GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-11-15 19:49:08 Windows 6.2.9200 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SJ rev.1AJ10001 931,51GB Running: 4gv8hsne.exe; Driver: C:\Users\Anulka\AppData\Local\Temp\pwldrpoc.sys ---- Kernel code sections - GMER 2.2 ---- .text ntoskrnl.exe!ExfUnblockPushLock + 1549 8179D8CD 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 24C 817A1C9C 2 Bytes [66, 90] {NOP } .text ntoskrnl.exe!KiDispatchInterrupt + 4AC 817A1EFC 2 Bytes [66, 90] {NOP } .text ntoskrnl.exe!KiDispatchInterrupt + 602 817A2052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ---- User code sections - GMER 2.2 ---- .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!FillRect 76066470 5 Bytes JMP 01E1F27A .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!LoadImageW 7606C790 5 Bytes JMP 01E1F43A .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!LoadIconW 7606E240 5 Bytes JMP 01E1F3CA .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!DrawEdge 7606FC80 5 Bytes JMP 01E1F2EA .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!GetSysColor 760740D0 5 Bytes JMP 01E1F19A .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!GetSysColorBrush 7607A100 5 Bytes JMP 01E1F20A .text C:\Program Files\Napisy24\Napisy24.exe[108] user32.dll!DrawFrameControl 76085730 7 Bytes JMP 01E1F35A .text C:\Program Files\Napisy24\Napisy24.exe[108] ws2_32.dll!connect 77724CF0 5 Bytes JMP 00BC002D .text C:\Program Files\Napisy24\Napisy24.exe[108] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 00BC0095 .text C:\Program Files\Napisy24\Napisy24.exe[108] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 00BC00C9 .text C:\Program Files\Napisy24\Napisy24.exe[108] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00BC0061 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[992] WS2_32.dll!connect 77724CF0 5 Bytes JMP 0294002D .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[992] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 02940095 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[992] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 029400C9 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[992] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 02940061 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3388] WS2_32.dll!connect 77724CF0 5 Bytes JMP 00AD002D .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3388] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 00AD0095 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3388] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 00AD00C9 .text C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe[3388] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00AD0061 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[4228] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001D002D .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[4228] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001D0095 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[4228] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001D00C9 .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[4228] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001D0061 .text C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4392] ws2_32.dll!connect 77724CF0 5 Bytes JMP 008D002D .text C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4392] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 008D0095 .text C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4392] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 008D00C9 .text C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe[4392] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 008D0061 .text C:\Program Files\HitmanPro\HitmanPro.exe[4400] WS2_32.dll!GetAddrInfoW 7772AF10 5 Bytes JMP 00BCB660 C:\Program Files\HitmanPro\HitmanPro.exe .text C:\WINDOWS\system32\sihost.exe[4448] ws2_32.dll!connect 77724CF0 5 Bytes JMP 025C002D .text C:\WINDOWS\system32\sihost.exe[4448] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 025C0095 .text C:\WINDOWS\system32\sihost.exe[4448] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 025C00C9 .text C:\WINDOWS\system32\sihost.exe[4448] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 025C0061 .text C:\WINDOWS\Explorer.EXE[4592] WS2_32.dll!connect 77724CF0 5 Bytes JMP 0632002D .text C:\WINDOWS\Explorer.EXE[4592] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 06320095 .text C:\WINDOWS\Explorer.EXE[4592] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 063200C9 .text C:\WINDOWS\Explorer.EXE[4592] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 06320061 .text C:\Windows\System32\PrintDisp.exe[4708] ws2_32.dll!connect 77724CF0 5 Bytes JMP 016C002D .text C:\Windows\System32\PrintDisp.exe[4708] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 016C0095 .text C:\Windows\System32\PrintDisp.exe[4708] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 016C00C9 .text C:\Windows\System32\PrintDisp.exe[4708] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 016C0061 .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] ws2_32.dll!connect 77724CF0 5 Bytes JMP 0046002D .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 00460095 .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 004600C9 .text C:\ProgramData\DatacardService\DCSHelper.exe[4836] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00460061 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5172] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001C002D .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5172] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001C0095 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5172] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001C00C9 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[5172] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001C0061 .text C:\WINDOWS\system32\taskhostw.exe[5248] ws2_32.dll!connect 77724CF0 5 Bytes JMP 063E002D .text C:\WINDOWS\system32\taskhostw.exe[5248] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 063E0095 .text C:\WINDOWS\system32\taskhostw.exe[5248] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 063E00C9 .text C:\WINDOWS\system32\taskhostw.exe[5248] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 063E0061 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5276] WS2_32.dll!connect 77724CF0 5 Bytes JMP 011D002D .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5276] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 011D0095 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5276] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 011D00C9 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[5276] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 011D0061 .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] ntdll.dll!LdrLoadDll 77B12090 5 Bytes JMP 6B5B64A0 C:\Program Files\Mozilla Firefox\mozglue.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] KERNEL32.DLL!GetCurrentProcess + B 759A49BB 7 Bytes JMP 104B95DD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] KERNEL32.DLL!CreateFileMappingW + 1B 759A7CCB 7 Bytes JMP 104B87EB C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] KERNEL32.DLL!FlsAlloc + 1B 759A956B 7 Bytes JMP 101F870F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] WS2_32.dll!connect 77724CF0 5 Bytes JMP 0086002D .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 00860095 .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 008600C9 .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00860061 .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] USER32.dll!CallMsgFilterW + 95B 760618FB 7 Bytes JMP 110CD518 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] USER32.dll!CreateWindowExA 7606A0A0 5 Bytes JMP 1063CAEA C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] USER32.dll!CreateWindowExW 7606B8D0 5 Bytes JMP 101AC7B8 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[5516] GDI32.dll!MoveToEx + 3B 76285A5B 7 Bytes JMP 104B8097 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\foobar2000\foobar2000.exe[6020] ws2_32.dll!connect 77724CF0 5 Bytes JMP 022A002D .text C:\Program Files\foobar2000\foobar2000.exe[6020] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 022A0095 .text C:\Program Files\foobar2000\foobar2000.exe[6020] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 022A00C9 .text C:\Program Files\foobar2000\foobar2000.exe[6020] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 022A0061 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6104] ws2_32.dll!connect 77724CF0 5 Bytes JMP 00BD002D .text C:\Program Files\Windows Defender\MSASCuiL.exe[6104] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 00BD0095 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6104] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 00BD00C9 .text C:\Program Files\Windows Defender\MSASCuiL.exe[6104] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00BD0061 .text C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6220] ws2_32.dll!connect 77724CF0 5 Bytes JMP 0090002D .text C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6220] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 00900095 .text C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6220] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 009000C9 .text C:\Program Files\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe[6220] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00900061 .text C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6616] WS2_32.dll!connect 77724CF0 5 Bytes JMP 00AD002D .text C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6616] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 00AD0095 .text C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6616] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 00AD00C9 .text C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe[6616] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 00AD0061 .text C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6648] WS2_32.dll!connect 77724CF0 5 Bytes JMP 0100002D .text C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6648] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 01000095 .text C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6648] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 010000C9 .text C:\Program Files\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe[6648] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 01000061 .text C:\Users\Anulka\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6776] WS2_32.dll!connect 77724CF0 5 Bytes JMP 014C002D .text C:\Users\Anulka\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6776] WS2_32.dll!getsockname 777342A0 5 Bytes JMP 014C0095 .text C:\Users\Anulka\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6776] WS2_32.dll!getpeername 7773C0C0 5 Bytes JMP 014C00C9 .text C:\Users\Anulka\AppData\Local\Microsoft\OneDrive\OneDrive.exe[6776] WS2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 014C0061 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6984] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001F002D .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6984] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001F0095 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6984] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001F00C9 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[6984] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001F0061 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[7108] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001E002D .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[7108] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001E0095 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[7108] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001E00C9 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[7108] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001E0061 .text C:\Program Files\OSCAR Editor X7\OscarEditor.exe[7368] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001D002D .text C:\Program Files\OSCAR Editor X7\OscarEditor.exe[7368] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001D0095 .text C:\Program Files\OSCAR Editor X7\OscarEditor.exe[7368] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001D00C9 .text C:\Program Files\OSCAR Editor X7\OscarEditor.exe[7368] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001D0061 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7548] ws2_32.dll!connect 77724CF0 5 Bytes JMP 001D002D .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7548] ws2_32.dll!getsockname 777342A0 5 Bytes JMP 001D0095 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7548] ws2_32.dll!getpeername 7773C0C0 5 Bytes JMP 001D00C9 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[7548] ws2_32.dll!WSAConnect 77759EC0 5 Bytes JMP 001D0061 ---- Devices - GMER 2.2 ---- AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 volume.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 iorate.sys AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 volume.sys ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0xD6 0xD9 0xCA 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x4A 0x66 0xDA 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0x84 0x3D 0xCD 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xAA 0x8D 0xE1 0xDF ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@pl-PL 50 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\GSM56DE186279_04_07D9_5C^55E215440F47AC8C0C7CFCF5B22558D4@Timestamp 0x1D 0xC8 0xEE 0x0A ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 6674028 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\RNG@RNGAuxiliarySeed -1376122609 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 50 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 489097414 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 27772 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID 1a05df63-5c89-4d22-bd92-f4bf3f9 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WcesLog@FileCounter 4 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastTelemetryLog 0xBB 0x12 0x26 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS\Performance@PerfMMFileName Global\MMF_BITS6f5d722e-e9f4-4ed1-9fb8-538c4fed4cf6 Reg HKLM\SYSTEM\CurrentControlSet\Services\BITS Reg HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastTelemetryLog 0x9F 0x7A 0x7D 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xBB 0x12 0x26 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{49b60f16-b201-45ea-a738-02f8e6aadce2}@LastProbeTime 1479146577 Reg HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastTelemetryLog 0xC7 0x89 0x3B 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\huawei_enumerator\Parameters\Wdf@TimeOfLastTelemetryLog 0x95 0xBA 0x8F 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastTelemetryLog 0x0A 0x2A 0x17 0x57 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\msisadrv\Parameters\Wdf@TimeOfLastTelemetryLog 0xDE 0x03 0xF3 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastTelemetryLog 0x95 0xBA 0x8F 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Diagnostics@ReadyBootTrainingCountSinceLastServicing 5 Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?pon.?, ?lis ?14 ?16, 06:05:21????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@EffectivePends 86 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1551 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 55 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{E9903468-3539-4049-9A6C-30B5604C595F} v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}|Desc=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}|LUOwn=S-1-5-21-2133445575-3378494942-3561389506-1000|AppPkgId=S-1-15-2-447965956-1595884426-2614601585-2128949372-556907266-1570989533-1058743812|EmbedCtxt=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{CD4A7EDB-1099-4373-A4B5-E4E40FCB9FBD} v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}|Desc=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}|LUOwn=S-1-5-21-2133445575-3378494942-3561389506-1000|AppPkgId=S-1-15-2-447965956-1595884426-2614601585-2128949372-556907266-1570989533-1058743812|EmbedCtxt=@{Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{44078185-12BA-4BE9-84A8-6521DC6D988E} v2.26|Action=Block|Active=TRUE|Dir=In|Name=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}|Desc=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}|LUOwn=S-1-5-21-2133445575-3378494942-3561389506-1000|AppPkgId=S-1-15-2-2679466428-2257802901-1755839644-3032159574-3452485508-990264208-3332697187|EmbedCtxt=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System@{FC8B7C54-3974-47BC-83FE-72F7EB7EA9B0} v2.26|Action=Block|Active=TRUE|Dir=Out|Name=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}|Desc=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}|LUOwn=S-1-5-21-2133445575-3378494942-3561389506-1000|AppPkgId=S-1-15-2-2679466428-2257802901-1755839644-3032159574-3452485508-990264208-3332697187|EmbedCtxt=@{Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsSoundRecorder/Resources/AppStoreName}| Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 49 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d0dcd86b-6292-41b7-b7cc-0e7bdb63c6be}@LeaseObtainedTime 1479142976 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d0dcd86b-6292-41b7-b7cc-0e7bdb63c6be}@T1 1479186176 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d0dcd86b-6292-41b7-b7cc-0e7bdb63c6be}@T2 1479218576 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{d0dcd86b-6292-41b7-b7cc-0e7bdb63c6be}@LeaseTerminatesTime 1479229376 Reg HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastTelemetryLog 0xBB 0x12 0x26 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\vdrvroot\Parameters\Wdf@TimeOfLastTelemetryLog 0x6E 0x2A 0xDB 0x49 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeEstimated 0xB4 0x77 0x3A 0x98 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeHigh 0xB4 0xDF 0xFE 0xF9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\W32Time\SecureTimeLimits@SecureTimeLow 0xB4 0x0F 0x76 0x36 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Parameters@ServiceDllUnloadOnStop 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 17104 17110 17120 17130 17150 17194 17204 17242 17248 17264 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 17270 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 17271 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Counter 17104 Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@First Help 17105 Reg HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastTelemetryLog 0xDD 0x26 0x34 0x5C ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@Rw 0x64 0x62 0x03 0x00 ... Reg HKLM\SYSTEM\Setup\Upgrade\NsiMigrationRoot\60\0@RwMask 0x64 0x62 0x03 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@9e+FFONA7Iui3H4Uy0n841F1uX4grTtZUWn2Jtv4CmE 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@53NSScDse/lDo8f5jepoTeJYgbZx49izlGUl0GC34us 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@XmM2Ga0hsXIfraWL/bV+KtEiFB7C4qYBcMXcuktOTbA 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@LVwzM9Hn3tUKeew1Ksq5bmqStEFuGNd8dXNuWiLnvxc 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@OpzTgJp/TfAdZeLoV6ONu7yGzVi8vhpA1yvKXF/HjBo 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\Origins@xuvq4WXburrlLteySZvX5VFSkq97/Z+S3b1sd3GlFlI 2 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange@PackageVersion 867 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepositoryStatus@ServiceLastKnownStatus 101 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepositoryStatus@MachineDatabaseStatisticsLastUpdated 0x26 0x16 0x67 0xF5 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateRepositoryStatus@DeploymentDatabaseStatisticsLastUpdated 0x79 0x8A 0x7C 0xF5 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe@LastReturnValue 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe@NumberOfAttempts 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24201.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe@LastReturnValue 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe@NumberOfAttempts 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2133445575-3378494942-3561389506-1000\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.24123.0_x86__8wekyb3d8bbwe\AppxManifest.xml Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI@IdleTime 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census@StartTime 2016-11-14T14:18:41.367 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census@RunCounter 32 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census@EndTime 2016-11-14T14:18:49.007 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdHigh 30555817 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing@SessionIdLow -1141337185 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LaunchCount 0x33 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LastSuccessfulUploadTime 0x4B 0xB2 0xC2 0x83 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@DiagTrackStatus 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LastFreeNetworkLossTime 0xA5 0x11 0xA2 0xF3 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack@LastConnectivityHeartBeatTime 0x3E 0xD3 0x52 0x10 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default@LastHeartBeatTime 0xCE 0xD5 0xD9 0x7A ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\HeartBeats\Default@SettingsHttpAttempts 3 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests@LastDownloadTime 0x6B 0x2C 0x91 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\telemetry.ASM-WindowsDefault@ETag 30:2A546F73FB1B4DBBD01AD4373BA7BEEFAF97E839267F5299B5795A211165099FDB436A78A9FA4DE75E1450E101737C0C27D819F2::2EF0F60398 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\telemetry.ASM-WindowsDefault@LastDownloadTime 0x6B 0x2C 0x91 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\TELEMETRY.ASM-WINDOWSSQ@LastDownloadTime 0x6B 0x2C 0x91 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\utc.app@ETag 30:75DA72F6C64B1F1D68A1E58CFAF2D630::2EF0F60398 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\DiagTrack\SettingsRequests\utc.app@LastDownloadTime 0x6B 0x2C 0x91 0x9B ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -216389363 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30555800 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -216232894 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\Machine\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30555800 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2133445575-3378494942-3561389506-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeLo -145135632 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2133445575-3378494942-3561389506-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@StartTimeHi 30555800 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2133445575-3378494942-3561389506-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeLo -142010821 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\State\S-1-5-21-2133445575-3378494942-3561389506-1000\Extension-List\{00000000-0000-0000-0000-000000000000}@EndTimeHi 30555800 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25F162E46CF269746A7E107B4DBA1309@@\37r.2\0005\0F\0001\0006\0002\0E\0004\0006\0C\0F\0002\0006\09\0007\0004\0006\0A\0007\0E\0001\0000\0007\0B\0004\0D\0Ìáö\0zëŸj\r C:\Windows\Microsoft.NET\Framework\v4.0.30319\System.NumerJ????@A? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5A66BCD6697BF1235BC48B929915B22E@\xb0\x2db\2\0015\0A\0006\0006\0B\0C\0D\0006\0006\09\0007\0B\0F\0001\0002\0003\0005\0B\0C\0004\08\0B\09\0002\09\09\0 åä\0zë\x0098f\r 02:\SOFTWARE\Microsoft\Windows\CurrenJ????@AF?????'??MZ??????????????????????@?????????????????????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6_0090278A1B@\17qÂd, I_RB_x86.3643236F_FC70_11D3_A536_0090278A1BB8?@AE?????'??MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode. $????????????z???z???z???????z????8?fz????9??z???????z???z??Jz????=??z???????z???????z???????z??Rich?z??????????PE??L?????aO??????????"!?? ????????????????????????????????????????? ????????????P?????? ?????@?????????????????????????`????????????????????7??????????????????? ??? ??????????????????????????????????????@???????????????`???d???`???????????????????.text???%??????????????????????????? ??`.data???X;??????????????????????????@???.rsrc????7???????8??????????????????@??@.reloc???.??? ???0??????????????????@??B?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6_Õ@\17qOc, I_RB_x86.3643236F_FC70_11D3_A536_0090278A1BB8?@AE?????'??MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode. $????????????z???z???z???????z????8?fz????9??z???????z???z??Jz????=??z???????z???????z???????z??Rich?z??????????PE??L?????aO??????????"!?? ????????????????????????????????????????? ????????????P?????? ?????@?????????????????????????`????????????????????7??????????????????? ??? ??????????????????????????????????????@???????????????`???d???`???????????????????.text???%??????????????????????????? ??`.data???X;??????????????????????????@???.rsrc????7???????8??????????????????@??@.reloc???.??? ???0??????????????????@??B?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80E9C47603F640E4A859A7170F664B5D@ÈÙ'\08\0000\0E\09\0C\0004\0007\0006\0000\0003\0F\0006\0004\0000\0E\0004\0A\08\0005\09\0A\0007\0001\0007\0000\0F\0Xèä\0zë@g\r C:\J????@A??????'??MZ??????????????????????@????????????????????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B_Õ@\17q@g, NgenDisableDownlevelService_I_RB_x86.3643236F_FC70_11D3_A536_0090278A1BB8?@AE?????'??MZ??????????????????????@???????????????????????????????????????????????!??L?!This program cannot be run in DOS mode. $????????????z???z???z???????z????8?fz????9??z???????z???z??Jz????=??z???????z???????z???????z??Rich?z??????????PE??L?????aO??????????"!?? ????????????????????????????????????????? ????????????P?????? ?????@?????????????????????????`????????????????????7??????????????????? ??? ??????????????????????????????????????@???????????????`???d???`???????????????????.text???%??????????????????????????? ??`.data???X;??????????????????????????@???.rsrc????7???????8??????????????????@??@.reloc???.??? ???0??????????????????@??B?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1110F57186925394F8073301C8A6D43E\Usage@MarsInfc 1231951080 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1110F57186925394F8073301C8A6D43E\Usage@MarketResearch 1231948695 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21D01A86F0D02124DB6E8DF7DA238AAF\Usage@smartwebprinting.msm 1231947993 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5F62334C531F15542807F7A7AB40261E\Usage@RedboxMM 1231956550 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60FC8EAEAC82312438C93A82714AE700\Usage@DDTrayAppPlugin 1231948760 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\60FC8EAEAC82312438C93A82714AE700\Usage@AiOTrayAppPlugIn 1231953761 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\70FE07A488F74344BB161DEDA89ED34D\Usage@SolutionCenter 1231948450 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\99F5A0CD66DFF334D9A350CDAB46EB24\Usage@TrayApp 1231976381 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9C12FF36018AF4646BA0131147B7A1D6\Usage@GPBaseService.msm 1231948410 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9C12FF36018AF4646BA0131147B7A1D6\Usage@GPCore.msm 1231953851 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BF5078EAC31E9A04A8D2866D37F3FB2C\Usage@statusexe 1232011263 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{0c88ce2f-1c93-4c38-ba51-b2492ed636ac}@DeviceState 4 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Render\{20e01059-fe35-41ca-acf7-0432a1245417}@DeviceState 8 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\OneSettings\compat\appraiser@RefreshAfter 0xE5 0x84 0x4C 0xB7 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ThemeManager@ServerChangeNumber 50 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate@LastTaskOperationHandle 0 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@F855810C-9F77-45FF-A0F5-CD0FEAA945C6 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@7F354D0E-A913-4AA0-815D-3FA9FBFF2BD8 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@CFC4A10E-0356-451D-BB3E-C4FE5EDFD20C 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@1A36FD17-5161-4651-AE2D-13384E427EA8 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@73476B19-EB1E-4FF8-AD45-E643EC93D1A1 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@579FC437-D398-411C-A6C5-D01FD4523B94 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@9F03273F-FE0B-4ED8-9BC8-C2F256375490 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@64293252-5926-453C-9494-2D4021F1C78D 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@64A79953-CF0B-44F9-B5C4-EE5DF3A15C63 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@86A75D59-8166-4E92-9F46-F3B39784ADA3 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@5E19CC61-8994-4797-BDC7-C21263F6282B 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@75F3F766-13B3-45E9-A62F-29590D5781F2 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@EAAC6C6B-10A4-4659-815B-44F151ECA61A 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@7CE6966C-0C33-4851-8958-285ABBA4D7CC 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@421BA874-F903-4965-9B82-D60F3BA3CAE0 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@E632FE90-A5BA-43AA-BF81-9DE8413E83D8 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@B90F3A9A-C043-41A7-A774-E51F6069283B 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@454A759B-FF5B-4A79-80D3-1CF15EBA0908 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@F022389F-F3A6-417E-AD23-704FBDF57117 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@CD5D53B1-33F7-4A95-B111-F51F187C7130 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@D63C16B5-90E0-4DF5-83AE-8CA6F53997D5 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@38125AB7-26CC-41D5-977E-10820DABC28D 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@733893B8-533D-4292-BF27-23D218B39A95 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@16DB93BF-8748-449A-96BA-E9ED3A5F872D 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@2F510DC1-4B62-4128-956E-A73D253CC9CB 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@9DB724C9-966D-4AEB-9D3B-D6B2C77F3DE3 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@1B52F8CB-8C2D-42EA-A937-0E8D074BEA11 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@214308D7-4262-449D-A78D-9A2306144B11 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@EAAF2CE3-D5A3-4A59-AE31-276FBC44A7CD 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@FFC158E5-74D6-4878-8ACE-8F0DF45083C1 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@64B22DF1-5A9C-4C88-AA1F-42CEFAF8B281 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@0E0FBAF6-FD99-4046-B494-9CE469AE3009 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\LastOnlineScanTimeForAppCategory\855E8A7C-ECB4-4CA3-B045-1DFA50104289@D9A4D6FD-A65B-41A6-95FF-270B882EA5F1 2016-11-14 14:16:21 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@0e0fbaf6-fd99-4046-b494-9ce469ae3009 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@16db93bf-8748-449a-96ba-e9ed3a5f872d 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@1a36fd17-5161-4651-ae2d-13384e427ea8 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@1b52f8cb-8c2d-42ea-a937-0e8d074bea11 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@2f510dc1-4b62-4128-956e-a73d253cc9cb 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@38125ab7-26cc-41d5-977e-10820dabc28d 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@421ba874-f903-4965-9b82-d60f3ba3cae0 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@454a759b-ff5b-4a79-80d3-1cf15eba0908 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@579fc437-d398-411c-a6c5-d01fd4523b94 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@5e19cc61-8994-4797-bdc7-c21263f6282b 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@64293252-5926-453c-9494-2d4021f1c78d 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@64a79953-cf0b-44f9-b5c4-ee5df3a15c63 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@64b22df1-5a9c-4c88-aa1f-42cefaf8b281 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@733893b8-533d-4292-bf27-23d218b39a95 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@73476b19-eb1e-4ff8-ad45-e643ec93d1a1 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@75f3f766-13b3-45e9-a62f-29590d5781f2 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@7ce6966c-0c33-4851-8958-285abba4d7cc 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@7f354d0e-a913-4aa0-815d-3fa9fbff2bd8 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@9f03273f-fe0b-4ed8-9bc8-c2f256375490 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@cd5d53b1-33f7-4a95-b111-f51f187c7130 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@cfc4a10e-0356-451d-bb3e-c4fe5edfd20c 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@d9a4d6fd-a65b-41a6-95ff-270b882ea5f1 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@e632fe90-a5ba-43aa-bf81-9de8413e83d8 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@eaac6c6b-10a4-4659-815b-44f151eca61a 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@eaaf2ce3-d5a3-4a59-ae31-276fbc44a7cd 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@f022389f-f3a6-417e-ad23-704fbdf57117 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@ffc158e5-74d6-4878-8ace-8f0df45083c1 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@F855810C-9F77-45FF-A0F5-CD0FEAA945C6 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@86A75D59-8166-4E92-9F46-F3B39784ADA3 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@B90F3A9A-C043-41A7-A774-E51F6069283B 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@D63C16B5-90E0-4DF5-83AE-8CA6F53997D5 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@9DB724C9-966D-4AEB-9D3B-D6B2C77F3DE3 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RequestedAppCategories\855e8a7c-ecb4-4ca3-b045-1dfa50104289@214308D7-4262-449D-A78D-9A2306144B11 2016-11-14 14:16:04 Reg HKLM\SOFTWARE\Microsoft\Windows\DWM@DwmInitSessionActivityId_00000001 E3E8E177-3E98-0000-8DE1-E8E3983ED201 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@AVSignatureVersion 1.231.1944.0 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@ASSignatureVersion 1.231.1944.0 Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureLocation C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4446E5BB-B371-422B-964E-8194B00410C2} Reg HKLM\SOFTWARE\Microsoft\Windows Defender\Signature Updates@SignatureUpdateCount 577 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\AvTracking\History@TimeStamp 0xFF 0xF6 0x24 0xB1 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\TelemetryController@LastNormalRun 0x64 0xC4 0x74 0xF3 ... Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 17270 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 17271 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2133445575-3378494942-3561389506-1000@RefCount 0 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@NewClientID 58 Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StreamLog@CurrentStreamLog 33 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{CA6818D8-DA11-11DE-9A54-806E6F6E6963} 17788457792 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{2D7DCCC5-0A3D-40E5-B78B-3C4AA4604BCA} 103779272 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{C6DE865B-48FF-11E5-9BE5-002522303A9E} 10385472 Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_neutral_split.language-pl_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_neutral_split.language-pl_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.816.20.0_neutral_split.language-pl_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.816.20.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2016.816.20.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_10.1608.2211.0_neutral_split.language-pl_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_10.1608.2211.0_neutral_split.language-pl_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1608.2211.0_neutral_split.language-pl_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1608.2211.0_x86__8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe Reg HKLM\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe@Path C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_2016.808.1111.0_neutral_~_8wekyb3d8bbwe ---- EOF - GMER 2.2 ----