
{4D36E97B-E325-11CE-BFC1-08002BE10318}, SCSIAdapter
{4D36E97D-E325-11CE-BFC1-08002BE10318}, System
{4D36E980-E325-11CE-BFC1-08002BE10318}, Floppy disk drive
{50DD5230-BA8A-11D1-BF5D-0000F805F530}, Smart card readers
{533C5B84-EC70-11D2-9505-00C04F79DEAF}, Volume shadow copy
{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}, IEEE 1394 Bus host controllers
{71A27CDD-812A-11D0-BEC7-08002BE2092F}, Volume
{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}, Human Interface Devices
{D48179BE-EC20-11D1-B6B8-00C04FA372A7}, SBP2 IEEE 1394 Devices
{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}, SecurityDevices

Accessibility Tools:
--------------------

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Accessibility\
Configuration = (value not set)

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility\
Configuration = (value not set)

Keyboard Driver Filters:
------------------------

HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}\
UpperFilters = kbdclass [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Local Port\Driver = localspl.dll [MS]
Microsoft Shared Fax Monitor\Driver = FXSMON.DLL [MS]
Standard TCP/IP Port\Driver = tcpmon.dll [MS]
USB Monitor\Driver = usbmon.dll [MS]
WSD Port\Driver = WSDMon.dll [MS]

-- (total run time: 63 seconds)
<<!>>: Suspicious data at a malware launch point.

Sador27 · Nov 30, 2012

Hey DMJ I cant find anything on those dodgy looking drivers under HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ and here are a couple of logs from cureit which dont look right they arent in total they were too long so just copied some dodgy bits

Dr.Web Scanner SE for Windows v7.0.2.05020
(c) Doctor Web, Ltd., 1992-2012
Scan session started 2012:09:19 07:29:35
Module location : C:\Users\Sad0r\AppData\Local\Temp\154BAA38-1AF7D060-B1523AF7-48BF6C62\
=============================================================================
OPTION AdminRightsNo
OPTION AutoApplyActionNo
OPTION TurnOffComputerNo
OPTION UseSoundsNo
OPTION BlockNetworkNo
Using language : English
Using C:\Users\Sad0r\AppData\Local\Temp\154BAA38-1AF7D060-B1523AF7-48BF6C62\ecv7vsfq.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
=============================================================================
Dr.Web Scanner SE for Windows v7.0.2.05020
(c) Doctor Web, Ltd., 1992-2012
Scan session started 2012:09:19 07:30:31
Module location : C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\
=============================================================================
OPTION AdminRightsNo
OPTION AutoApplyActionNo
OPTION TurnOffComputerNo
OPTION UseSoundsNo
OPTION BlockNetworkNo
Using language : English
Using C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\ecv7vsfq.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
Available instances: 12
Instances used: 11
Platform: Windows 7 Premium x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 7.0.1.5020
Virus Finding Engine version: 7.0.2.4281
Total 68 virus bases are loaded from C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923
qjbxvxwa 7.0 3e072b8acee37a003a4ab009031d07fe 2012/09/19 05:03:20 1509 records - OK
eby608gy 7.0 b9d94c688c2f992a5fb753a95493b786 2011/07/26 00:20:03 1 record - OK
xas6elt1 7.0 bd93f8d30a154dcb3c30a5caad30762d 2012/09/19 05:03:25 4658 records - OK
mn89iafs 7.0 21534a94390a2e6640dfb1b7d8a9fd60 2012/09/17 13:05:43 11686 records - OK
d1m3lbt4 7.0 b8491d67044914e522f86febf4ab4adb 2012/09/10 13:04:34 12677 records - OK
hvye00kf 7.0 e47a62b2e05112b5289fb6ff20eb66a9 2012/09/03 13:05:28 10118 records - OK
61emyubz 7.0 614464d9b912155e7d9e698d6d870ed1 2012/08/27 13:05:26 12602 records - OK
jtidaagk 7.0 ed8d7ebd237d6f77fb18ce304e949810 2012/08/20 13:04:05 18298 records - OK
nblnb01d 7.0 2d42833088267273612ba412753fbb55 2012/08/13 13:05:19 17126 records - OK
06udial3 7.0 d3c1de8bff5cbde0bcbe4e6d138f8e46 2012/08/06 13:03:53 20539 records - OK
wvusc3jz 7.0 c78566c2c5ac022255771e63a1466872 2012/07/30 13:05:26 19330 records - OK
9b33kqia 7.0 84a092b0ef2df74dd310b815b21582d2 2012/07/23 13:05:34 19692 records - OK
7lbp04zn 7.0 3723d09d29bc782d3ae6d30d6f4fd592 2012/07/16 13:05:43 14727 records - OK
lvbvuwya 7.0 deac986b4d290a35d14f4422433af5f8 2012/07/09 13:04:33 19485 records - OK
7xnxj3sa 7.0 e6f122a65122ad41aa3b9444e5d636ff 2012/07/02 13:04:55 22898 records - OK
jfl12dp0 7.0 c9407f85adac1b27f8ae15134373df8e 2012/06/25 13:05:17 20551 records - OK
0byvsfpo 7.0 3476198c6f6f0036f34bbc42a570afd3 2012/06/18 13:03:35 9661 records - OK
2vamk9gb 7.0 1394fc1924b4bbaa7215a67e2207a19e 2012/06/11 13:04:32 23632 records - OK
s7v2tz78 7.0 c612d8a0424c03f90ec558c059300a37 2012/06/04 13:04:41 12423 records - OK
5xd0of0c 7.0 3536d9ae353011c5a2ae9c49b8df482f 2012/05/28 13:04:26 15493 records - OK
oxilio3e 7.0 92392c2b8b88d6fb1da9eafa4dd71e08 2012/05/21 13:03:29 13065 records - OK
pweqa9l8 7.0 aacf0516bb16a10879bbe0bfc4103df0 2012/05/14 13:04:24 16238 records - OK
v444t0ha 7.0 44d29e2ccb066f15bdd74b68e6f678f2 2012/05/07 13:04:33 11570 records - OK
qfcm9pcs 7.0 223fca8835e0f743a8253c2f3926635e 2012/04/30 13:03:28 15478 records - OK
el8p9gvk 7.0 79aeb3a6e5a8ef62bfdd2a5f18c1216b 2012/04/23 13:05:05 11881 records - OK
kop0yygt 7.0 d736d5af62365a48d6df0c576e142049 2012/04/16 13:03:29 13578 records - OK
7umpv0t6 7.0 514bf65528a21da1ff63b6cbcfed392a 2012/04/09 13:05:02 14292 records - OK
93j9mv9i 7.0 aa333f70731106e42fe621620f11be77 2012/04/02 13:03:24 14084 records - OK
yxap8fom 7.0 6116ca417266c84af723605412cf866b 2012/03/26 14:04:43 19126 records - OK
byt0pp51 7.0 9c72fdd2be21a72a62518eec40681cee 2012/03/19 14:03:23 14920 records - OK
6ek8ar2x 7.0 eb4aaab85447f2426ff171d55c8e7e61 2012/03/12 14:03:25 19017 records - OK
kcv09zbs 7.0 2495da734e05b8097320a4473b1eea28 2012/03/05 14:04:32 19691 records - OK
mfjzebu0 7.0 71e19e94d1c1bf5d585c2135763c1c7b 2012/02/27 14:03:21 23605 records - OK
8vrrmoj2 7.0 1e1d4493cad242dc7c69e29c5957e2c7 2012/02/20 14:03:45 19067 records - OK
vihxgm8q 7.0 9a3c6dad8079517daa9984b7244bcc31 2012/02/13 14:04:49 19019 records - OK
mzsv9jru 7.0 daacbf3c71802809a1d03cf2eaa130e7 2012/02/06 14:05:25 28028 records - OK
v7pe8omi 7.0 1a070b574148c5d2f33d1ac7521f4585 2012/01/30 14:08:41 29444 records - OK
dcxyp9vo 7.0 2be52ecb2647685f3199958e23467673 2012/01/23 19:22:13 19353 records - OK
jzxqk84d 7.0 ad3910b450b231bb0c6d1beca85e9009 2012/01/16 14:12:31 20747 records - OK
oa51i74u 7.0 13a2b180c0cac36b6a538ca07da6584e 2012/01/09 14:04:30 28052 records - OK
ko0m9vsn 7.0 b30385e4765848e07e201792adbbcaa0 2012/01/02 14:04:40 12183 records - OK
b0fqc4c6 7.0 dd53038bb0520641a64574ab56267cf4 2011/12/26 14:03:33 19984 records - OK
0weweiz0 7.0 35ffbffd359457dc1ff11eb006ae2d70 2011/12/19 14:08:45 22627 records - OK
bbjj7u1b 7.0 043b3fcfbd0cf7d6d1d9743b6c74d835 2011/12/13 07:20:22 49580 records - OK
whwrchpm 7.0 ab632362ebcf39cb6f1826f38b255c12 2011/12/04 19:00:00 45195 records - OK
ggbu14f3 7.0 876707f6f37fe48d1e6010d6be55d284 2011/12/04 18:00:00 171075 records - OK
y43lhaf7 7.0 f6d020c7e08df3aeb99631829756d4c5 2011/12/04 17:00:00 170820 records - OK
b1kuc7dj 7.0 2e12236d21f7f66132625f83921f3235 2011/12/04 16:00:00 171279 records - OK
882g98by 7.0 eaee6c83ba62620a5118df44b3e0a3a6 2011/12/04 15:00:00 170253 records - OK
n3ivz7zn 7.0 e31126ff36b01981b64f81570db34a8c 2011/12/04 14:00:00 170291 records - OK
woinb8tx 7.0 16cd2b4085458728c92bef8a07fd3608 2011/12/04 13:00:00 170501 records - OK
ll0v0mg7 7.0 cb9f40076e3b8bae0eb7c5345bfbd738 2011/12/04 12:00:00 353582 records - OK
3nz75zt2 7.0 1f24c5ce5f84c30ee604199036388dac 2011/12/04 11:00:00 852776 records - OK
vgcgbkip 7.0 7d7f670c4652dcb24bdb379ab8267f82 2012/09/19 04:51:02 1327 records - OK
6vky9fxq 7.0 08329098e83625a844bbf888258de2ae 2012/06/25 13:12:36 1421 records - OK
ybet5tnl 7.0 7a40beb8607237a6d144a6674d07a481 2012/03/26 14:12:30 1385 records - OK
id6o6um8 7.0 245417419cfbec24aa48eb6b0589b384 2012/01/23 15:56:09 1653 records - OK
uy39xzrv 7.0 2eb03a74099f577fbab0c523a8534d9b 2012/09/19 05:03:08 514 records - OK
5krrhyao 7.0 c0fa2ac84c87aeebbb6b4dfa5c3f0b5e 2012/09/10 13:23:14 1588 records - OK
tttrohwk 7.0 31c1f0b0163c1104faca04e39152b95e 2012/07/23 13:22:36 1702 records - OK
0qdh2381 7.0 efa3fba6b8311ef4a7c4aba3baee7d26 2012/06/11 13:22:36 1659 records - OK
zttqdme7 7.0 0db4ebf90d0ba1577684c368703ae359 2012/04/30 13:22:34 1670 records - OK
847tqq2y 7.0 3cc40ae70ae9666330f29e20a3e03bed 2012/03/12 14:22:28 1729 records - OK
9z9trufi 7.0 d41a5aa17a9868ee4197a1528f6a9e73 2012/01/30 14:23:00 1523 records - OK
tsw2o4ad 7.0 669119c2434b21040b1737e32d4ea783 2011/12/19 14:22:29 1805 records - OK
9jtaqh15 7.0 a7130cdf4fa35f1b4157dafaeee2e35f 2011/12/04 10:00:00 26456 records - OK
opwb303w 7.0 a571e30153b575cc4da79dae6be21932 2011/12/04 09:00:00 74279 records - OK
i8rpe3xa 7.0 9d46fd43346b5342c57fa7ae72e9c334 2011/12/04 08:00:00 1 record - OK
Total records count: 3156219

Anti-rootkit module version (API 4.02 / 4.02)

Using C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\ecv7vsfq.key as Dr.Web (R) Key file
This Dr.Web (R) Key is for 1 computer (A User)
Available instances: 12
Instances used: 11
Platform: Windows 7 Premium x64/WOW (Build 7601), Service Pack 1
API Version: 2.2
Scanning Engine version: 7.0.1.5020
Virus Finding Engine version: 7.0.2.4281
Total 68 virus bases are loaded from C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923
qjbxvxwa 7.0 3e072b8acee37a003a4ab009031d07fe 2012/09/19 05:03:20 1509 records - OK
eby608gy 7.0 b9d94c688c2f992a5fb753a95493b786 2011/07/26 00:20:03 1 record - OK
xas6elt1 7.0 bd93f8d30a154dcb3c30a5caad30762d 2012/09/19 05:03:25 4658 records - OK
mn89iafs 7.0 21534a94390a2e6640dfb1b7d8a9fd60 2012/09/17 13:05:43 11686 records - OK

>C:\Windows\SysWOW64\setupSNK.exe - packed by FLY-CODEC:\Windows\SysWOW64\shell32.dll - Ok
C:\Windows\SysWOW64\SensorsCpl.dll - Ok
>C:\Windows\SysWOW64\spfileq.dll - packed by BINARYRES
>>C:\Windows\SysWOW64\spfileq.dll - packed by MS COMPRESS
C:\Windows\SysWOW64\spnet.dll - Ok
C:\Windows\SysWOW64\SPInf.dll - Ok
C:\Windows\SysWOW64\spopk.dll - Ok
C:\Windows\SysWOW64\spfileq.dll - Ok
C:\Windows\SysWOW64\slmgr.vbs - Ok
C:\Windows\SysWOW64\shwebsvc.dll - Ok
C:\Windows\SysWOW64\spwinsat.dll - Ok
C:\Windows\SysWOW64\sppc.dll - Ok
C:\Windows\SysWOW64\SndVolSSO.dll - Ok
C:\Windows\SysWOW64\spp.dll - Ok
C:\Windows\SysWOW64\sppwmi.dll - Ok
C:\Windows\SysWOW64\spwizres.dll - Ok
C:\Windows\SysWOW64\sppinst.dll - Ok
C:\Windows\SysWOW64\sppcc.dll - Ok
C:\Windows\SysWOW64\spwmp.dll - Ok
C:\Windows\SysWOW64\sppcomapi.dll - Ok
C:\Windows\SysWOW64\spwizeng.dll - Ok
C:\Windows\SysWOW64\sqlceoledb30.dll - Ok>C:\Windows\SysWOW64\srdelayed.exe - packed by FLY-CODE
C:\Windows\SysWOW64\sqlunirl.dll - Ok
C:\Windows\SysWOW64\sqlsrv32.dll - Ok
C:\Windows\SysWOW64\srvcli.dll - Ok
C:\Windows\SysWOW64\sscore.dll - Ok
C:\Windows\SysWOW64\srhelper.dll - Ok
C:\Windows\SysWOW64\sspicli.dll - Ok
C:\Windows\SysWOW64\srdelayed.exe - Ok
C:\Windows\SysWOW64\srchadmin.dll - Ok
C:\Windows\SysWOW64\stdole2.tlb - Ok
C:\Windows\SysWOW64\srclient.dll - Ok
C:\Windows\SysWOW64\ssdpapi.dll - Ok
C:\Windows\SysWOW64\sqlceqp30.dll - Ok
C:\Windows\SysWOW64\SSShim.dll - Ok
C:\Windows\SysWOW64\stdole32.tlb - Ok
C:\Windows\SysWOW64\stclient.dll - Ok
C:\Windows\SysWOW64\storage.dll - Ok
>C:\Windows\SysWOW64\subst.exe - packed by FLY-CODE
C:\Windows\SysWOW64\StorageContextHandler.dll - Ok
C:\Windows\SysWOW64\SubRange.uce - Ok
C:\Windows\SysWOW64\StructuredQuery.dll - Ok
>C:\Windows\SysWOW64\sppcext.dll - packed by FLY-CODE
C:\Windows\SysWOW64\subst.exe - Ok
C:\Windows\SysWOW64\sxproxy.dll - Ok
C:\Windows\SysWOW64\Storprop.dll - Ok
C:\Windows\SysWOW64\sxshared.dll - Ok
C:\Windows\SysWOW64\stobject.dll - Ok
C:\Windows\SysWOW64\svchost.exe - Ok
C:\Windows\SysWOW64\sxsstore.dll - Ok
C:\Windows\SysWOW64\sxs.dll - Ok
C:\Windows\SysWOW64\sti.dll - Ok
C:\Windows\SysWOW64\sxstrace.exe - Ok
C:\Windows\SysWOW64\synceng.dll - Ok
C:\Windows\SysWOW64\SyncHostps.dll - Ok
C:\Windows\SysWOW64\ssText3d.scr - Ok
C:\Windows\SysWOW64\SyncInfrastructureps.dll - Ok
C:\Windows\SysWOW64\syncui.dll - Ok
C:\Windows\SysWOW64\SyncHost.exe - Ok
C:\Windows\SysWOW64\sppcext.dll - Ok
C:\Windows\SysWOW64\sysprint.sep - Ok

Sador27 · Nov 30, 2012

>C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\adtschema.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-service-core-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-service-management-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\apisetschema.dll - Ok
C:\Windows\SysWOW64\api-ms-win-security-sddl-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-security-lsalookup-l1-1-0.dll - Ok
>C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll - packed by FLY-CODE
C:\Windows\SysWOW64\api-ms-win-service-winsvc-l1-1-0.dll - Ok
C:\Windows\SysWOW64\api-ms-win-service-management-l2-1-0.dll - Ok
C:\Windows\SysWOW64\Apphlpdm.dll - Ok
C:\Windows\SysWOW64\apilogen.dll - Ok
C:\Windows\SysWOW64\asferror.dll - Ok
C:\Windows\SysWOW64\aspnet_counters.dll - Ok
C:\Windows\SysWOW64\appidapi.dll - Ok
C:\Windows\SysWOW64\apphelp.dll - Ok
C:\Windows\SysWOW64\ARP.EXE - Ok
C:\Windows\SysWOW64\asycfilt.dll - Ok
C:\Windows\SysWOW64\at.exe - Ok
C:\Windows\SysWOW64\atl.dll - Ok
C:\Windows\SysWOW64\accessibilitycpl.dll - Ok
C:\Windows\SysWOW64\atl100.dll - Ok
C:\Windows\SysWOW64\apircl.dll - Ok
C:\Windows\SysWOW64\attrib.exe - Ok
C:\Windows\SysWOW64\atmlib.dll - Ok
C:\Windows\SysWOW64\apss.dll - Ok
C:\Windows\SysWOW64\AtBroker.exe - Ok
C:\Windows\SysWOW64\audiodev.dll - Ok
C:\Windows\SysWOW64\AudioSes.dll - Ok
C:\Windows\SysWOW64\auditpol.exe - Ok
C:\Windows\SysWOW64\AuthFWWizFwk.dll - Ok
C:\Windows\SysWOW64\appwiz.cpl - Ok
C:\Windows\SysWOW64\authfwcfg.dll - Ok
C:\Windows\SysWOW64\AudioEng.dll - Ok
C:\Windows\SysWOW64\AuthFWGP.dll - Ok
C:\Windows\SysWOW64\atmfd.dll - Ok
C:\Windows\SysWOW64\AUDIOKSE.dll - Ok
C:\Windows\SysWOW64\autoplay.dll - Ok
C:\Windows\SysWOW64\autoconv.exe - Ok
C:\Windows\SysWOW64\autochk.exe - Ok
C:\Windows\SysWOW64\AuxiliaryDisplayApi.dll - Ok
C:\Windows\SysWOW64\avicap32.dll - Ok
C:\Windows\SysWOW64\avrt.dll - Ok
C:\Windows\SysWOW64\avifil32.dll - Ok
C:\Windows\SysWOW64\azman.msc - Ok
C:\Windows\SysWOW64\authz.dll - Ok
C:\Windows\SysWOW64\bcrypt.dll - Ok
C:\Windows\SysWOW64\apds.dll - Ok
C:\Windows\SysWOW64\autofmt.exe - Ok
C:\Windows\SysWOW64\AzSqlExt.dll - Ok
C:\Windows\SysWOW64\bcryptprimitives.dll - Ok
C:\Windows\SysWOW64\azroles.dll - Ok
C:\Windows\SysWOW64\azroleui.dll - Ok
C:\Windows\SysWOW64\bitsperf.dll - Ok
C:\Windows\SysWOW64\bdaplgin.ax - Ok
C:\Windows\SysWOW64\bitsprx3.dll - Ok
>C:\Windows\SysWOW64\bitsprx2.dll - packed by FLY-CODE
C:\Windows\SysWOW64\AuxiliaryDisplayCpl.dll - Ok>C:\Windows\SysWOW64\cmcfg32.dll - packed by FLY-CODE
C:\Windows\SysWOW64\cnvfat.dll - Ok
C:\Windows\SysWOW64\cngprovider.dll - Ok
C:\Windows\SysWOW64\cmstp.exe - Ok
C:\Windows\SysWOW64\colbact.dll - Ok
C:\Windows\SysWOW64\comcat.dll - Ok
C:\Windows\SysWOW64\CertEnroll.dll - Ok
C:\Windows\SysWOW64\colorcpl.exe - Ok
C:\Windows\SysWOW64\cmipnpinstall.dll - Ok
C:\Windows\SysWOW64\comctl32.dll - Ok
C:\Windows\SysWOW64\COLORCNV.DLL - Ok
C:\Windows\SysWOW64\comp.exe - Ok
C:\Windows\SysWOW64\compobj.dll - Ok
C:\Windows\SysWOW64\comdlg32.dll - Ok
>C:\Windows\SysWOW64\cdosys.dll is BINARYRES container
C:\Windows\SysWOW64\comexp.msc - Ok
>C:\Windows\SysWOW64\cdosys.dll\data001 is JS-HTML container
C:\Windows\SysWOW64\cliconfg.exe - Ok
C:\Windows\SysWOW64\cdosys.dll - container
C:\Windows\SysWOW64\compmgmt.msc - Ok
C:\Windows\SysWOW64\config.nt - Ok
C:\Windows\SysWOW64\cmcfg32.dll - Ok
C:\Windows\SysWOW64\compact.exe - Ok
C:\Windows\SysWOW64\colorui.dll - Ok
C:\Windows\SysWOW64\console.dll - Ok
C:\Windows\SysWOW64\comrepl.dll - Ok
C:\Windows\SysWOW64\convert.exe - Ok
C:\Windows\SysWOW64\credssp.dll - Ok
C:\Windows\SysWOW64\comsnap.dll - Ok
C:\Windows\SysWOW64\ComputerDefaults.exe - Ok
C:\Windows\SysWOW64\control.exe - Ok
C:\Windows\SysWOW64\cryptbase.dll - Ok
C:\Windows\SysWOW64\credwiz.exe - Ok
C:\Windows\SysWOW64\crtdll.dll - Ok
C:\Windows\SysWOW64\cryptdlg.dll - Ok
C:\Windows\SysWOW64\cryptnet.dll - Ok
C:\Windows\SysWOW64\CPFilters.dll - Ok
C:\Windows\SysWOW64\compstui.dll - Ok
C:\Windows\SysWOW64\cryptsp.dll - Ok
C:\Windows\SysWOW64\crypt32.dll - Ok
C:\Windows\SysWOW64\credui.dll - Ok
C:\Windows\SysWOW64\comuid.dll - Ok
C:\Windows\SysWOW64\cscapi.dll - Ok
C:\Windows\SysWOW64\cryptxml.dll - Ok
>C:\Windows\SysWOW64\cryptui.dll - packed by FLY-CODE
C:\Windows\SysWOW64\cscdll.dll - Ok
C:\Windows\SysWOW64\cryptsvc.dll - Ok
C:\Windows\SysWOW64\cryptext.dll - Ok
C:\Windows\SysWOW64\csrr.rs - Ok
C:\Windows\SysWOW64\cryptdll.dll - Ok
C:\Windows\SysWOW64\cscript.exe - Ok
C:\Windows\SysWOW64\C_10000.NLS - Ok
C:\Windows\SysWOW64\C_037.NLS - Ok
C:\Windows\SysWOW64\cttunesvr.exe - Ok
C:\Windows\SysWOW64\cttune.exe - Ok
C:\Windows\SysWOW64\ctfmon.exe - Ok
C:\Windows\SysWOW64\cryptui.dll - Ok
C:\Windows\SysWOW64\C_10001.NLS - Ok
C:\Windows\SysWOW64\C_10003.NLS - Ok
C:\Windows\SysWOW64\C_10002.NLS - Ok
C:\Windows\SysWOW64\connect.dll - Ok
C:\Windows\SysWOW64\C_10004.NLS - Ok
C:\Windows\SysWOW64\C_10005.NLS - Ok
C:\Windows\SysWOW64\comsvcs.dll - Ok
C:\Windows\SysWOW64\C_10010.NLS - Ok
C:\Windows\SysWOW64\C_10021.NLS - Ok
C:\Windows\SysWOW64\C_10017.NLS - Ok
C:\Windows\SysWOW64\C_10006.NLS - Ok
C:\Windows\SysWOW64\C_10029.NLS - Ok
C:\Windows\SysWOW64\C_10007.NLS - Ok
C:\Windows\SysWOW64\C_10008.NLS - Ok
C:\Windows\SysWOW64\C_10079.NLS - Ok
C:\Windows\SysWOW64\C_1047.NLS - Ok
C:\Windows\SysWOW64\C_10081.NLS - Ok
C:\Windows\SysWOW64\C_1026.NLS - Ok
C:\Windows\SysWOW64\C_1141.NLS - Ok
C:\Windows\SysWOW64\C_1140.NLS - Ok
C:\Windows\SysWOW64\C_10082.NLS - Ok
C:\Windows\SysWOW64\C_1142.NLS - Ok
C:\Windows\SysWOW64\C_1143.NLS - Ok
C:\Windows\SysWOW64\C_1147.NLS - Ok
C:\Windows\SysWOW64\C_1146.NLS - Ok
C:\Windows\SysWOW64\C_1144.NLS - Ok
C:\Windows\SysWOW64\C_1148.NLS - Ok
C:\Windows\SysWOW64\CSVer.dll - Ok
C:\Windows\SysWOW64\C_1145.NLS - Ok
C:\Windows\SysWOW64\C_1149.NLS - Ok
C:\Windows\SysWOW64\C_1250.NLS - Ok
C:\Windows\SysWOW64\comres.dll - Ok
C:\Windows\SysWOW64\C_1251.NLS - Ok
C:\Windows\SysWOW64\C_1252.NLS - Ok
C:\Windows\SysWOW64\C_1253.NLS - Ok
C:\Windows\SysWOW64\C_1255.NLS - Ok
C:\Windows\SysWOW64\C_1258.NLS - Ok
C:\Windows\SysWOW64\C_1256.NLS - Ok
C:\Windows\SysWOW64\C_1254.NLS - Ok
C:\Windows\SysWOW64\C_1257.NLS - Ok
C:\Windows\SysWOW64\C_20000.NLS - Ok
C:\Windows\SysWOW64\C_20001.NLS - Ok
C:\Windows\SysWOW64\C_1361.NLS - Ok
C:\Windows\SysWOW64\C_20002.NLS - Ok
C:\Windows\SysWOW64\C_20003.NLS - Ok
C:\Windows\SysWOW64\C_20105.NLS - Ok
C:\Windows\SysWOW64\C_20004.NLS - Ok
C:\Windows\SysWOW64\C_20107.NLS - Ok
C:\Windows\SysWOW64\C_20005.NLS - Ok
C:\Windows\SysWOW64\C_20127.NLS - Ok
C:\Windows\SysWOW64\C_20277.NLS - Ok
C:\Windows\SysWOW64\C_20108.NLS - Ok
C:\Windows\SysWOW64\C_20261.NLS - Ok
C:\Windows\SysWOW64\C_20285.NLS - Ok
C:\Windows\SysWOW64\C_20420.NLS - Ok
C:\Windows\SysWOW64\C_20284.NLS - Ok
C:\Windows\SysWOW64\C_20297.NLS - Ok
C:\Windows\SysWOW64\C_20290.NLS - Ok
C:\Windows\SysWOW64\C_20280.NLS - Ok
C:\Windows\SysWOW64\C_20278.NLS - Ok
C:\Windows\SysWOW64\C_20273.NLS - Ok
C:\Windows\SysWOW64\C_20269.NLS - Ok
C:\Windows\SysWOW64\C_20423.NLS - Ok
C:\Windows\SysWOW64\C_20106.NLS - Ok
C:\Windows\SysWOW64\C_20424.NLS - Ok
C:\Windows\SysWOW64\C_20833.NLS - Ok
C:\Windows\SysWOW64\C_20838.NLS - Ok
C:\Windows\SysWOW64\C_20905.NLS - Ok
C:\Windows\SysWOW64\C_20880.NLS - Ok
C:\Windows\SysWOW64\C_20866.NLS - Ok
C:\Windows\SysWOW64\C_20871.NLS - Ok
C:\Windows\SysWOW64\C_20924.NLS - Ok
C:\Windows\SysWOW64\C_21027.NLS - Ok
C:\Windows\SysWOW64\C_21025.NLS - Ok
C:\Windows\SysWOW64\C_20936.NLS - Ok
C:\Windows\SysWOW64\C_20932.NLS - Ok
C:\Windows\SysWOW64\C_28593.NLS - Ok
C:\Windows\SysWOW64\C_21866.NLS - Ok
C:\Windows\SysWOW64\C_20949.NLS - Ok
C:\Windows\SysWOW64\C_28594.NLS - Ok
C:\Windows\SysWOW64\C_28596.NLS - Ok
C:\Windows\SysWOW64\C_28597.NLS - Ok
C:\Windows\SysWOW64\C_28598.NLS - Ok
C:\Windows\SysWOW64\C_28592.NLS - Ok
C:\Windows\SysWOW64\C_28599.NLS - Ok
C:\Windows\SysWOW64\ctl3d32.dll - Ok
C:\Windows\SysWOW64\C_28591.NLS - Ok
C:\Windows\SysWOW64\C_28595.NLS - Ok
C:\Windows\SysWOW64\c_28603.nls - Ok
C:\Windows\SysWOW64\C_855.NLS - Ok
C:\Windows\SysWOW64\C_437.NLS - Ok
C:\Windows\SysWOW64\C_737.NLS - Ok
C:\Windows\SysWOW64\C_720.NLS - Ok
C:\Windows\SysWOW64\C_852.NLS - Ok
C:\Windows\SysWOW64\C_708.NLS - Ok
C:\Windows\SysWOW64\C_775.NLS - Ok
C:\Windows\SysWOW64\C_850.NLS - Ok
C:\Windows\SysWOW64\C_857.NLS - Ok
C:\Windows\SysWOW64\C_858.NLS - Ok
C:\Windows\SysWOW64\C_860.NLS - Ok
C:\Windows\SysWOW64\C_864.NLS - Ok
C:\Windows\SysWOW64\C_861.NLS - Ok
C:\Windows\SysWOW64\C_863.NLS - Ok
C:\Windows\SysWOW64\C_869.NLS - Ok
C:\Windows\SysWOW64\C_866.NLS - Ok
C:\Windows\SysWOW64\C_862.NLS - Ok
C:\Windows\SysWOW64\C_865.NLS - Ok
C:\Windows\SysWOW64\C_870.NLS - Ok
C:\Windows\SysWOW64\C_874.NLS - Ok
C:\Windows\SysWOW64\C_875.NLS - Ok
C:\Windows\SysWOW64\C_500.NLS - Ok
C:\Windows\SysWOW64\C_28605.NLS - Ok
C:\Windows\SysWOW64\d3d10core.dll - Ok
C:\Windows\SysWOW64\C_IS2022.DLL - Ok
C:\Windows\SysWOW64\C_932.NLS - Ok
C:\Windows\SysWOW64\C_936.NLS - Ok
C:\Windows\SysWOW64\C_ISCII.DLL - Ok
C:\Windows\SysWOW64\C_950.NLS - Ok
C:\Windows\SysWOW64\C_949.NLS - Ok
C:\Windows\SysWOW64\d3d8thk.dll - Ok
C:\Windows\SysWOW64\d3d10_1.dll - Ok
C:\Windows\SysWOW64\d3d10_1core.dll - Ok
C:\Windows\SysWOW64\d3d10.dll - Ok
C:\Windows\SysWOW64\d2d1.dll - Ok
>C:\Windows\SysWOW64\d3dx10_41.dll - packed by PESTUB
C:\Windows\SysWOW64\d3d10warp.dll - Ok
C:\Windows\SysWOW64\C_G18030.DLL - Ok
C:\Windows\SysWOW64\d3dx10_41.dll - Ok
C:\Windows\SysWOW64\d3d11.dll - Ok
C:\Windows\SysWOW64\d3dim700.dll - Ok
C:\Windows\SysWOW64\d3dxof.dll - Ok
C:\Windows\SysWOW64\d3dramp.dll - Ok
C:\Windows\SysWOW64\dataclen.dll - Ok
C:\Windows\SysWOW64\davclnt.dll - Ok
C:\Windows\SysWOW64\davhlpr.dll - Ok
C:\Windows\SysWOW64\d3d8.dll - Ok
C:\Windows\SysWOW64\dbnetlib.dll - Ok
C:\Windows\SysWOW64\dbghelp.dll - Ok
C:\Windows\SysWOW64\dciman32.dll - Ok
C:\Windows\SysWOW64\d3dim.dll - Ok
C:\Windows\SysWOW64\dbnmpntw.dll - Ok
>C:\Windows\SysWOW64\DDACLSys.dll - packed by FLY-CODE
C:\Windows\SysWOW64\d3d9.dll - Ok
C:\Windows\SysWOW64\DDOIProxy.dll - Ok
>C:\Windows\SysWOW64\D3DCompiler_41.dll - packed by PESTUB
C:\Windows\SysWOW64\DDACLSys.dll - Ok
C:\Windows\SysWOW64\dcomcnfg.exe - Ok
C:\Windows\SysWOW64\ddrawex.dll - Ok
C:\Windows\SysWOW64\ddodiag.exe - Ok
C:\Windows\SysWOW64\d3d10level9.dll - Ok
C:\Windows\SysWOW64\ddraw.dll - Ok
>C:\Windows\SysWOW64\deskperf.dll - packed by FLY-CODE
C:\Windows\SysWOW64\deskmon.dll - Ok
C:\Windows\SysWOW64\desk.cpl - Ok
C:\Windows\SysWOW64\devenum.dll - Ok
C:\Windows\SysWOW64\dbgeng.dll - Ok
C:\Windows\SysWOW64\defaultlocationcpl.dll - Ok
C:\Windows\SysWOW64\deskperf.dll - Ok
C:\Windows\SysWOW64\deskadp.dll - Ok
C:\Windows\SysWOW64\DeviceDisplayStatusManager.dll - Ok
C:\Windows\SysWOW64\DeviceMetadataParsers.dll - Ok
C:\Windows\SysWOW64\d3dx10_42.dll - Ok
C:\Windows\SysWOW64\DevicePairingProxy.dll - Ok
C:\Windows\SysWOW64\dccw.exe - Ok
C:\Windows\SysWOW64\DevicePairingHandler.dll - Ok
C:\Windows\SysWOW64\DeviceUxRes.dll - Ok
C:\Windows\SysWOW64\DeviceCenter.dll - Ok
C:\Windows\SysWOW64\DevicePairingWizard.exe - Ok
>C:\Windows\SysWOW64\d3dx9_32.dll - packed by PESTUB
C:\Windows\SysWOW64\DeviceProperties.exe - Ok
C:\Windows\SysWOW64\devobj.dll - Ok
C:\Windows\SysWOW64\DevicePairingFolder.dll - Ok
C:\Windows\SysWOW64\devmgmt.msc - Ok
C:\Windows\SysWOW64\DevicePairing.dll - Ok
C:\Windows\SysWOW64\dfscli.dll - Ok
C:\Windows\SysWOW64\D3DCompiler_41.dll - Ok
>C:\Windows\SysWOW64\dhcpcmonitor.dll - packed by FLY-CODE
C:\Windows\SysWOW64\dhcpcsvc.dll - Ok
C:\Windows\SysWOW64\DfsShlEx.dll - Ok
C:\Windows\SysWOW64\dhcpcmonitor.dll - Ok
C:\Windows\SysWOW64\devrtl.dll - Ok
C:\Windows\SysWOW64\dhcpcsvc6.dll - Ok
C:\Windows\SysWOW64\devmgr.dll - Ok
C:\Windows\SysWOW64\dhcpcore6.dll - Ok
C:\Windows\SysWOW64\DHCPQEC.DLL - Ok
C:\Windows\SysWOW64\dhcpsapi.dll - Ok
C:\Windows\SysWOW64\dimsjob.dll - Ok
C:\Windows\SysWOW64\dimsroam.dll - Ok
C:\Windows\SysWOW64\dhcpcore.dll - Ok
C:\Windows\SysWOW64\diskcomp.com - Ok
C:\Windows\SysWOW64\difxapi.dll - Ok
C:\Windows\SysWOW64\diskcopy.com - Ok
>C:\Windows\SysWOW64\dfrgui.exe is ZLIB container
C:\Windows\SysWOW64\dinput.dll - Ok
C:\Windows\SysWOW64\dfrgui.exe - container
C:\Windows\SysWOW64\diantz.exe - Ok
C:\Windows\SysWOW64\diskmgmt.msc - Ok
C:\Windows\SysWOW64\dinput8.dll - Ok
C:\Windows\SysWOW64\diskperf.exe - Ok
C:\Windows\SysWOW64\d3dx9_32.dll - Ok
C:\Windows\SysWOW64\dispex.dll - Ok
C:\Windows\SysWOW64\dfshim.dll - Ok
C:\Windows\SysWOW64\diskpart.exe - Ok
C:\Windows\SysWOW64\dllhost.exe - Ok
C:\Windows\SysWOW64\Dism.exe - Ok
C:\Windows\SysWOW64\dllhst3g.exe - Ok
C:\Windows\SysWOW64\dmband.dll - Ok
C:\Windows\SysWOW64\diskraid.exe - Ok
C:\Windows\SysWOW64\dmcompos.dll - Ok
C:\Windows\SysWOW64\dmdskres2.dll - Ok
C:\Windows\SysWOW64\diskcopy.dll - Ok
C:\Windows\SysWOW64\dmintf.dll - Ok
C:\Windows\SysWOW64\dmloader.dll - Ok
C:\Windows\SysWOW64\DisplaySwitch.exe - Ok
C:\Windows\SysWOW64\dmdskmgr.dll - Ok
C:\Windows\SysWOW64\dmdskres.dll - Ok
C:\Windows\SysWOW64\dialer.exe - Ok
C:\Windows\SysWOW64\dmdlgs.dll - Ok
C:\Windows\SysWOW64\dmocx.dll - Ok
C:\Windows\SysWOW64\dmime.dll - Ok
C:\Windows\SysWOW64\dmutil.dll - Ok
C:\Windows\SysWOW64\dmrc.dll - Ok
C:\Windows\SysWOW64\dmscript.dll - Ok
C:\Windows\SysWOW64\dmview.ocx - Ok
C:\Windows\SysWOW64\dnsapi.dll - Ok
C:\Windows\SysWOW64\dmusic.dll - Ok
C:\Windows\SysWOW64\dmvdsitf.dll - Ok
C:\Windows\SysWOW64\dmsynth.dll - Ok
C:\Windows\SysWOW64\doskey.exe - Ok
C:\Windows\SysWOW64\dmstyle.dll - Ok
C:\Windows\SysWOW64\docprop.dll - Ok
C:\Windows\SysWOW64\dot3cfg.dll - Ok
C:\Windows\SysWOW64\dot3api.dll - Ok
C:\Windows\SysWOW64\Display.dll - Ok
C:\Windows\SysWOW64\dnscacheugc.exe - Ok
C:\Windows\SysWOW64\dnscmmc.dll - Ok
C:\Windows\SysWOW64\dot3hc.dll - Ok
C:\Windows\SysWOW64\dot3gpclnt.dll - Ok
C:\Windows\SysWOW64\DDORes.dll - Ok
C:\Windows\SysWOW64\dot3dlg.dll - Ok
C:\Windows\SysWOW64\dpnaddr.dll - Ok
C:\Windows\SysWOW64\dot3msm.dll - Ok
C:\Windows\SysWOW64\dpmodemx.dll - Ok
C:\Windows\SysWOW64\dpapimig.exe - Ok
C:\Windows\SysWOW64\dpapiprovider.dll - Ok
C:\Windows\SysWOW64\dpnlobby.dll - Ok
C:\Windows\SysWOW64\dpnhpast.dll - Ok
C:\Windows\SysWOW64\DpiScaling.exe - Ok
C:\Windows\SysWOW64\dpnhupnp.dll - Ok
C:\Windows\SysWOW64\dpnathlp.dll - Ok
C:\Windows\SysWOW64\dot3gpui.dll - Ok
C:\Windows\SysWOW64\dot3ui.dll - Ok
C:\Windows\SysWOW64\dpwsockx.dll - Ok
C:\Windows\SysWOW64\dplayx.dll - Ok
C:\Windows\SysWOW64\drprov.dll - Ok
C:\Windows\SysWOW64\drttransport.dll - Ok
C:\Windows\SysWOW64\driverquery.exe - Ok
C:\Windows\SysWOW64\drtprov.dll - Ok
C:\Windows\SysWOW64\dplaysvr.exe - Ok
C:\Windows\SysWOW64\dpx.dll - Ok
C:\Windows\SysWOW64\dsauth.dll - Ok
C:\Windows\SysWOW64\ds32gt.dll - Ok
C:\Windows\SysWOW64\drvinst.exe - Ok
C:\Windows\SysWOW64\dpnsvr.exe - Ok
C:\Windows\SysWOW64\dpnet.dll - Ok
C:\Windows\SysWOW64\drt.dll - Ok
C:\Windows\SysWOW64\dskquota.dll - Ok
>C:\Windows\SysWOW64\drvstore.dll - packed by BINARYRES
>>C:\Windows\SysWOW64\drvstore.dll - packed by MS COMPRESS
C:\Windows\SysWOW64\drvstore.dll - Ok
C:\Windows\SysWOW64\DShowRdpFilter.dll - Ok
C:\Windows\SysWOW64\drmmgrtn.dll - Ok
C:\Windows\SysWOW64\dsrole.dll - Ok
C:\Windows\SysWOW64\dsprop.dll - Ok
C:\Windows\SysWOW64\dsdmo.dll - Ok
C:\Windows\SysWOW64\dssec.dll - Ok
C:\Windows\SysWOW64\dswave.dll - Ok
C:\Windows\SysWOW64\dsound.dll - Ok
C:\Windows\SysWOW64\dskquoui.dll - Ok
C:\Windows\SysWOW64\dtsh.dll - Ok
C:\Windows\SysWOW64\dssenh.dll - Ok
C:\Windows\SysWOW64\duser.dll - Ok
C:\Windows\SysWOW64\dwmapi.dll - Ok
>C:\Windows\SysWOW64\drmv2clt.dll is BINARYRES container
>C:\Windows\SysWOW64\drmv2clt.dll\data001 is JS-HTML container
C:\Windows\SysWOW64\drmv2clt.dll - container
C:\Windows\SysWOW64\dui70.dll - Ok
C:\Windows\SysWOW64\dsquery.dll - Ok
C:\Windows\SysWOW64\dvdplay.exe - Ok
C:\Windows\SysWOW64\dvdupgrd.exe - Ok
C:\Windows\SysWOW64\dxgi.dll - Ok
C:\Windows\SysWOW64\dxmasf.dll - Ok
C:\Windows\SysWOW64\dssec.dat - Ok
C:\Windows\SysWOW64\DWWIN.EXE - Ok
C:\Windows\SysWOW64\dxdiagn.dll - Ok
C:\Windows\SysWOW64\dxva2.dll - Ok
C:\Windows\SysWOW64\dxtrans.dll - Ok
C:\Windows\SysWOW64\dsuiext.dll - Ok
C:\Windows\SysWOW64\dxtmsft.dll - Ok
C:\Windows\SysWOW64\dxdiag.exe - Ok
C:\Windows\SysWOW64\eappgnui.dll - Ok
C:\Windows\SysWOW64\DWrite.dll - Ok
C:\Windows\SysWOW64\eappcfg.dll - Ok
C:\Windows\SysWOW64\eappprxy.dll - Ok
C:\Windows\SysWOW64\eapp3hst.dll - Ok
C:\Windows\SysWOW64\efsutil.dll - Ok
C:\Windows\SysWOW64\EAPQEC.DLL - Ok
C:\Windows\SysWOW64\efsadu.dll - Ok
C:\Windows\SysWOW64\efscore.dll - Ok
C:\Windows\SysWOW64\EhStorAPI.dll - Ok
C:\Windows\SysWOW64\DXPTaskRingtone.dll - Ok
C:\Windows\SysWOW64\ELSCore.dll - Ok
C:\Windows\SysWOW64\eapphost.dll - Ok
C:\Windows\SysWOW64\EhStorShell.dll - Ok
C:\Windows\SysWOW64\EhStorPwdMgr.dll - Ok
C:\Windows\SysWOW64\EhStorAuthn.exe - Ok
C:\Windows\SysWOW64\elsTrans.dll - Ok
C:\Windows\SysWOW64\esentprf.dll - Ok
C:\Windows\SysWOW64\els.dll - Ok
C:\Windows\SysWOW64\dwmcore.dll - Ok
C:\Windows\SysWOW64\es.dll - Ok
C:\Windows\SysWOW64\esentutl.exe - Ok
C:\Windows\SysWOW64\encapi.dll - Ok
>C:\Windows\SysWOW64\esrb.rs is ZLIB container
C:\Windows\SysWOW64\esrb.rs - container
>C:\Windows\SysWOW64\eventcls.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\EventViewer_EventDetails.xsl is JS-HTML container
C:\Windows\SysWOW64\elslad.dll - Ok
C:\Windows\SysWOW64\eqossnap.dll - Ok
C:\Windows\SysWOW64\EventViewer_EventDetails.xsl - container
>C:\Windows\SysWOW64\eventvwr.exe - packed by FLY-CODE
C:\Windows\SysWOW64\eventcreate.exe - Ok
C:\Windows\SysWOW64\eventcls.dll - Ok
C:\Windows\SysWOW64\EncDec.dll - Ok
C:\Windows\SysWOW64\evr.dll - Ok
>C:\Windows\SysWOW64\expand.exe - packed by BINARYRES
>>C:\Windows\SysWOW64\expand.exe - packed by MS COMPRESS
C:\Windows\SysWOW64\expand.exe - Ok
C:\Windows\SysWOW64\eventvwr.exe - Ok
C:\Windows\SysWOW64\DxpTaskSync.dll - Ok
C:\Windows\SysWOW64\eudcedit.exe - Ok
C:\Windows\SysWOW64\efsui.exe - Ok
C:\Windows\SysWOW64\f3ahvoas.dll - Ok
C:\Windows\SysWOW64\eventvwr.msc - Ok
C:\Windows\SysWOW64\fdeploy.dll - Ok
C:\Windows\SysWOW64\fdBthProxy.dll - Ok
C:\Windows\SysWOW64\fc.exe - Ok
C:\Windows\SysWOW64\fdPnp.dll - Ok
C:\Windows\SysWOW64\fdProxy.dll - Ok
C:\Windows\SysWOW64\fdSSDP.dll - Ok
C:\Windows\SysWOW64\fde.dll - Ok
C:\Windows\SysWOW64\fdBth.dll - Ok
C:\Windows\SysWOW64\ExplorerFrame.dll - Ok
C:\Windows\SysWOW64\fdWNet.dll - Ok
C:\Windows\SysWOW64\extrac32.exe - Ok
C:\Windows\SysWOW64\feclient.dll - Ok
C:\Windows\SysWOW64\find.exe - Ok
C:\Windows\SysWOW64\fdWCN.dll - Ok
C:\Windows\SysWOW64\expsrv.dll - Ok
C:\Windows\SysWOW64\finger.exe - Ok
C:\Windows\SysWOW64\fdWSD.dll - Ok
C:\Windows\SysWOW64\findnetprinters.dll - Ok
C:\Windows\SysWOW64\explorer.exe - Ok
C:\Windows\SysWOW64\Firewall.cpl - Ok
C:\Windows\SysWOW64\Faultrep.dll - Ok
C:\Windows\SysWOW64\fltLib.dll - Ok
C:\Windows\SysWOW64\fmifs.dll - Ok
C:\Windows\SysWOW64\fltMC.exe - Ok
C:\Windows\SysWOW64\fms.dll - Ok
C:\Windows\SysWOW64\findstr.exe - Ok
C:\Windows\SysWOW64\fixmapi.exe - Ok
C:\Windows\SysWOW64\fontsub.dll - Ok
C:\Windows\SysWOW64\filemgmt.dll - Ok
C:\Windows\SysWOW64\format.com - Ok
C:\Windows\SysWOW64\framedyn.dll - Ok
C:\Windows\SysWOW64\framedynos.dll - Ok
C:\Windows\SysWOW64\forfiles.exe - Ok
C:\Windows\SysWOW64\fontview.exe - Ok
C:\Windows\SysWOW64\fsmgmt.msc - Ok
C:\Windows\SysWOW64\fphc.dll - Ok
C:\Windows\SysWOW64\FirewallAPI.dll - Ok
C:\Windows\SysWOW64\esent.dll - Ok
C:\Windows\SysWOW64\fsutil.exe - Ok
C:\Windows\SysWOW64\FwRemoteSvr.dll - Ok
C:\Windows\SysWOW64\FWPUCLNT.DLL - Ok
C:\Windows\SysWOW64\ftp.exe - Ok
C:\Windows\SysWOW64\fundisc.dll - Ok
C:\Windows\SysWOW64\FXSCOM.dll - Ok
C:\Windows\SysWOW64\FXSEXT32.dll - Ok
C:\Windows\SysWOW64\fwcfg.dll - Ok
C:\Windows\SysWOW64\FXSAPI.dll - Ok
C:\Windows\SysWOW64\g711codc.ax - Ok
C:\Windows\SysWOW64\FirewallControlPanel.dll - Ok
C:\Windows\SysWOW64\FXSXP32.dll - Ok
C:\Windows\SysWOW64\gdi32.dll - Ok
C:\Windows\SysWOW64\gb2312.uce - Ok
C:\Windows\SysWOW64\FXSCOMEX.dll - Ok
C:\Windows\SysWOW64\fthsvc.dll - Ok
C:\Windows\SysWOW64\getmac.exe - Ok
C:\Windows\SysWOW64\gpapi.dll - Ok
C:\Windows\SysWOW64\glu32.dll - Ok
C:\Windows\SysWOW64\gpprnext.dll - Ok
>C:\Windows\SysWOW64\fontext.dll - packed by BINARYRES
>>C:\Windows\SysWOW64\fontext.dll - packed by MS COMPRESS
C:\Windows\SysWOW64\gptext.dll - Ok
C:\Windows\SysWOW64\fontext.dll - Ok
C:\Windows\SysWOW64\gameux.dll - Ok
C:\Windows\SysWOW64\getuname.dll - Ok
C:\Windows\SysWOW64\glmf32.dll - Ok
>C:\Windows\SysWOW64\grb.rs is ZLIB container
>C:\Windows\SysWOW64\gpupdate.exe - packed by FLY-CODE
C:\Windows\SysWOW64\grb.rs - container
C:\Windows\SysWOW64\gcdef.dll - Ok
C:\Windows\SysWOW64\gdiplus.dll - Ok
C:\Windows\SysWOW64\hcproviders.dll - Ok
C:\Windows\SysWOW64\gpresult.exe - Ok
C:\Windows\SysWOW64\gpupdate.exe - Ok
C:\Windows\SysWOW64\help.exe - Ok
>C:\Windows\SysWOW64\hbaapi.dll - packed by FLY-CODE
C:\Windows\SysWOW64\hdwwiz.cpl - Ok
C:\Windows\SysWOW64\hbaapi.dll - Ok
C:\Windows\SysWOW64\hh.exe - Ok
C:\Windows\SysWOW64\gpedit.dll - Ok
C:\Windows\SysWOW64\hid.dll - Ok
C:\Windows\SysWOW64\hhctrl.ocx - Ok
C:\Windows\SysWOW64\hidphone.tsp - Ok
C:\Windows\SysWOW64\HelpPaneProxy.dll - Ok
>C:\Windows\SysWOW64\hnetmon.dll - packed by FLY-CODE
C:\Windows\SysWOW64\HOSTNAME.EXE - Ok
C:\Windows\SysWOW64\hgcpl.dll - Ok
C:\Windows\SysWOW64\hidserv.dll - Ok
C:\Windows\SysWOW64\hlink.dll - Ok
C:\Windows\SysWOW64\FXSRESM.dll - Ok
C:\Windows\SysWOW64\hnetmon.dll - Ok
C:\Windows\SysWOW64\hdwwiz.exe - Ok
C:\Windows\SysWOW64\hhsetup.dll - Ok
C:\Windows\SysWOW64\ias.dll - Ok
C:\Windows\SysWOW64\httpapi.dll - Ok
C:\Windows\SysWOW64\htui.dll - Ok
C:\Windows\SysWOW64\iasads.dll - Ok
C:\Windows\SysWOW64\iashlpr.dll - Ok
C:\Windows\SysWOW64\iasacct.dll - Ok
C:\Windows\SysWOW64\iasdatastore.dll - Ok
C:\Windows\SysWOW64\html.iec - Ok
C:\Windows\SysWOW64\iac25_32.ax - Ok
C:\Windows\SysWOW64\iaspolcy.dll - Ok
C:\Windows\SysWOW64\hnetcfg.dll - Ok
C:\Windows\SysWOW64\iasnap.dll - Ok
C:\Windows\SysWOW64\iasrecst.dll - Ok
C:\Windows\SysWOW64\iassvcs.dll - Ok
C:\Windows\SysWOW64\icacls.exe - Ok
C:\Windows\SysWOW64\icardres.dll - Ok
C:\Windows\SysWOW64\iasrad.dll - Ok
C:\Windows\SysWOW64\iassam.dll - Ok
C:\Windows\SysWOW64\icmp.dll - Ok
C:\Windows\SysWOW64\iccvid.dll - Ok
C:\Windows\SysWOW64\icardie.dll - Ok
>C:\Windows\SysWOW64\IasMigPlugin.dll is BINARYRES container
C:\Windows\SysWOW64\IconCodecService.dll - Ok
C:\Windows\SysWOW64\icm32.dll - Ok
C:\Windows\SysWOW64\IasMigPlugin.dll - container
>C:\Windows\SysWOW64\icmui.dll - packed by FLY-CODE
C:\Windows\SysWOW64\iassdo.dll - Ok
>C:\Windows\SysWOW64\grpconv.exe - packed by FLY-CODE
C:\Windows\SysWOW64\idndl.dll - Ok
>C:\Windows\SysWOW64\icsunattend.exe - packed by FLY-CODE
C:\Windows\SysWOW64\IDStore.dll - Ok
C:\Windows\SysWOW64\ideograf.uce - Ok
C:\Windows\SysWOW64\icmui.dll - Ok
>C:\Windows\SysWOW64\icsigd.dll - packed by FLY-CODE
C:\Windows\SysWOW64\icrav03.rat - Ok
C:\Windows\SysWOW64\ie4uinit.exe - Ok
C:\Windows\SysWOW64\IEAdvpack.dll - Ok
C:\Windows\SysWOW64\ieakeng.dll - Ok
C:\Windows\SysWOW64\icsunattend.exe - Ok
C:\Windows\SysWOW64\ieakui.dll - Ok
C:\Windows\SysWOW64\icsigd.dll - Ok
C:\Windows\SysWOW64\iedkcs32.dll - Ok
C:\Windows\SysWOW64\iepeers.dll - Ok
C:\Windows\SysWOW64\ieaksie.dll - Ok
C:\Windows\SysWOW64\iesetup.dll - Ok
C:\Windows\SysWOW64\grpconv.exe - Ok
C:\Windows\SysWOW64\ieui.dll - Ok
C:\Windows\SysWOW64\ieapfltr.dll - Ok
C:\Windows\SysWOW64\iesysprep.dll - Ok
C:\Windows\SysWOW64\ifmon.dll - Ok
C:\Windows\SysWOW64\ieUnatt.exe - Ok
C:\Windows\SysWOW64\ifsutilx.dll - Ok
C:\Windows\SysWOW64\ifsutil.dll - Ok
C:\Windows\SysWOW64\iertutil.dll - Ok
C:\Windows\SysWOW64\igdde32.dll - Ok
C:\Windows\SysWOW64\icardagt.exe - Ok
C:\Windows\SysWOW64\iernonce.dll - Ok
C:\Windows\SysWOW64\iexpress.exe - Ok
C:\Windows\SysWOW64\ieuinit.inf - Ok
C:\Windows\SysWOW64\igfcg700m.bin - Ok
C:\Windows\SysWOW64\ieframe.dll - Ok
C:\Windows\SysWOW64\igfxcmrt32.dll - Ok
C:\Windows\SysWOW64\igfxexps32.dll - Ok
C:\Windows\SysWOW64\igdumd32.dll - Ok
C:\Windows\SysWOW64\igkrng700.bin - Ok
C:\Windows\SysWOW64\igd10umd32.dll - Ok
C:\Windows\SysWOW64\igfxdv32.dll - Ok
C:\Windows\SysWOW64\iglhcp32.dll - Ok
>C:\Windows\SysWOW64\imaadp32.acm - packed by FLY-CODE
C:\Windows\SysWOW64\imaadp32.acm - Ok
C:\Windows\SysWOW64\imagehlp.dll - Ok
C:\Windows\SysWOW64\igdrcl32.dll - Ok
>C:\Windows\SysWOW64\iglhsip32.dll - packed by FLY-CODE
C:\Windows\SysWOW64\imapi.dll - Ok
C:\Windows\SysWOW64\imapi2.dll - Ok
C:\Windows\SysWOW64\imgutil.dll - Ok
C:\Windows\SysWOW64\GameUXLegacyGDFs.dll - Ok
C:\Windows\SysWOW64\iglhsip32.dll - Ok
C:\Windows\SysWOW64\imageres.dll - Ok
C:\Windows\SysWOW64\imm32.dll - Ok
C:\Windows\SysWOW64\imkr80.ime - Ok
C:\Windows\SysWOW64\inetcomm.dll - Ok
C:\Windows\SysWOW64\inetcpl.cpl - Ok
C:\Windows\SysWOW64\inetmib1.dll - Ok
C:\Windows\SysWOW64\INETRES.dll - Ok
C:\Windows\SysWOW64\InfDefaultInstall.exe - Ok
C:\Windows\SysWOW64\infocardapi.dll - Ok
C:\Windows\SysWOW64\infocardcpl.cpl - Ok
C:\Windows\SysWOW64\imagesp1.dll - Ok
C:\Windows\SysWOW64\IMJP10.IME - Ok
C:\Windows\SysWOW64\instnm.exe - Ok
C:\Windows\SysWOW64\InkEd.dll - Ok
C:\Windows\SysWOW64\imapi2fs.dll - Ok
C:\Windows\SysWOW64\IntelCpHeciSvc.exe - Ok
C:\Windows\SysWOW64\IntelOpenCL32.dll - Ok
C:\Windows\SysWOW64\iologmsg.dll - Ok
C:\Windows\SysWOW64\IPBusEnumProxy.dll - Ok
C:\Windows\SysWOW64\ipconfig.exe - Ok
C:\Windows\SysWOW64\IMJP10K.DLL - Ok
C:\Windows\SysWOW64\IPHLPAPI.DLL - Ok
C:\Windows\SysWOW64\inseng.dll - Ok
C:\Windows\SysWOW64\input.dll - Ok
C:\Windows\SysWOW64\intl.cpl - Ok
C:\Windows\SysWOW64\iprop.dll - Ok
C:\Windows\SysWOW64\iprtprio.dll - Ok
>C:\Windows\SysWOW64\ir41_qc.dll - packed by FLY-CODE
C:\Windows\SysWOW64\ir32_32.dll - Ok
C:\Windows\SysWOW64\iprtrmgr.dll - Ok
C:\Windows\SysWOW64\ipsmsnap.dll - Ok
>C:\Windows\SysWOW64\ir41_qcx.dll - packed by FLY-CODE
C:\Windows\SysWOW64\ir50_qc.dll - Ok
C:\Windows\SysWOW64\igdbcl32.dll - Ok
C:\Windows\SysWOW64\ir41_32.ax - Ok
C:\Windows\SysWOW64\ir50_qcx.dll - Ok
>C:\Windows\SysWOW64\irclass.dll - packed by FLY-CODE
C:\Windows\SysWOW64\ir41_qc.dll - Ok
>C:\Windows\SysWOW64\iscsicli.exe - packed by FLY-CODE
C:\Windows\SysWOW64\ipsecsnp.dll - Ok
C:\Windows\SysWOW64\ir41_qcx.dll - Ok
C:\Windows\SysWOW64\ieapfltr.dat - Ok
C:\Windows\SysWOW64\irclass.dll - Ok
C:\Windows\SysWOW64\ir50_32.dll - Ok
C:\Windows\SysWOW64\iscsied.dll - Ok
C:\Windows\SysWOW64\irprops.cpl - Ok
C:\Windows\SysWOW64\iscsium.dll - Ok
C:\Windows\SysWOW64\iscsidsc.dll - Ok
>C:\Windows\SysWOW64\iscsicpl.exe - packed by FLY-CODE
C:\Windows\SysWOW64\iscsicpl.dll - Ok
C:\Windows\SysWOW64\IusEventLog.dll - Ok
C:\Windows\SysWOW64\igfxcmjit32.dll - Ok
C:\Windows\SysWOW64\iscsicli.exe - Ok
C:\Windows\SysWOW64\iscsiwmi.dll - Ok
C:\Windows\SysWOW64\itircl.dll - Ok
>C:\Windows\SysWOW64\iyuv_32.dll - packed by FLY-CODE
C:\Windows\SysWOW64\itss.dll - Ok
C:\Windows\SysWOW64\isoburn.exe - Ok
C:\Windows\SysWOW64\iTVData.dll - Ok
C:\Windows\SysWOW64\kanji_1.uce - Ok
C:\Windows\SysWOW64\iscsicpl.exe - Ok
C:\Windows\SysWOW64\kanji_2.uce - Ok
C:\Windows\SysWOW64\jsproxy.dll - Ok
C:\Windows\SysWOW64\iyuv_32.dll - Ok
C:\Windows\SysWOW64\kbd101.DLL - Ok
C:\Windows\SysWOW64\ivfsrc.ax - Ok
C:\Windows\SysWOW64\kbd101a.DLL - Ok
C:\Windows\SysWOW64\kbd101b.DLL - Ok
C:\Windows\SysWOW64\kbd101c.DLL - Ok
C:\Windows\SysWOW64\kbd103.DLL - Ok
C:\Windows\SysWOW64\kbd106n.dll - Ok
C:\Windows\SysWOW64\KBDA3.DLL - Ok
C:\Windows\SysWOW64\kbd106.dll - Ok
C:\Windows\SysWOW64\KBDA1.DLL - Ok
C:\Windows\SysWOW64\joy.cpl - Ok
C:\Windows\SysWOW64\KBDARME.DLL - Ok
C:\Windows\SysWOW64\KBDA2.DLL - Ok
C:\Windows\SysWOW64\kbdax2.dll - Ok
C:\Windows\SysWOW64\KBDARMW.DLL - Ok
C:\Windows\SysWOW64\KBDAL.DLL - Ok
C:\Windows\SysWOW64\KBDAZE.DLL - Ok
C:\Windows\SysWOW64\KBDAZEL.DLL - Ok
C:\Windows\SysWOW64\KBDBASH.DLL - Ok
C:\Windows\SysWOW64\KBDBE.DLL - Ok
C:\Windows\SysWOW64\KBDBGPH1.DLL - Ok
C:\Windows\SysWOW64\KBDBGPH.DLL - Ok
C:\Windows\SysWOW64\KBDBHC.DLL - Ok
C:\Windows\SysWOW64\KBDBENE.DLL - Ok
C:\Windows\SysWOW64\KBDBLR.DLL - Ok
C:\Windows\SysWOW64\KBDBU.DLL - Ok
C:\Windows\SysWOW64\KBDBULG.DLL - Ok
C:\Windows\SysWOW64\KBDBR.DLL - Ok
C:\Windows\SysWOW64\KBDCA.DLL - Ok
C:\Windows\SysWOW64\KBDCAN.DLL - Ok
C:\Windows\SysWOW64\KBDCZ.DLL - Ok
C:\Windows\SysWOW64\KBDCR.DLL - Ok
C:\Windows\SysWOW64\KBDCZ1.DLL - Ok
C:\Windows\SysWOW64\KBDCZ2.DLL - Ok
C:\Windows\SysWOW64\KBDDV.DLL - Ok
C:\Windows\SysWOW64\KBDDIV2.DLL - Ok
C:\Windows\SysWOW64\KBDDIV1.DLL - Ok
C:\Windows\SysWOW64\KBDDA.DLL - Ok
C:\Windows\SysWOW64\KBDEST.DLL - Ok
C:\Windows\SysWOW64\KBDES.DLL - Ok
C:\Windows\SysWOW64\KBDFA.DLL - Ok
C:\Windows\SysWOW64\KBDFI.DLL - Ok
C:\Windows\SysWOW64\KBDFR.DLL - Ok
C:\Windows\SysWOW64\KBDFO.DLL - Ok
C:\Windows\SysWOW64\KBDFC.DLL - Ok
C:\Windows\SysWOW64\KBDGAE.DLL - Ok
C:\Windows\SysWOW64\jscript.dll - Ok
C:\Windows\SysWOW64\KBDFI1.DLL - Ok
C:\Windows\SysWOW64\KBDGEO.DLL - Ok
C:\Windows\SysWOW64\KBDGKL.DLL - Ok
C:\Windows\SysWOW64\kbdgeoer.dll - Ok
C:\Windows\SysWOW64\kbdgeoqw.dll - Ok
C:\Windows\SysWOW64\KBDGR.DLL - Ok
C:\Windows\SysWOW64\KBDGRLND.DLL - Ok
C:\Windows\SysWOW64\KBDHAU.DLL - Ok
C:\Windows\SysWOW64\KBDGR1.DLL - Ok
C:\Windows\SysWOW64\KBDHE.DLL - Ok
C:\Windows\SysWOW64\KBDHE220.DLL - Ok
C:\Windows\SysWOW64\KBDHEB.DLL - Ok
C:\Windows\SysWOW64\KBDHE319.DLL - Ok
C:\Windows\SysWOW64\KBDHU.DLL - Ok
C:\Windows\SysWOW64\KBDHEPT.DLL - Ok
C:\Windows\SysWOW64\KBDHU1.DLL - Ok
C:\Windows\SysWOW64\KBDHELA2.DLL - Ok
C:\Windows\SysWOW64\kbdibm02.DLL - Ok
C:\Windows\SysWOW64\KBDIBO.DLL - Ok
C:\Windows\SysWOW64\KBDHELA3.DLL - Ok
C:\Windows\SysWOW64\KBDIC.DLL - Ok
C:\Windows\SysWOW64\KBDINASA.DLL - Ok
C:\Windows\SysWOW64\KBDINBE1.DLL - Ok
C:\Windows\SysWOW64\KBDINBEN.DLL - Ok
C:\Windows\SysWOW64\KBDINBE2.DLL - Ok
C:\Windows\SysWOW64\KBDINDEV.DLL - Ok
C:\Windows\SysWOW64\KBDINGUJ.DLL - Ok
C:\Windows\SysWOW64\KBDINORI.DLL - Ok
C:\Windows\SysWOW64\KBDINMAL.DLL - Ok
C:\Windows\SysWOW64\KBDINPUN.DLL - Ok
C:\Windows\SysWOW64\KBDINTAM.DLL - Ok
C:\Windows\SysWOW64\KBDINHIN.DLL - Ok
C:\Windows\SysWOW64\KBDINKAN.DLL - Ok
C:\Windows\SysWOW64\KBDINMAR.DLL - Ok
C:\Windows\SysWOW64\KBDINTEL.DLL - Ok
C:\Windows\SysWOW64\KBDIR.DLL - Ok
C:\Windows\SysWOW64\KBDINUK2.DLL - Ok
C:\Windows\SysWOW64\KBDIT.DLL - Ok
C:\Windows\SysWOW64\KBDKHMR.DLL - Ok
C:\Windows\SysWOW64\KBDIULAT.DLL - Ok
C:\Windows\SysWOW64\KBDIT142.DLL - Ok
C:\Windows\SysWOW64\KBDKAZ.DLL - Ok
C:\Windows\SysWOW64\KBDJPN.DLL - Ok
C:\Windows\SysWOW64\KBDLA.DLL - Ok
C:\Windows\SysWOW64\KBDKOR.DLL - Ok
C:\Windows\SysWOW64\KBDKYR.DLL - Ok
C:\Windows\SysWOW64\KBDLAO.DLL - Ok
C:\Windows\SysWOW64\KBDLT.DLL - Ok
C:\Windows\SysWOW64\kbdlk41a.dll - Ok
C:\Windows\SysWOW64\KBDLV.DLL - Ok
C:\Windows\SysWOW64\KBDLT1.DLL - Ok
C:\Windows\SysWOW64\KBDLT2.DLL - Ok
C:\Windows\SysWOW64\KBDLV1.DLL - Ok
C:\Windows\SysWOW64\KBDMACST.DLL - Ok
C:\Windows\SysWOW64\KBDMAC.DLL - Ok
C:\Windows\SysWOW64\KBDMAORI.DLL - Ok
C:\Windows\SysWOW64\KBDMON.DLL - Ok
C:\Windows\SysWOW64\KBDMLT48.DLL - Ok
C:\Windows\SysWOW64\KBDMLT47.DLL - Ok
C:\Windows\SysWOW64\kbdnec.DLL - Ok
C:\Windows\SysWOW64\KBDNE.DLL - Ok
C:\Windows\SysWOW64\KBDMONMO.DLL - Ok
C:\Windows\SysWOW64\kbdnec95.DLL - Ok
C:\Windows\SysWOW64\kbdnecat.DLL - Ok
C:\Windows\SysWOW64\kbdnecnt.DLL - Ok
C:\Windows\SysWOW64\KBDNO.DLL - Ok
C:\Windows\SysWOW64\KBDNO1.DLL - Ok
C:\Windows\SysWOW64\KBDNEPR.DLL - Ok
C:\Windows\SysWOW64\KBDNSO.DLL - Ok
C:\Windows\SysWOW64\KBDPASH.DLL - Ok
C:\Windows\SysWOW64\KBDPL.DLL - Ok
C:\Windows\SysWOW64\KBDPL1.DLL - Ok
C:\Windows\SysWOW64\KBDROPR.DLL - Ok
C:\Windows\SysWOW64\KBDRU.DLL - Ok
C:\Windows\SysWOW64\KBDPO.DLL - Ok
C:\Windows\SysWOW64\KBDRO.DLL - Ok
C:\Windows\SysWOW64\KBDROST.DLL - Ok
C:\Windows\SysWOW64\KBDSL.DLL - Ok
C:\Windows\SysWOW64\KBDRU1.DLL - Ok
C:\Windows\SysWOW64\KBDSMSFI.DLL - Ok
C:\Windows\SysWOW64\KBDSF.DLL - Ok
C:\Windows\SysWOW64\jscript9.dll - Ok
C:\Windows\SysWOW64\KBDSL1.DLL - Ok
C:\Windows\SysWOW64\KBDSN1.DLL - Ok
C:\Windows\SysWOW64\KBDSMSNO.DLL - Ok
C:\Windows\SysWOW64\KBDSP.DLL - Ok
C:\Windows\SysWOW64\KBDSOREX.DLL - Ok
C:\Windows\SysWOW64\KBDSW09.DLL - Ok
C:\Windows\SysWOW64\KBDSORST.DLL - Ok
C:\Windows\SysWOW64\KBDSG.DLL - Ok
C:\Windows\SysWOW64\KBDSW.DLL - Ok
C:\Windows\SysWOW64\KBDSYR1.DLL - Ok
C:\Windows\SysWOW64\KBDSORS1.DLL - Ok
C:\Windows\SysWOW64\KBDTAT.DLL - Ok
C:\Windows\SysWOW64\KBDTAJIK.DLL - Ok
C:\Windows\SysWOW64\KBDTIPRC.DLL - Ok
C:\Windows\SysWOW64\KBDTH0.DLL - Ok
C:\Windows\SysWOW64\KBDSYR2.DLL - Ok
C:\Windows\SysWOW64\KBDTH1.DLL - Ok
C:\Windows\SysWOW64\KBDTH2.DLL - Ok
C:\Windows\SysWOW64\KBDTH3.DLL - Ok
C:\Windows\SysWOW64\KBDTUQ.DLL - Ok
C:\Windows\SysWOW64\KBDUK.DLL - Ok
C:\Windows\SysWOW64\KBDUGHR.DLL - Ok
C:\Windows\SysWOW64\KBDTUF.DLL - Ok
C:\Windows\SysWOW64\KBDUGHR1.DLL - Ok
C:\Windows\SysWOW64\KBDTURME.DLL - Ok
C:\Windows\SysWOW64\KBDUKX.DLL - Ok
C:\Windows\SysWOW64\KBDUR1.DLL - Ok
C:\Windows\SysWOW64\KBDUS.DLL - Ok
C:\Windows\SysWOW64\KBDUR.DLL - Ok
C:\Windows\SysWOW64\KBDUSX.DLL - Ok
C:\Windows\SysWOW64\KBDURDU.DLL - Ok
C:\Windows\SysWOW64\KBDUSL.DLL - Ok
C:\Windows\SysWOW64\KBDUSR.DLL - Ok
C:\Windows\SysWOW64\KBDUSA.DLL - Ok
C:\Windows\SysWOW64\KBDVNTC.DLL - Ok
C:\Windows\SysWOW64\KBDUZB.DLL - Ok
C:\Windows\SysWOW64\KBDWOL.DLL - Ok
C:\Windows\SysWOW64\KernelBase.dll - Ok
C:\Windows\SysWOW64\KBDYAK.DLL - Ok
C:\Windows\SysWOW64\KBDYCC.DLL - Ok
C:\Windows\SysWOW64\KBDYBA.DLL - Ok
C:\Windows\SysWOW64\KBDYCL.DLL - Ok
C:\Windows\SysWOW64\keyiso.dll - Ok
C:\Windows\SysWOW64\kmddsp.tsp - Ok

Sador27 · Nov 30, 2012

C:\Windows\SysWOW64\InstallShield\setupdir\000b\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\000a\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0009\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\000e\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setup.exe - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0011\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0010\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0012\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0013\_setup.dll - Ok
>>C:\Windows\SysWOW64\xpsrchvw.exe is BINARYRES container
C:\Windows\SysWOW64\xpsrchvw.exe - container
C:\Windows\SysWOW64\InstallShield\setupdir\0014\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001b\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0019\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001d\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0015\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001a\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\001f\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0024\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0021\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\002d\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0404\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\001b\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001d\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0816\_setup.dll - Ok
C:\Windows\SysWOW64\MUI\0409\mscorees.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log - Ok
C:\Windows\SysWOW64\Macromed\Flash\flashplayer.xpt - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe - Ok
C:\Windows\SysWOW64\InstallShield\_isdel.exe - Ok
C:\Windows\SysWOW64\Macromed\Flash\install.log - Ok
C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_24.bin - Ok
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_FlashUtil.exe - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_24.bin - Ok
C:\Windows\SysWOW64\Msdtc\Trace\msdtctr.mof - Ok
>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe - packed by BINARYRES
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_48.bin - Ok
>>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe is NSIS container
C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe - container
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_24.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_48.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_48.bin - Ok
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx is BINARYRES container
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data001 - packed by BINARYRES
>>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data001 is WISE container
>C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll is BINARYRES container
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data002 is ZLIB container
>C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll\data002 is ZLIB container
C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx - container
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - container
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs - Ok
C:\Windows\SysWOW64\Recovery\ReAgent.xml - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs - Ok
C:\Windows\SysWOW64\RTCOM\RtkCfg.dll - Ok
C:\Windows\SysWOW64\Setup\cmmigr.dll - Ok
C:\Windows\SysWOW64\Setup\msdtcstp.dll - Ok
C:\Windows\SysWOW64\RTCOM\RTLCPAPI.dll - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs - Ok
C:\Windows\SysWOW64\Setup\pbkmigr.dll - Ok
C:\Windows\SysWOW64\Setup\tssysprep.dll - Ok
>C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll - packed by BINARYRES
C:\Windows\SysWOW64\IME\IMEJP10\APPLETS\mshwjpnrIME.dll - Ok
C:\Windows\SysWOW64\Setup\RasMigPlugin.dll - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\en-US\srloc.dll.mui - Ok
C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\en-US\sapi.cpl.mui - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\spsrx.dll - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\sapi.cpl - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml - Ok
C:\Windows\SysWOW64\Wat\WatWeb.dll - Ok
C:\Windows\SysWOW64\Setup\comsetup.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\srloc.dll - Ok
C:\Windows\SysWOW64\WCN\en-US\Add_a_device_or_computer_to_a_network_usb.rtf - Ok
C:\Windows\SysWOW64\Speech\Common\sapi.dll - Ok
C:\Windows\SysWOW64\Wat\npWatWeb.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pspluginwkr.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml - Ok
>C:\Windows\SysWOW64\Macromed\Flash\Flash9f.ocx is ZLIB container
C:\Windows\SysWOW64\Macromed\Flash\Flash9f.ocx - container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\profile.ps1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\spsreng.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_aliases.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt - Ok

Sador27 · Nov 30, 2012

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Line_Editing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_parameters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_output.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_requires.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Special_Characters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_split.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ImportAllModules.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WS-Management_Cmdlets.help.txt - Ok
>C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt is JS-HTML container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt - container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.Wsman.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.dll-Help.xml - Ok
C:\Windows\SysWOW64\ar-SA\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\PSEvents.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml - Ok
C:\Windows\SysWOW64\ar-SA\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\fms.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\mlang.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\bg-BG\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\pspluginwkr.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\pwrshmsg.dll.mui - Ok
C:\Windows\SysWOW64\bg-BG\mlang.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell.exe.mui - Ok
C:\Windows\SysWOW64\com\en-US\comrepl.exe.mui - Ok
C:\Windows\SysWOW64\com\mtsadmin.tlb - Ok
C:\Windows\SysWOW64\com\MigRegDB.exe - Ok
C:\Windows\SysWOW64\com\comrepl.exe - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat.LOG1 - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat.LOG2 - Ok
C:\Windows\SysWOW64\bg-BG\fms.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TMContainer00000000000000000001.regtrans-ms - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TM.blf - Ok
C:\Windows\SysWOW64\com\en-US\MigRegDB.exe.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TMContainer00000000000000000002.regtrans-ms - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_A009C7B69A12C106CE3C001E25215EF6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 - Ok
C:\Windows\SysWOW64\bg-BG\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_B1EA2EEB7B2EECB0D01D03D723235157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A - Ok
C:\Windows\SysWOW64\com\comempty.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 - Ok
>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 is CAB archive
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - archive
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B7AED56F69397028F35E77E6DD681FC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_5442B1CAC753FE77C0664BB0A0BCD11E - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_8F1D61A8F3972EC32F057A8D84A206BB - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_26D94F4F4D66B03ED659992699BD1977 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_D4A257FA65F272581CA61DD756EA3A4C - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_A009C7B69A12C106CE3C001E25215EF6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_B1EA2EEB7B2EECB0D01D03D723235157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B7AED56F69397028F35E77E6DD681FC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD - Ok
C:\Windows\SysWOW64\com\comadmin.dll - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_5442B1CAC753FE77C0664BB0A0BCD11E - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_8F1D61A8F3972EC32F057A8D84A206BB - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_26D94F4F4D66B03ED659992699BD1977 - Ok
C:\Windows\SysWOW64\bg-BG\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_D4A257FA65F272581CA61DD756EA3A4C - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F72943F1E01540BBACB5396C76DD6AAA - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\userinfo.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\shortcut_ex.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F72943F1E01540BBACB5396C76DD6AAA - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\19ECED02-79F0-49B6-B7BB-860D71DDC6FF.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\223CB80F-BF00-4A45-8771-9386801BC375.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\015E617E-DEB9-4983-A3B7-B8D15D0B8240.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\15B42A0D-9D2A-40F4-A56A-F3FCA3C5D3DD.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\21BF25AE-CE7B-4A21-983A-60511B54A60C.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\028C43E4-332A-49A2-9B30-4137CD1526FD.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\56C1830D-C703-4115-8A48-97E5AD3CF749.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\4976FE26-8FE8-42E3-BD2D-40110515079F.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\4C11754D-03F6-49F1-B449-FA7F14960283.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\6173CA10-3172-4295-9EE0-C79EAB8F6009.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\58C6E65E-7A95-43CB-9F14-712D47E4F424.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\668AFF5E-BBC4-41F1-92D6-FA0573E58F85.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\7394FA0C-49BD-4FF1-B20A-BFA7247B13D1.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\6ED19C26-E177-4162-953C-8707A04C376A.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\69F4DD7C-9C07-488D-98B2-8E36D72B7990.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\842E70D0-67EF-4F17-9D9A-8CD56AEECB27.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\7954E669-786A-4D63-95FF-A6D590F934FC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\72C28BEA-274E-4554-951B-5FB62AC294F1.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\92169EF5-DD94-412B-B9FF-AF3907994B65.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\84BABD6A-9AFA-4A76-B5EB-FF3A24C27F90.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\72477CC5-5089-43A6-B2AE-01755D0B06A9.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\A73BB809-FF88-4AE3-97EF-7A95A517C8AC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming

Sador27 · Nov 30, 2012

\SoftGrid Client\Icon Cache\97881A23-0229-48E7-89F2-061DAE034ABB.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\9B032707-BFD7-49D8-9114-E648CBCCF93C.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\9B5204C4-3227-4793-BD9E-77A30E99A444.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ACB81905-DDA6-4DDB-9B81-3CCD695281FE.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\A9ADAFFB-6E49-4A17-B5EF-7C2C2C8729F8.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B0208B4C-D6D7-4011-830D-054AB2E22E23.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B18A9B1D-6F6F-4841-85FE-62BFC8CD8131.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B0BF5D83-27FE-4AFB-A01B-EEDBDE3DCD75.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B3DDFDFF-A4EF-4A46-ADA2-E11D5F6F11BA.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B1E40267-B39B-442D-8186-0C2C3B88842F.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B98D8E2C-BF61-4161-97CF-8FDACD1E9F35.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\C6493F7D-7400-4C23-B81C-C2B22EA26ADC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CF170C7D-B437-4D37-ADA0-1A89CEB4E271.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\D522E952-1C06-4CF2-8380-B80EED6CCB3D.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CFBE320B-B12B-4194-A66B-3BEB591E6757.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CB3C3A63-39FC-4E99-9409-D70E5B9AA0BE.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\E0EE97E5-626C-4DE7-8C80-E4EFAFC13338.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\D7480C34-B3DC-4CAB-B722-8DD0BEBB9552.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\99732B8A-DEC3-41C2-B32E-0BCAC0197C22.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\F3DAE6D4-CDC2-4A0E-A049-D1C0A153419C.ico - Ok
C:\Windows\SysWOW64\cs-CZ\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\mlang.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\fms.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\fms.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - Ok
C:\Windows\SysWOW64\da-DK\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\mlang.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\drivers\1043_ASUSTEK_K55A_K55VD_V20_WIN7.MRK - Ok
C:\Windows\SysWOW64\de-DE\mlang.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\drivers\AiCharger.sys - Ok
C:\Windows\SysWOW64\de-DE\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\fms.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\comdlg32.dll.mui - Ok
>C:\Windows\SysWOW64\drivers\wimmount.sys - packed by FLY-CODE
C:\Windows\SysWOW64\drivers\gmreadme.txt - Ok
C:\Windows\SysWOW64\de-DE\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui - Ok
C:\Windows\SysWOW64\el-GR\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui - Ok
C:\Windows\SysWOW64\el-GR\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\fms.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui - Ok
>>C:\Windows\SysWOW64\drivers\wimmount.sys - packed by FLY-CODE
C:\Windows\SysWOW64\en-US\aaclient.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\mlang.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acledit.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acppage.dll.mui - Ok
C:\Windows\SysWOW64\en-US\ActionCenter.dll.mui - Ok
C:\Windows\SysWOW64\en-US\accessibilitycpl.dll.mui - Ok
C:\Windows\SysWOW64\IME\IMETC10\applets\MSHWCHTRIME.dll - Ok
C:\Windows\SysWOW64\drivers\gm.dls - Ok
C:\Windows\SysWOW64\en-US\activeds.dll.mui - Ok
C:\Windows\SysWOW64\en-US\ActionCenterCPL.dll.mui - Ok
C:\Windows\SysWOW64\drivers\wimmount.sys - Ok
C:\Windows\SysWOW64\en-US\aclui.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acctres.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AdapterTroubleshooter.exe.mui - Ok
C:\Windows\SysWOW64\el-GR\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsldp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adprovider.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsldpc.dll.mui - Ok
C:\Windows\SysWOW64\en-US\admparse.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsmsext.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsnt.dll.mui - Ok
C:\Windows\SysWOW64\en-US\amstream.dll.mui - Ok
C:\Windows\SysWOW64\en-US\aelupsvc.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AltTab.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apilogen.dll.mui - Ok
C:\Windows\SysWOW64\en-US\aeevts.dll.mui - Ok
C:\Windows\SysWOW64\en-US\advpack.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apircl.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apds.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apphelp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\Apphlpdm.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apss.dll.mui - Ok
C:\Windows\SysWOW64\en-US\arp.exe.mui - Ok
C:\Windows\SysWOW64\en-US\appidapi.dll.mui - Ok
C:\Windows\SysWOW64\en-US\appwiz.cpl.mui - Ok
C:\Windows\SysWOW64\en-US\at.exe.mui - Ok
C:\Windows\SysWOW64\en-US\atl.dll.mui - Ok
C:\Windows\SysWOW64\en-US\asferror.dll.mui - Ok
C:\Windows\SysWOW64\en-US\attrib.exe.mui - Ok
C:\Windows\SysWOW64\en-US\AtBroker.exe.mui - Ok
C:\Windows\SysWOW64\en-US\audiodg.exe.mui - Ok
C:\Windows\SysWOW64\en-US\AudioSrv.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AudioSes.dll.mui - Ok
C:\Windows\SysWOW64\en-US\authfwgp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\auditpol.exe.mui - Ok
C:\Windows\SysWOW64\en-US\audiodev.dll.mui - Ok
C:\Windows\SysWOW64\en-US\authui.dll.mui - Ok>c:\windows\syswow64\imaadp32.acm - packed by FLY-CODE
c:\windows\syswow64\imaadp32.acm - Ok
c:\windows\syswow64\imagehlp.dll - Ok
c:\windows\syswow64\imm32.dll - Ok
c:\windows\syswow64\intelcphecisvc.exe - Ok
c:\windows\syswow64\iuseventlog.dll - Ok
>c:\windows\syswow64\iyuv_32.dll - packed by FLY-CODE
c:\windows\syswow64\iyuv_32.dll - Ok
c:\windows\syswow64\jscript9.dll - Ok
c:\windows\syswow64\kernel32.dll - Ok
c:\windows\syswow64\kernelbase.dll - Ok
c:\windows\syswow64\ksproxy.ax - Ok
c:\windows\syswow64\l3codeca.acm - Ok
c:\windows\syswow64\lpk.dll - Ok
c:\windows\syswow64\midimap.dll - Ok
c:\windows\syswow64\msacm32.drv - Ok
c:\windows\syswow64\msadp32.acm - Ok
c:\windows\syswow64\msasn1.dll - Ok
c:\windows\syswow64\mscms.dll - Ok
c:\windows\syswow64\mscoree.dll - Ok
c:\windows\syswow64\mscories.dll - Ok
c:\windows\syswow64\msctf.dll - Ok
c:\windows\syswow64\msg711.acm - Ok
c:\windows\syswow64\msgsm32.acm - Ok
c:\windows\syswow64\mshtml.dll - Ok
c:\windows\syswow64\msrle32.dll - Ok
c:\windows\syswow64\msv1_0.dll - Ok
c:\windows\syswow64\msvbvm60.dll - Ok
c:\windows\syswow64\msvcrt.dll - Ok
c:\windows\syswow64\msvidc32.dll - Ok
c:\windows\syswow64\msvidctl.dll - Ok
c:\windows\syswow64\msyuv.dll - Ok
c:\windows\syswow64\normaliz.dll - Ok
>c:\windows\syswow64\nsi.dll - packed by FLY-CODE
c:\windows\syswow64\nsi.dll - Ok
c:\windows\syswow64\ntdll.dll - Ok
>c:\windows\syswow64\ole32.dll is BINARYRES container
c:\windows\syswow64\ole32.dll - container
c:\windows\syswow64\oleacc.dll - Ok
c:\windows\syswow64\oleaut32.dll - Ok
c:\windows\syswow64\perfhost.exe - Ok
c:\windows\syswow64\profapi.dll - Ok
c:\windows\syswow64\psapi.dll - Ok
>c:\windows\syswow64\regsvr32.exe - packed by FLY-CODE
c:\windows\syswow64\regsvr32.exe - Ok
c:\windows\syswow64\rpcrt4.dll - Ok
c:\windows\syswow64\rpcrtremote.dll - Ok
c:\windows\syswow64\rundll32.exe - Ok
c:\windows\syswow64\scecli.dll - Ok
c:\windows\syswow64\schannel.dll - Ok
c:\windows\syswow64\sechost.dll - Ok
c:\windows\syswow64\setupapi.dll - Ok
c:\windows\syswow64\shell32.dll - Ok
c:\windows\syswow64\shlwapi.dll - Ok
c:\windows\syswow64\sirenacm.dll - Ok
c:\windows\syswow64\sspicli.dll - Ok
c:\windows\syswow64\sxs.dll - Ok
c:\windows\syswow64\taskschd.dll - Ok
c:\windows\syswow64\tsbyuv.dll - Ok
c:\windows\syswow64\uiautomationcore.dll - Ok
c:\windows\syswow64\urlmon.dll - Ok
c:\windows\syswow64\user32.dll - Ok
c:\windows\syswow64\userenv.dll - Ok
c:\windows\syswow64\userinit.exe - Ok
c:\windows\syswow64\usp10.dll - Ok
c:\windows\syswow64\vbscript.dll - Ok
c:\windows\syswow64\version.dll - Ok
c:\windows\syswow64\wdmaud.drv - Ok
c:\windows\syswow64\webcheck.dll - Ok
c:\windows\syswow64\wer.dll - Ok
c:\windows\syswow64\winhttp.dll - Ok
c:\windows\syswow64\wininet.dll - Ok
c:\windows\syswow64\wintrust.dll - Ok
c:\windows\syswow64\wldap32.dll - Ok
c:\windows\syswow64\wlgpclnt.dll - Ok
c:\windows\syswow64\ws2_32.dll - Ok
c:\windows\syswow64\xmllite.dll - Ok
c:\windows\twain_32.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\atl90.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll - Ok
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - Ok
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - Ok
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - Ok
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll - Ok
Process :0 - read error
Process System:4 - read error
Process C:\Windows\System32\smss.exe:392 - Ok
Process C:\Windows\System32\csrss.exe:572 - Ok
Process C:\Windows\System32\wininit.exe:628 - Ok
Process C:\Windows\System32\csrss.exe:652 - Ok
Process C:\Windows\System32\services.exe:696 - Ok
Process C:\Windows\System32\lsass.exe:712 - Ok
Process C:\Windows\System32\lsm.exe:720 - Ok
Process C:\Windows\System32\winlogon.exe:804 - Ok
Process C:\Windows\System32\svchost.exe:868 - Ok
Process C:\Windows\System32\svchost.exe:948 - Ok
Process C:\Windows\System32\svchost.exe:180 - Ok
Process C:\Windows\System32\svchost.exe:404 - Ok
Process C:\Windows\System32\svchost.exe:604 - Ok
Process C:\Windows\System32\svchost.exe:1064 - Ok
Process C:\Windows\System32\svchost.exe:1168 - Ok
Process C:\Windows\System32\wisptis.exe:1236 - Ok
Process C:\Windows\System32\wisptis.exe:1356 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:1364 - Ok
Process C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe:1424 - Ok
Process C:\Windows\System32\dwm.exe:1468 - Ok
Process C:\Windows\explorer.exe:1496 - Ok
Process C:\Windows\System32\FBAgent.exe:1580 - Ok
Process C:\Windows\System32\wlanext.exe:1588 - Ok
Process C:\Windows\System32\conhost.exe:1596 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe:1624 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe:1680 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe:1688 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe:1764 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe:1788 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe:1804 - Ok
Process C:\Windows\System32\spoolsv.exe:1848 - Ok
Process C:\Windows\System32\taskhost.exe:1864 - Ok
Process C:\Windows\System32\svchost.exe:1928 - Ok
Process C:\Windows\System32\svchost.exe:1960 - Ok
Process C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe:1116 - Ok
Process C:\Program Files\Intel\iCLS Client\HeciServer.exe:1492 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe:2104 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe:2132 - Ok
Process C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE:2244 - Ok
Process C:\Windows\System32\taskeng.exe:2264 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe:2336 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe:2376 - Ok
Process C:\Windows\System32\taskeng.exe:2384 - Ok
Process C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe:2404 - Ok
Process C:\Program Files\ASUS\P4G\BatteryLife.exe:2436 - Ok
Process C:\Windows\System32\svchost.exe:2472 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE:2532 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE:2812 - Ok
Process C:\Windows\System32\wbem\WmiPrvSE.exe:3012 - Ok
Process C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe:2512 - Ok
Process C:\Windows\System32\igfxtray.exe:3224 - Ok
Process C:\Program Files\Elantech\ETDCtrl.exe:3252 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe:3652 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe:3836 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe:3956 - Ok
Process C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe:3964 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe:3996 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe:4084 - Ok
Process C:\Program Files (x86)\ASUS\Splendid\ACMON.exe:184 - Ok
Process C:\Windows\SysWOW64\ACEngSvr.exe:2624 - Ok
Process C:\Windows\AsScrPro.exe:4324 - Ok
Process C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe:4496 - Ok
Process C:\Windows\System32\SearchIndexer.exe:4652 - Ok
Process C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe:4712 - Ok
Process C:\Program Files\Elantech\ETDCtrlHelper.exe:5088 - Ok
Process C:\Program Files\Elantech\ETDGesture.exe:5100 - Ok
Process C:\Windows\System32\igfxpers.exe:3624 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe:4520 - Ok
Process C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe:4624 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe:3104 - Ok
Process C:\Windows\System32\svchost.exe:2648 - Ok
Process C:\Program Files\Windows Media Player\wmpnetwk.exe:2312 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe:2172 - Ok
Process C:\Windows\System32\svchost.exe:3816 - Ok
Process C:\Windows\System32\svchost.exe:1412 - Ok
Process C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe:896 - Ok
Process C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe:3636 - Ok
Process C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe:1096 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe:6028 - Ok
Process C:\Windows\System32\wuauclt.exe:3324 - Ok
Process C:\Program Files (x86)\Internet Explorer\iexplore.exe:5632 - Ok
Process audiodg.exe:6676 - read error
Process C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe:6892 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:3448 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\154BAA38-1AF7D060-B1523AF7-48BF6C62\m5n1qai9.exe:6500 - Ok
Process C:\Windows\System32\wbem\WmiPrvSE.exe:4300 - Ok
Process C:\Windows\SysWOW64\ctfmon.exe:4900 - Ok
Process C:\Users\Sad0r\Downloads\9vqdkcsj.exe:3548 - Ok
Process C:\Windows\System32\wisptis.exe:2280 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:5444 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\m5n1qai9.exe:6444 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\sqb6j920.exe:3696 - Ok
Process C:\Windows\SysWOW64\ctfmon.exe:4664 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\haqb421o.exe:6752 - Ok
HDD0 MBR - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\000b\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\000a\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0009\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\000e\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setup.exe - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0011\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0010\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0012\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0013\_setup.dll - Ok
>>C:\Windows\SysWOW64\xpsrchvw.exe is BINARYRES container
C:\Windows\SysWOW64\xpsrchvw.exe - container
C:\Windows\SysWOW64\InstallShield\setupdir\0014\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001b\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0019\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001d\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0015\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001a\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\001f\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0024\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0021\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\002d\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll - packed by FLY-CODE
>C:\Windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\0404\_setup.dll - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\001b\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001d\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0816\_setup.dll - Ok
C:\Windows\SysWOW64\MUI\0409\mscorees.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\001e\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashInstall.log - Ok
C:\Windows\SysWOW64\Macromed\Flash\flashplayer.xpt - Ok
>C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll - packed by FLY-CODE
C:\Windows\SysWOW64\InstallShield\setupdir\040c\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0416\_setup.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0804\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.dll - Ok
C:\Windows\SysWOW64\InstallShield\setupdir\0c0c\_setup.dll - Ok
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe - Ok
C:\Windows\SysWOW64\InstallShield\_isdel.exe - Ok
C:\Windows\SysWOW64\Macromed\Flash\install.log - Ok
C:\Windows\SysWOW64\Msdtc\Trace\msdtcvtr.bat - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_24.bin - Ok
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_FlashUtil.exe - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_24.bin - Ok
C:\Windows\SysWOW64\Msdtc\Trace\msdtctr.mof - Ok
>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe - packed by BINARYRES
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_16.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\bench_48.bin - Ok
>>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe is NSIS container
C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe - container
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_24.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\office_48.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_32.bin - Ok
C:\Windows\SysWOW64\NetworkList\Icons\StockIcons\house_48.bin - Ok
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx is BINARYRES container
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data001 - packed by BINARYRES
>>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data001 is WISE container
>C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll is BINARYRES container
>C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx\data002 is ZLIB container
>C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll\data002 is ZLIB container
C:\Windows\SysWOW64\Macromed\Flash\Flash10k.ocx - container
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll - container
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prndrvr.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnjobs.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prncnfg.vbs - Ok
C:\Windows\SysWOW64\Recovery\ReAgent.xml - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnport.vbs - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnmngr.vbs - Ok
C:\Windows\SysWOW64\RTCOM\RtkCfg.dll - Ok
C:\Windows\SysWOW64\Setup\cmmigr.dll - Ok
C:\Windows\SysWOW64\Setup\msdtcstp.dll - Ok
C:\Windows\SysWOW64\RTCOM\RTLCPAPI.dll - Ok
C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\prnqctl.vbs - Ok
C:\Windows\SysWOW64\Setup\pbkmigr.dll - Ok
C:\Windows\SysWOW64\Setup\tssysprep.dll - Ok
>C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll - packed by BINARYRES
C:\Windows\SysWOW64\IME\IMEJP10\APPLETS\mshwjpnrIME.dll - Ok
C:\Windows\SysWOW64\Setup\RasMigPlugin.dll - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\en-US\srloc.dll.mui - Ok
C:\Windows\SysWOW64\RTCOM\RTCOMDLL.dll - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\SpeechUXPS.DLL - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\en-US\sapi.cpl.mui - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\spsrx.dll - Ok
C:\Windows\SysWOW64\Speech\SpeechUX\sapi.cpl - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Certificate.format.ps1xml - Ok
C:\Windows\SysWOW64\Wat\WatWeb.dll - Ok
C:\Windows\SysWOW64\Setup\comsetup.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Diagnostics.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\DotNetTypes.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\getevent.types.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\CompiledComposition.Microsoft.PowerShell.GPowerShell.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\FileSystem.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellCore.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Help.format.ps1xml -

Sador27 · Nov 30, 2012

Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShellTrace.format.ps1xml - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\srloc.dll - Ok
C:\Windows\SysWOW64\WCN\en-US\Add_a_device_or_computer_to_a_network_usb.rtf - Ok
C:\Windows\SysWOW64\Speech\Common\sapi.dll - Ok
C:\Windows\SysWOW64\Wat\npWatWeb.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshsip.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pspluginwkr.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\WSMan.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\pwrshmsg.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\types.ps1xml - Ok
>C:\Windows\SysWOW64\Macromed\Flash\Flash9f.ocx is ZLIB container
C:\Windows\SysWOW64\Macromed\Flash\Flash9f.ocx - container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PSEvents.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDiagnostics\PSDiagnostics.psm1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Examples\profile.ps1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\Microsoft.BackgroundIntelligentTransfer.Management.Interop.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Registry.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe - Ok
C:\Windows\SysWOW64\Speech\Engines\SR\spsreng.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\BitsTransfer.Format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.format.ps1xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Assignment_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Break.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Automatic_Variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\TroubleshootingPack.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_command_precedence.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\TroubleshootingPack\en-US\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Command_Syntax.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_CommonParameters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comment_Based_Help.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Core_Commands.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_data_sections.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\about_BITS_Cmdlets.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Continue.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_do.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_environment_variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Comparison_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_escape_characters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_debuggers.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Foreach.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_eventlogs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_format.ps1xml.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_aliases.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Arithmetic_Operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_For.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_cmdletbindingattribute.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_parameters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_execution_policies.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_functions_advanced_methods.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_join.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_hash_tables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Language_Keywords.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_If.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_job_details.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_History.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_jobs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Line_Editing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_logical_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_modules.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_methods.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_objects.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Path_Syntax.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_locations.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pipelines.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Parsing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_parameters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_arrays.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_profiles.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_prompts.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_properties.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_providers.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Ref.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_regular_expressions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Quoting_Rules.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssessions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_PSSnapins.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Redirection.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitsTransfer\en-US\Microsoft.BackgroundIntelligentTransfer.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_jobs.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_pssession_details.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_output.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Reserved_Words.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Return.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_troubleshooting.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scopes.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_requires.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_blocks.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_scripts.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_requirements.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Signing.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Session_Configurations.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Special_Characters.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Switch.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_split.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Throw.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_transactions.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_script_internationalization.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_remote_FAQ.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_try_catch_finally.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_While.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_type_operators.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_trap.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_wildcards.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\ImportAllModules.psd1 - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WMI_Cmdlets.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_2.0.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_Windows_PowerShell_ISE.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_preference_variables.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\default.help.txt - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_WS-Management_Cmdlets.help.txt - Ok
>C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt is JS-HTML container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.ConsoleHost.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\about_types.ps1xml.help.txt - container
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Utility.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.Wsman.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Management.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\System.Management.Automation.dll-Help.xml - Ok
C:\Windows\SysWOW64\ar-SA\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\PSEvents.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Commands.Diagnostics.dll-Help.xml - Ok
C:\Windows\SysWOW64\ar-SA\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\fms.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\mlang.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\bg-BG\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\ar-SA\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\Microsoft.PowerShell.Security.dll-Help.xml - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\pspluginwkr.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell_ise.resources.dll - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\pwrshmsg.dll.mui - Ok
C:\Windows\SysWOW64\bg-BG\mlang.dll.mui - Ok
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\en-US\powershell.exe.mui - Ok
C:\Windows\SysWOW64\com\en-US\comrepl.exe.mui - Ok
C:\Windows\SysWOW64\com\mtsadmin.tlb - Ok
C:\Windows\SysWOW64\com\MigRegDB.exe - Ok
C:\Windows\SysWOW64\com\comrepl.exe - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat.LOG1 - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat.LOG2 - Ok
C:\Windows\SysWOW64\bg-BG\fms.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TMContainer00000000000000000001.regtrans-ms - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TM.blf - Ok
C:\Windows\SysWOW64\com\en-US\MigRegDB.exe.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\12236C41CDDF9E40BA5606CDF086B821 - Ok
C:\Windows\SysWOW64\config\systemprofile\NtUser.dat{a7373d3c-fd02-11e1-a951-10bf4814a4a0}.TMContainer00000000000000000002.regtrans-ms - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F39B5CFACECFDE48DB25BCA2231FAC6_A009C7B69A12C106CE3C001E25215EF6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\23B523C9E7746F715D33C6527C18EB9D - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1F356F4D07FE8C483E769E4586569404 - Ok
C:\Windows\SysWOW64\bg-BG\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_B1EA2EEB7B2EECB0D01D03D723235157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A - Ok
C:\Windows\SysWOW64\com\comempty.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 - Ok
>C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 is CAB archive
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - archive
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\696F3DE637E6DE85B458996D49D759AD - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6B7AED56F69397028F35E77E6DD681FC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7396C420A8E1BC1DA97F1AF0D10BAD21 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_5442B1CAC753FE77C0664BB0A0BCD11E - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A1377F7115F1F126A15360369B165211 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7B8944BA8AD0EFDF0E01A43EF62BECD0_8F1D61A8F3972EC32F057A8D84A206BB - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B8CC409ACDBF2A2FE04C56F2875B1FD6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F4D9C889B7AEBCF4E1A2DAABC5C3628A_26D94F4F4D66B03ED659992699BD1977 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B90B117906B8A74C79D1BC450C2B94B1_D4A257FA65F272581CA61DD756EA3A4C - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F356F4D07FE8C483E769E4586569404 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\12236C41CDDF9E40BA5606CDF086B821 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\23B523C9E7746F715D33C6527C18EB9D - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1F39B5CFACECFDE48DB25BCA2231FAC6_A009C7B69A12C106CE3C001E25215EF6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F90F18257CBB4D84216AC1E1F3BB2C76 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B69D763EB21649DA26F20618312DEE70 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_5459F68426E422817E179A6A1EB79BD5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_46CCCFB940A93F39A734F69EFCDD76E9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_B1CB1333D42495D9A10D2CAA47E4B14A - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_B1EA2EEB7B2EECB0D01D03D723235157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_D734EC3DD00546F46D368325396086B0 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6B7AED56F69397028F35E77E6DD681FC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7396C420A8E1BC1DA97F1AF0D10BAD21 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\696F3DE637E6DE85B458996D49D759AD - Ok
C:\Windows\SysWOW64\com\comadmin.dll - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_5442B1CAC753FE77C0664BB0A0BCD11E - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7B8944BA8AD0EFDF0E01A43EF62BECD0_8F1D61A8F3972EC32F057A8D84A206BB - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D266D9E1E69FA1EEFB9699B009B34C8_0A9BFDD75B598C2110CBF610C078E6E6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A1377F7115F1F126A15360369B165211 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\955CAB6FF6A24D5820D50B5BA1CF79C7_AD9E7615297A3A83320AACE5801A04F9 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B8CC409ACDBF2A2FE04C56F2875B1FD6 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_A54F26A8A41DE52C237D54D67F12793F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B69D763EB21649DA26F20618312DEE70 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F4D9C889B7AEBCF4E1A2DAABC5C3628A_26D94F4F4D66B03ED659992699BD1977 - Ok
C:\Windows\SysWOW64\bg-BG\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B90B117906B8A74C79D1BC450C2B94B1_D4A257FA65F272581CA61DD756EA3A4C - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F72943F1E01540BBACB5396C76DD6AAA - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F90F18257CBB4D84216AC1E1F3BB2C76 - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C3948BE6E525B8A8CEE9FAC91C9E392_D5DDFAB42EFB0088195E950E60A6F50F - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\userinfo.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\shortcut_ex.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\desktop.ini - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F72943F1E01540BBACB5396C76DD6AAA - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\19ECED02-79F0-49B6-B7BB-860D71DDC6FF.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\223CB80F-BF00-4A45-8771-9386801BC375.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\015E617E-DEB9-4983-A3B7-B8D15D0B8240.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\15B42A0D-9D2A-40F4-A56A-F3FCA3C5D3DD.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\21BF25AE-CE7B-4A21-983A-60511B54A60C.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\028C43E4-332A-49A2-9B30-4137CD1526FD.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\56C1830D-C703-4115-8A48-97E5AD3CF749.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\4976FE26-8FE8-42E3-BD2D-40110515079F.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\4C11754D-03F6-49F1-B449-FA7F14960283.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\6173CA10-3172-4295-9EE0-C79EAB8F6009.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\58C6E65E-7A95-43CB-9F14-712D47E4F424.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\668AFF5E-BBC4-41F1-92D6-FA0573E58F85.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\7394FA0C-49BD-4FF1-B20A-BFA7247B13D1.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\6ED19C26-E177-4162-953C-8707A04C376A.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\69F4DD7C-9C07-488D-98B2-8E36D72B7990.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\842E70D0-67EF-4F17-9D9A-8CD56AEECB27.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\7954E669-786A-4D63-95FF-A6D590F934FC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\72C28BEA-274E-4554-951B-5FB62AC294F1.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\92169EF5-DD94-412B-B9FF-AF3907994B65.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\84BABD6A-9AFA-4A76-B5EB-FF3A24C27F90.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\72477CC5-5089-43A6-B2AE-01755D0B06A9.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\A73BB809-FF88-4AE3-97EF-7A95A517C8AC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\97881A23-0229-48E7-89F2-061DAE034ABB.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\9B032707-BFD7-49D8-9114-E648CBCCF93C.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\9B5204C4-3227-4793-BD9E-77A30E99A444.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\ACB81905-DDA6-4DDB-9B81-3CCD695281FE.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\A9ADAFFB-6E49-4A17-B5EF-7C2C2C8729F8.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B0208B4C-D6D7-4011-830D-054AB2E22E23.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B18A9B1D-6F6F-4841-85FE-62BFC8CD8131.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B0BF5D83-27FE-4AFB-A01B-EEDBDE3DCD75.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B3DDFDFF-A4EF-4A46-ADA2-E11D5F6F11BA.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B1E40267-B39B-442D-8186-0C2C3B88842F.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\B98D8E2C-BF61-4161-97CF-8FDACD1E9F35.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\C6493F7D-7400-4C23-B81C-C2B22EA26ADC.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CF170C7D-B437-4D37-ADA0-1A89CEB4E271.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\D522E952-1C06-4CF2-8380-B80EED6CCB3D.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CFBE320B-B12B-4194-A66B-3BEB591E6757.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\CB3C3A63-39FC-4E99-9409-D70E5B9AA0BE.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\E0EE97E5-626C-4DE7-8C80-E4EFAFC13338.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\D7480C34-B3DC-4CAB-B722-8DD0BEBB9552.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\99732B8A-DEC3-41C2-B32E-0BCAC0197C22.ico - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\F3DAE6D4-CDC2-4A0E-A049-D1C0A153419C.ico - Ok
C:\Windows\SysWOW64\cs-CZ\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\mlang.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\fms.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\fms.dll.mui - Ok
C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat - Ok
C:\Windows\SysWOW64\da-DK\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\mlang.dll.mui - Ok
C:\Windows\SysWOW64\cs-CZ\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\drivers\1043_ASUSTEK_K55A_K55VD_V20_WIN7.MRK - Ok
C:\Windows\SysWOW64\de-DE\mlang.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\da-DK\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\drivers\AiCharger.sys - Ok
C:\Windows\SysWOW64\de-DE\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\fms.dll.mui - Ok
C:\Windows\SysWOW64\de-DE\comdlg32.dll.mui - Ok
>C:\Windows\SysWOW64\drivers\wimmount.sys - packed by FLY-CODE
C:\Windows\SysWOW64\drivers\gmreadme.txt - Ok
C:\Windows\SysWOW64\de-DE\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\qwavedrv.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\scfilter.sys.mui - Ok
C:\Windows\SysWOW64\el-GR\comctl32.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\pacer.sys.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\tcpip.sys.mui - Ok
C:\Windows\SysWOW64\el-GR\cdosys.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\fms.dll.mui - Ok
C:\Windows\SysWOW64\drivers\en-US\bfe.dll.mui - Ok
>>C:\Windows\SysWOW64\drivers\wimmount.sys - packed by FLY-CODE
C:\Windows\SysWOW64\en-US\aaclient.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\msprivs.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\comdlg32.dll.mui - Ok
C:\Windows\SysWOW64\el-GR\mlang.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acledit.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acppage.dll.mui - Ok
C:\Windows\SysWOW64\en-US\ActionCenter.dll.mui - Ok
C:\Windows\SysWOW64\en-US\accessibilitycpl.dll.mui - Ok
C:\Windows\SysWOW64\IME\IMETC10\applets\MSHWCHTRIME.dll - Ok
C:\Windows\SysWOW64\drivers\gm.dls - Ok
C:\Windows\SysWOW64\en-US\activeds.dll.mui - Ok
C:\Windows\SysWOW64\en-US\ActionCenterCPL.dll.mui - Ok
C:\Windows\SysWOW64\drivers\wimmount.sys - Ok
C:\Windows\SysWOW64\en-US\aclui.dll.mui - Ok
C:\Windows\SysWOW64\en-US\acctres.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AdapterTroubleshooter.exe.mui - Ok
C:\Windows\SysWOW64\el-GR\msimsg.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsldp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adprovider.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsldpc.dll.mui - Ok
C:\Windows\SysWOW64\en-US\admparse.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsmsext.dll.mui - Ok
C:\Windows\SysWOW64\en-US\adsnt.dll.mui - Ok
C:\Windows\SysWOW64\en-US\amstream.dll.mui - Ok
C:\Windows\SysWOW64\en-US\aelupsvc.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AltTab.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apilogen.dll.mui - Ok
C:\Windows\SysWOW64\en-US\aeevts.dll.mui - Ok
C:\Windows\SysWOW64\en-US\advpack.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apircl.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apds.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apphelp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\Apphlpdm.dll.mui - Ok
C:\Windows\SysWOW64\en-US\apss.dll.mui - Ok
C:\Windows\SysWOW64\en-US\arp.exe.mui - Ok
C:\Windows\SysWOW64\en-US\appidapi.dll.mui - Ok
C:\Windows\SysWOW64\en-US\appwiz.cpl.mui - Ok
C:\Windows\SysWOW64\en-US\at.exe.mui - Ok
C:\Windows\SysWOW64\en-US\atl.dll.mui - Ok
C:\Windows\SysWOW64\en-US\asferror.dll.mui - Ok
C:\Windows\SysWOW64\en-US\attrib.exe.mui - Ok
C:\Windows\SysWOW64\en-US\AtBroker.exe.mui - Ok
C:\Windows\SysWOW64\en-US\audiodg.exe.mui - Ok
C:\Windows\SysWOW64\en-US\AudioSrv.dll.mui - Ok
C:\Windows\SysWOW64\en-US\AudioSes.dll.mui - Ok
C:\Windows\SysWOW64\en-US\authfwgp.dll.mui - Ok
C:\Windows\SysWOW64\en-US\auditpol.exe.mui - Ok
C:\Windows\SysWOW64\en-US\audiodev.dll.mui - Ok
C:\Windows\SysWOW64\en-US\authui.dll.mui - Ok>c:\windows\syswow64\imaadp32.acm - packed by FLY-CODE
c:\windows\syswow64\imaadp32.acm - Ok
c:\windows\syswow64\imagehlp.dll - Ok
c:\windows\syswow64\imm32.dll - Ok
c:\windows\syswow64\intelcphecisvc.exe - Ok
c:\windows\syswow64\iuseventlog.dll - Ok
>c:\windows\syswow64\iyuv_32.dll - packed by FLY-CODE
c:\windows\syswow64\iyuv_32.dll - Ok
c:\windows\syswow64\jscript9.dll - Ok
c:\windows\syswow64\kernel32.dll - Ok
c:\windows\syswow64\kernelbase.dll - Ok
c:\windows\syswow64\ksproxy.ax - Ok
c:\windows\syswow64\l3codeca.acm - Ok
c:\windows\syswow64\lpk.dll - Ok
c:\windows\syswow64\midimap.dll - Ok
c:\windows\syswow64\msacm32.drv - Ok
c:\windows\syswow64\msadp32.acm - Ok
c:\windows\syswow64\msasn1.dll - Ok
c:\windows\syswow64\mscms.dll - Ok
c:\windows\syswow64\mscoree.dll - Ok
c:\windows\syswow64\mscories.dll - Ok
c:\windows\syswow64\msctf.dll - Ok
c:\windows\syswow64\msg711.acm - Ok
c:\windows\syswow64\msgsm32.acm - Ok
c:\windows\syswow64\mshtml.dll - Ok
c:\windows\syswow64\msrle32.dll - Ok
c:\windows\syswow64\msv1_0.dll - Ok
c:\windows\syswow64\msvbvm60.dll - Ok
c:\windows\syswow64\msvcrt.dll - Ok
c:\windows\syswow64\msvidc32.dll - Ok
c:\windows\syswow64\msvidctl.dll - Ok
c:\windows\syswow64\msyuv.dll - Ok
c:\windows\syswow64\normaliz.dll - Ok
>c:\windows\syswow64\nsi.dll - packed by FLY-CODE
c:\windows\syswow64\nsi.dll - Ok
c:\windows\syswow64\ntdll.dll - Ok
>c:\windows\syswow64\ole32.dll is BINARYRES container
c:\windows\syswow64\ole32.dll - container
c:\windows\syswow64\oleacc.dll - Ok
c:\windows\syswow64\oleaut32.dll - Ok
c:\windows\syswow64\perfhost.exe - Ok
c:\windows\syswow64\profapi.dll - Ok
c:\windows\syswow64\psapi.dll - Ok
>c:\windows\syswow64\regsvr32.exe - packed by FLY-CODE
c:\windows\syswow64\regsvr32.exe - Ok
c:\windows\syswow64\rpcrt4.dll - Ok
c:\windows\syswow64\rpcrtremote.dll - Ok
c:\windows\syswow64\rundll32.exe - Ok
c:\windows\syswow64\scecli.dll - Ok
c:\windows\syswow64\schannel.dll - Ok
c:\windows\syswow64\sechost.dll - Ok
c:\windows\syswow64\setupapi.dll - Ok
c:\windows\syswow64\shell32.dll - Ok
c:\windows\syswow64\shlwapi.dll - Ok
c:\windows\syswow64\sirenacm.dll - Ok
c:\windows\syswow64\sspicli.dll - Ok
c:\windows\syswow64\sxs.dll - Ok
c:\windows\syswow64\taskschd.dll - Ok
c:\windows\syswow64\tsbyuv.dll - Ok
c:\windows\syswow64\uiautomationcore.dll - Ok
c:\windows\syswow64\urlmon.dll - Ok
c:\windows\syswow64\user32.dll - Ok
c:\windows\syswow64\userenv.dll - Ok
c:\windows\syswow64\userinit.exe - Ok
c:\windows\syswow64\usp10.dll - Ok
c:\windows\syswow64\vbscript.dll - Ok
c:\windows\syswow64\version.dll - Ok
c:\windows\syswow64\wdmaud.drv - Ok
c:\windows\syswow64\webcheck.dll - Ok
c:\windows\syswow64\wer.dll - Ok
c:\windows\syswow64\winhttp.dll - Ok
c:\windows\syswow64\wininet.dll - Ok
c:\windows\syswow64\wintrust.dll - Ok
c:\windows\syswow64\wldap32.dll - Ok
c:\windows\syswow64\wlgpclnt.dll - Ok
c:\windows\syswow64\ws2_32.dll - Ok
c:\windows\syswow64\xmllite.dll - Ok
c:\windows\twain_32.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcp80.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4940_none_88df89932faf0bf6\msvcr80.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\atl90.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcp90.dll - Ok
c:\windows\winsxs\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251\msvcr90.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll - Ok
c:\windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_2b253c8271ec7765\gdiplus.dll - Ok
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll - Ok
c:\windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll - Ok
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll - Ok
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll - Ok
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll - Ok
Process :0 - read error
Process System:4 - read error
Process C:\Windows\System32\smss.exe:392 - Ok
Process C:\Windows\System32\csrss.exe:572 - Ok
Process C:\Windows\System32\wininit.exe:628 - Ok
Process C:\Windows\System32\csrss.exe:652 - Ok
Process C:\Windows\System32\services.exe:696 - Ok
Process C:\Windows\System32\lsass.exe:712 - Ok
Process C:\Windows\System32\lsm.exe:720 - Ok
Process C:\Windows\System32\winlogon.exe:804 - Ok
Process C:\Windows\System32\svchost.exe:868 - Ok
Process C:\Windows\System32\svchost.exe:948 - Ok
Process C:\Windows\System32\svchost.exe:180 - Ok
Process C:\Windows\System32\svchost.exe:404 - Ok
Process C:\Windows\System32\svchost.exe:604 - Ok
Process C:\Windows\System32\svchost.exe:1064 - Ok
Process C:\Windows\System32\svchost.exe:1168 - Ok
Process C:\Windows\System32\wisptis.exe:1236 - Ok
Process C:\Windows\System32\wisptis.exe:1356 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:1364 - Ok
Process C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe:1424 - Ok
Process C:\Windows\System32\dwm.exe:1468 - Ok
Process C:\Windows\explorer.exe:1496 - Ok
Process C:\Windows\System32\FBAgent.exe:1580 - Ok
Process C:\Windows\System32\wlanext.exe:1588 - Ok
Process C:\Windows\System32\conhost.exe:1596 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe:1624 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe:1680 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe:1688 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe:1764 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe:1788 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe:1804 - Ok
Process C:\Windows\System32\spoolsv.exe:1848 - Ok
Process C:\Windows\System32\taskhost.exe:1864 - Ok
Process C:\Windows\System32\svchost.exe:1928 - Ok
Process C:\Windows\System32\svchost.exe:1960 - Ok
Process C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe:1116 - Ok
Process C:\Program Files\Intel\iCLS Client\HeciServer.exe:1492 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe:2104 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe:2132 - Ok
Process C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE:2244 - Ok
Process C:\Windows\System32\taskeng.exe:2264 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe:2336 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe:2376 - Ok
Process C:\Windows\System32\taskeng.exe:2384 - Ok
Process C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe:2404 - Ok
Process C:\Program Files\ASUS\P4G\BatteryLife.exe:2436 - Ok
Process C:\Windows\System32\svchost.exe:2472 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE:2532 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE:2812 - Ok
Process C:\Windows\System32\wbem\WmiPrvSE.exe:3012 - Ok
Process C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe:2512 - Ok
Process C:\Windows\System32\igfxtray.exe:3224 - Ok
Process C:\Program Files\Elantech\ETDCtrl.exe:3252 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe:3652 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe:3836 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe:3956 - Ok
Process C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe:3964 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe:3996 - Ok
Process C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe:4084 - Ok
Process C:\Program Files (x86)\ASUS\Splendid\ACMON.exe:184 - Ok
Process C:\Windows\SysWOW64\ACEngSvr.exe:2624 - Ok
Process C:\Windows\AsScrPro.exe:4324 - Ok
Process C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe:4496 - Ok
Process C:\Windows\System32\SearchIndexer.exe:4652 - Ok
Process C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe:4712 - Ok
Process C:\Program Files\Elantech\ETDCtrlHelper.exe:5088 - Ok
Process C:\Program Files\Elantech\ETDGesture.exe:5100 - Ok
Process C:\Windows\System32\igfxpers.exe:3624 - Ok
Process C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe:4520 - Ok
Process C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe:4624 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe:3104 - Ok
Process C:\Windows\System32\svchost.exe:2648 - Ok
Process C:\Program Files\Windows Media Player\wmpnetwk.exe:2312 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe:2172 - Ok
Process C:\Windows\System32\svchost.exe:3816 - Ok
Process C:\Windows\System32\svchost.exe:1412 - Ok
Process C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe:896 - Ok
Process C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe:3636 - Ok
Process C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe:1096 - Ok
Process C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe:6028 - Ok
Process C:\Windows\System32\wuauclt.exe:3324 - Ok
Process C:\Program Files (x86)\Internet Explorer\iexplore.exe:5632 - Ok
Process audiodg.exe:6676 - read error
Process C:\Program Files (x86)\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe:6892 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:3448 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\154BAA38-1AF7D060-B1523AF7-48BF6C62\m5n1qai9.exe:6500 - Ok
Process C:\Windows\System32\wbem\WmiPrvSE.exe:4300 - Ok
Process C:\Windows\SysWOW64\ctfmon.exe:4900 - Ok
Process C:\Users\Sad0r\Downloads\9vqdkcsj.exe:3548 - Ok
Process C:\Windows\System32\wisptis.exe:2280 - Ok
Process C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe:5444 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\m5n1qai9.exe:6444 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\sqb6j920.exe:3696 - Ok
Process C:\Windows\SysWOW64\ctfmon.exe:4664 - Ok
Process C:\Users\Sad0r\AppData\Local\Temp\B47A04B5-6F2BE766-8945642B-C82B1923\haqb421o.exe:6752 - Ok
HDD0 MBR - Ok

Sador27 · Nov 30, 2012

And have found multiple cases of mshta.exe and a collection in windows been sed.exe, SWREG.exe, SWSC.exe and SWXCACLS.exe all saying modified at a very wrong time stamp e.g created:Monday, ‎19 ‎November ‎2012, ‏‎10:21:34 PM yet all mdified :‎Thursday, ‎31 ‎August ‎2000, ‏‎10:00:00 AM

Sador27 · Nov 30, 2012

ND I FOUND THIS INFO:: Do they look like these (which are legit and valid) or something else?

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe

The default for the registry key includes a comma at the end so your ok.
The entry could also show up without a common because it would be seen as differing from the default...but that still does not make it bad.

Userinit is a registry key that specifies what program should be launched right after a user logs into Windows and is responsible for restoring profile, fonts, colors, etc for your user name. Programs can be added that will launch from the userinit key by separating the programs with a comma. When userinit contains a comma (,) it may or may not be a bad entry. However, when it is linked to another file (I.e. UserInit=userinit,nddeagnt.exe) it is usually bad. This linking allows both programs to run when you log in and is a common place for Trojans, hijackers, and spyware to launch from.

Examples of bad entries:
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,kill.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe

AND MY old hijackthis logs show......F2 - REG:system.ini: UserInit=userinit.exe

Jay Pfoutz · Nov 30, 2012

All of it looks safe, to be honest.

What other issues are happening at this time?

Jay Pfoutz · Dec 5, 2012

Hello! Are you still with us? Your topic is now marked inactive, because you have lacked to reply.

However, we'd like to still help. Please update us on the state of your PC.

TechSpot

Welcome to TechSpot

Highly infected laptop

Jay Pfoutz Malware Helper Posts: 4,286 +49

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Sador27 Newcomer, in training Posts: 24

Jay Pfoutz Malware Helper Posts: 4,286 +49

Jay Pfoutz Malware Helper Posts: 4,286 +49

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.