Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

All Activity

This stream auto-updates   

  1. Today
  2. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) C:\Program Files\McAfee.com C:\Program Files\Common Files\McAfee C:\Program Files\McAfee Security Scan C:\Windows\system32\mfevtps.exe S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee Security Scan\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) C:\ProgramData\McAfee Security Scan C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  3. Check Disk completed. Still wouldn't boot. Tried a startup repair and it failed on doing a system restore due to file integrity from the looks of it. Log from Startup repair below followed by Farbar log. Startup Repair diagnosis and repair log --------------------------- Last successful boot time: ?1/?13/?2017 2:30:45 PM (GMT) Number of repair attempts: 2 Session details --------------------------- System Disk = \Device\Harddisk0 Windows directory = D:\Windows AutoChk Run = 0 Number of root causes = 1 Test Performed: --------------------------- Name: Check for updates Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: System disk test Result: Completed successfully. Error code = 0x0 Time taken = 15 ms Test Performed: --------------------------- Name: Disk failure diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 78 ms Test Performed: --------------------------- Name: Disk metadata test Result: Completed successfully. Error code = 0x0 Time taken = 63 ms Test Performed: --------------------------- Name: Target OS test Result: Completed successfully. Error code = 0x0 Time taken = 156 ms Test Performed: --------------------------- Name: Volume content check Result: Completed successfully. Error code = 0x0 Time taken = 171 ms Test Performed: --------------------------- Name: Boot manager diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: System boot log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Event log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 733 ms Test Performed: --------------------------- Name: Internal state check Result: Completed successfully. Error code = 0x0 Time taken = 47 ms Test Performed: --------------------------- Name: Boot status test Result: Completed successfully. Error code = 0x0 Time taken = 94 ms Test Performed: --------------------------- Name: Setup state check Result: Completed successfully. Error code = 0x0 Time taken = 905 ms Test Performed: --------------------------- Name: Registry hives test Result: Completed successfully. Error code = 0x0 Time taken = 7503 ms Test Performed: --------------------------- Name: Windows boot log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Bugcheck analysis Result: Completed successfully. Error code = 0x0 Time taken = 4540 ms Test Performed: --------------------------- Name: Access control test Result: Completed successfully. Error code = 0x0 Time taken = 23306 ms Test Performed: --------------------------- Name: File system test (chkdsk) Result: Completed successfully. Error code = 0x0 Time taken = 129419 ms Test Performed: --------------------------- Name: Software installation log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Fallback diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Root cause found: --------------------------- Unspecified changes to system configuration might have caused the problem. Repair action: System Restore Result: Failed. Error code = 0x1f Time taken = 681397 ms Repair action: System files integrity check and repair Result: Failed. Error code = 0x490 Time taken = 929376 ms --------------------------- --------------------------- Session details --------------------------- System Disk = \Device\Harddisk0 Windows directory = D:\Windows AutoChk Run = 0 Number of root causes = 0 Test Performed: --------------------------- Name: Check for updates Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: System disk test Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Disk failure diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 78 ms Test Performed: --------------------------- Name: Disk metadata test Result: Completed successfully. Error code = 0x0 Time taken = 16 ms Test Performed: --------------------------- Name: Target OS test Result: Completed successfully. Error code = 0x0 Time taken = 171 ms Test Performed: --------------------------- Name: Volume content check Result: Completed successfully. Error code = 0x0 Time taken = 156 ms Test Performed: --------------------------- Name: Boot manager diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: System boot log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Event log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 390 ms Test Performed: --------------------------- Name: Internal state check Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Boot status test Result: Completed successfully. Error code = 0x0 Time taken = 78 ms Test Performed: --------------------------- Name: Setup state check Result: Completed successfully. Error code = 0x0 Time taken = 749 ms Test Performed: --------------------------- Name: Registry hives test Result: Completed successfully. Error code = 0x0 Time taken = 4665 ms Test Performed: --------------------------- Name: Windows boot log diagnosis Result: Completed successfully. Error code = 0x0 Time taken = 0 ms Test Performed: --------------------------- Name: Bugcheck analysis Result: Completed successfully. Error code = 0x0 Time taken = 2808 ms --------------------------- --------------------------- #####################################################FARBAR################# Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by SYSTEM on MININT-L62M27S (24-01-2017 12:06:27) Running from L:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] () HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-03] (WildTangent) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2014-08-11] (Sage) S2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24880 2014-08-11] (Sage) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-23 18:46 - 2017-01-23 18:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup 2017-01-22 16:06 - 2017-01-24 12:06 - 00000000 ____D C:\FRST 2017-01-20 13:56 - 2017-01-20 13:56 - 00578862 _____ C:\Users\Roger\Documents\GST form.pdf 2017-01-20 13:56 - 2017-01-20 13:56 - 00006954 _____ C:\Users\Roger\Documents\Request for a Business Number.pdf 2017-01-18 21:03 - 2017-01-18 21:03 - 00126417 _____ C:\Users\Roger\Desktop\Roxie Jan Visa.pdf 2017-01-10 11:46 - 2017-01-10 11:46 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-24 10:18 - 2015-11-19 08:36 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-01-24 10:18 - 2012-12-04 15:17 - 00000000 ____D C:\Users\Roger\AppData\Local\Simply 2017-01-24 10:18 - 2012-11-07 17:30 - 00000000 ____D C:\Windows\System32\Macromed 2017-01-24 10:18 - 2012-11-07 17:30 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2017-01-24 10:18 - 2012-11-01 19:07 - 00000000 ____D C:\ProgramData\clear.fi 2017-01-24 10:18 - 2012-11-01 18:53 - 00000000 ____D C:\Users\Roger\AppData\Local\PowerCinema 2017-01-24 10:18 - 2012-11-01 18:53 - 00000000 ____D C:\users\Roger 2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2017-01-24 10:17 - 2011-08-02 22:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-24 10:11 - 2013-02-16 12:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-21 10:02 - 2013-10-03 14:45 - 00000000 ____D C:\L&DCABLE 2017-01-20 13:59 - 2015-07-01 19:14 - 00000000 ____D C:\Users\Roger\AppData\Local\CutePDF Writer 2017-01-20 13:56 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2017-01-13 06:32 - 2013-01-17 15:36 - 00000000 ____D C:\Users\Roger\AppData\Local\Deployment 2017-01-11 00:56 - 2012-11-07 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2017-01-10 23:56 - 2012-11-07 17:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2017-01-10 23:56 - 2012-11-07 17:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2017-01-10 23:56 - 2011-08-02 22:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2017-01-10 19:26 - 2016-11-20 22:05 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse 2017-01-10 06:13 - 2016-06-16 06:30 - 00013519 _____ C:\Users\Roger\Desktop\Splash Park.xlsx 2017-01-10 01:25 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-01-10 01:25 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-01-06 05:00 - 2012-12-04 15:24 - 00004614 _____ C:\Windows\ODBC.INI 2016-12-28 17:30 - 2016-06-30 07:32 - 00001968 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2016-12-28 17:30 - 2009-07-13 18:34 - 00000875 _____ C:\Windows\System32\Drivers\etc\hosts Some files in TEMP: ==================== 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-10-13 06:35] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe [2016-10-13 06:35] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-12-13 13:45] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll [2016-12-13 13:45] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2016-12-29 22:00 Restore point date: 2017-01-05 22:00 Restore point date: 2017-01-11 01:00 Restore point date: 2017-01-18 22:00 Restore point date: 2017-01-21 09:47 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 7892.94 MB Available physical RAM: 7045.37 MB Total Virtual: 7891.14 MB Available Virtual: 7048.97 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1382.17 GB) (Free:1181.85 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS Drive l: (KEIBER) (Removable) (Total:7.45 GB) (Free:1.17 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C3548EA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=7.5 GB) - (Type=0B) LastRegBack: 2017-01-12 22:31 ==================== End of FRST.txt ============================
  4. Quick Diag Fix. First please create a restore point! Right click in Quick Diag Run as Admin. Copy the content of the code box below to your clipboard. Click on the S within the User Interface of the program. Then click on Script. Allow completion. Post the log created in your next reply. Key:: [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKLM\Software\WOW6432Node\Google] File:: C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 C:\WINDOWS\System32\gatherNetworkInfo.vbs C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 C:\Users\John\AppData\Roaming\Wise Uninstaller C:\WINDOWS\Tasks\Adobe Flash Player Updater.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\System32\Tasks\2BrightSparks C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater C:\Users\John\Documents\Freemake C:\Program Files\UVK - Ultra Virus Killer CMD:: sc delete DiagTrack sc config DeviceAssociationService start= disabled sc config diagnosticshub.standardcollector.service start= disabled sc config DoSvc start= disabled sc config HomeGroupListener start= disabled sc config HomeGroupProvider start= disabled sc config icssvc start= disabled sc config lfsvc start= disabled sc config MapsBroker start= disabled sc config MpsSvc start= disabled sc config PcaSvc start= disabled sc config TabletInputService start= disabled sc config wcncsvc start= disabled sc config WMPNetworkSvc start= disabled sc config XblAuthManager start= disabled sc config XblGameSave start= disabled sc config XboxNetApiSvc start= disabled SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn setowner -ownr "n:Administrators" SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn ace -ace "n:Administrators;p:full" REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting" /t REG_DWORD /d 0 >nul REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SubmitSamplesConsent" /t REG_DWORD /d 0 >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\StartupAppTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Autochk\Proxy" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DUSM\dusmtask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Installation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\Notifications" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\WindowsActionDialog" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Management\Provisioning\Logon" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsToastTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsUpdateTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NlaSvc\WiFiTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Secure-Boot-Update" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Sqm-Tasks" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Ras\MobilityManager" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RetailDemo\CleanupOfflineContent" >nul ADS:: C:\ProgramData\Temp Clean:: yes
  5. --------------- QuickDiag | g3n-h@ckm@n | V3_22.01.17.4 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 24/01/2017 14:08:46 Updated 22/01/2017 | 22.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Time Zone : (UTC+10:00) Canberra, Melbourne, Sydney [John (Administrator)] - [OFFICE6410] (S-1-5-21-3754235531-495330377-4189813319-1001) System: Microsoft Windows 10 Pro - - (10.0.14393) - BuildType: Multiprocessor Free - OSLanguage: 1033 (0409) System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition4 Boot : Normal boot PC: Z97X-UD5H-BK - Gigabyte Technology Co., Ltd. - IdNumber: To be filled by O.E.M. - UUID: 03AA02FC-0414-0520-3C06-6D0700080009 Processor : X64 - 3991 Mhz - Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz F6 - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - F6 - ALASKA - 1072009 CoreTemp : 29.8 Celsius ----------| Extended ---------- | SoundDevice HD Webcam C270 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_0825&MI_02\7&312FE03E&0&0002 AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&CA7EFD&0&0001 ASUS Xonar Essence STX Audio Device - Status: OK - Manufacturer: ASUSTeK - PNPDeviceID: PCI\VEN_13F6&DEV_8788&SUBSYS_835C1043&REV_00\5&1223E646&0&20000A ---------- | Video AMD Radeon (TM) R9 200 Series - Resolution: 2560x1440 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64,aticfx32,aticfx32,aticfx32,amdxc32,atiumd64,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64 - PNPDeviceID: PCI\VEN_1002&DEV_6811&SUBSYS_048D1043&REV_00\4&1286464&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648 Inegrated Video Chipset DeviceName: AMD Radeon (TM) R9 200 Series - DriverVersion: 8.14.1.6525 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 - Manufacturer: Logitech Inc. - Status: OK c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 - Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 - Manufacturer: Microsoft Corporation - Status: OK c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 - Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:16 % CPU #2 value:16 % CPU #3 value:34 % CPU #4 value:0 % CPU #5 value:10 % CPU #6 value:4 % CPU #7 value:0 % CPU #8 value:0 % Total Overall CPU Usage value:9 % ---------- | Network Intel[R] Ethernet Connection I217-V : SENT:0 bytes/sec / RECVD:0 bytes/sec isatap.{7173E2D8-F7F2-4250-B930-9C99644FECC5} : SENT:0 bytes/sec / RECVD:0 bytes/sec Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:9 bytes/sec, / RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000 Intel(R) Ethernet Connection I217-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_153B&SUBSYS_E0001458&REV_00\3&11583659&0&C8 Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0 Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE ---------- | Memory RAM = Total (MB) : 16687 | Free (MB) : 13555 Pagefile = Total (MB) : 17735 | Free (MB) : 14253 Virtual = Total (MB) : 4194 | Free (MB) : 3966 Physical Memory 1 : Capacity: 8589934592 - ChannelA-DIMM1 - Posit.: - Manufacturer: Kingston - PartNumber: 9905471-079.A00LF - S/N: 6936420D Physical Memory 3 : Capacity: 8589934592 - ChannelB-DIMM1 - Posit.: 1 - Manufacturer: Kingston - PartNumber: 9905471-079.A00LF - S/N: 6A367A0D ---------- | SID Users Administrator : [S-1-5-21-3754235531-495330377-4189813319-500] DefaultAccount : [S-1-5-21-3754235531-495330377-4189813319-503] Guest : [S-1-5-21-3754235531-495330377-4189813319-501] John : [S-1-5-21-3754235531-495330377-4189813319-1001] Access Control Assistance Operators : [S-1-5-32-579] Administrators : [S-1-5-32-544] Backup Operators : [S-1-5-32-551] Cryptographic Operators : [S-1-5-32-569] Distributed COM Users : [S-1-5-32-562] Event Log Readers : [S-1-5-32-573] Guests : [S-1-5-32-546] Hyper-V Administrators : [S-1-5-32-578] IIS_IUSRS : [S-1-5-32-568] Network Configuration Operators : [S-1-5-32-556] Performance Log Users : [S-1-5-32-559] Performance Monitor Users : [S-1-5-32-558] Power Users : [S-1-5-32-547] Remote Desktop Users : [S-1-5-32-555] Remote Management Users : [S-1-5-32-580] Replicator : [S-1-5-32-552] System Managed Accounts Group : [S-1-5-32-581] Users : [S-1-5-32-545] ---------- | SystemAccounts Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 465.21 Go | Free : 334.18 Go -> NTFS (SSD) [SATA] D:\ -> [Fixed] | [D Drive] | Total : 1863.01 Go | Free : 1194.18 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_DT01ACA200\4&2A148996&0&010000 DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_SSD_840_EVO_500G\4&2A148996&0&000000 ---------- | Windows updates No detected update !!! Windows Is Activated ---------- | Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) Default : "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 22.0.0.209 FlashPlayer Plugin : 24.0.0.194 ---------- | Security AV : Avast Antivirus Enabled AS : Avast Antivirus Enabled FW : WINDOWS Firewall WMI : OK WU: Windows Update Service [Disabled(4)] = stopped AS: Windows Defender [Manual(3)] = stopped WMI: Windows Management Instrumentation [Auto(2)] = Running ---------- | Running processes 624 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe [16/07/2016 22:42:27] CPU Usage:0 % 860 | [Owner : | Parent : 720() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe [16/07/2016 22:42:27] CPU Usage:0 % 936 | [Owner : | Parent : 860(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.0) = C:\Windows\System32\services.exe [16/07/2016 22:42:27] CPU Usage:0 % 944 | [Owner : | Parent : 860(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe [11/11/2016 11:05:00] CPU Usage:0 % 352 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 684 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 872 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1124 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1156 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1264 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1384 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1456 | [Owner : | Parent : 936(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (21.19.137.1) = C:\Windows\System32\atiesrxx.exe [26/10/2016 01:04:40] CPU Usage:0 % 1532 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1884 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 1960 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 2020 | [Owner : | Parent : 936(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.3.3154.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe [30/08/2016 15:05:07] CPU Usage:0 % 2156 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe [11/11/2016 11:04:57] CPU Usage:0 % 2408 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 2452 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 2472 | [Owner : | Parent : 936(services.exe) | ?????] - (.Cyber Power Systems, Inc. - PowerPanel Personal Edition Service.) - (1.6.1.0) = C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [22/12/2015 11:10:32] CPU Usage:0 % 2504 | [Owner : | Parent : 936(services.exe) | ?????] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.2.1549.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe [08/09/2016 06:20:57] CPU Usage:0 % 2516 | [Owner : | Parent : 936(services.exe) | ?????] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (8.0.0.0) = C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [17/07/2016 11:26:10] CPU Usage:0 % 2532 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 2812 | [Owner : | Parent : 936(services.exe) | ?????] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [19/11/2016 13:04:04] CPU Usage:0 % 3164 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 5696 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe [11/11/2016 11:04:54] CPU Usage:0 % 3636 | [Owner : | Parent : 936(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [16/09/2016 15:38:00] CPU Usage:0 % 5632 | [Owner : | Parent : 936(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.388) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [18/12/2016 10:09:51] CPU Usage:0 % 6332 | [Owner : | Parent : 1884(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe [16/07/2016 22:42:22] CPU Usage:0 % 7296 | [Owner : | Parent : 2896() | ?????] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.351) = C:\Windows\System32\winlogon.exe [11/11/2016 11:04:56] CPU Usage:0 % 4928 | [Owner : | Parent : 1456(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (21.19.137.1) = C:\Windows\System32\atieclxx.exe [26/10/2016 01:04:40] CPU Usage:0 % 5688 | [Owner : John | Parent : 872(svchost.exe) | 22.32 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe [16/07/2016 22:42:09] CPU Usage:0 % 4212 | [Owner : John | Parent : 936(services.exe) | 19.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe [16/07/2016 22:42:27] CPU Usage:0 % 3444 | [Owner : John | Parent : 872(svchost.exe) | 18.7 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe [16/07/2016 22:42:36] CPU Usage:0 % 3924 | [Owner : John | Parent : 352(svchost.exe) | 23.77 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe [16/07/2016 22:42:05] CPU Usage:0 % 4240 | [Owner : John | Parent : 7596() | 146.18 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.447) = C:\Windows\explorer.exe [11/11/2016 11:09:05] CPU Usage:0 % 6672 | [Owner : John | Parent : 4240(explorer.exe) | 11.77 Mo] - (.IvoSoft - Classic Start Menu.) - (4.3.0.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe [30/07/2016 09:05:16] CPU Usage:0 % 7880 | [Owner : John | Parent : 352(svchost.exe) | 51.95 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe [11/11/2016 11:09:06] CPU Usage:0 % 6224 | [Owner : John | Parent : 352(svchost.exe) | 86.14 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.447) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe [11/11/2016 11:09:06] CPU Usage:0 % 5320 | [Owner : John | Parent : 4240(explorer.exe) | 30.77 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1648) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [16/09/2016 15:38:36] CPU Usage:0 % 4748 | [Owner : John | Parent : 5568() | 16.68 Mo] - (.CMedia - AsusAudioCenter.) - (0.3.0.68) = C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe [15/07/2016 14:53:55] CPU Usage:0 % 2488 | [Owner : John | Parent : 4240(explorer.exe) | 7.56 Mo] - (.- HsMgr Application.) - (1.0.0.2) = C:\Windows\SysWOW64\HsMgr.exe [15/07/2016 14:53:56] CPU Usage:0 % 6364 | [Owner : John | Parent : 4240(explorer.exe) | 8.12 Mo] - (.- HsMgr Application.) - (1.0.0.2) = C:\Windows\System\HsMgr64.exe [15/07/2016 14:53:56] CPU Usage:0 % 3412 | [Owner : John | Parent : 7432() | 21.39 Mo] - (.AVAST Software - avast! Antivirus.) - (12.3.3154.23) = C:\Program Files\AVAST Software\Avast\AvastUI.exe [20/01/2017 12:09:27] CPU Usage:0 % 3264 | [Owner : John | Parent : 7432() | 9.05 Mo] - (.Cyber Power Systems, Inc. - PowerPanel Personal Edition User Interaction.) - (1.6.1.0) = C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [22/12/2015 11:10:32] CPU Usage:0 % 8120 | [Owner : John | Parent : 5436() | 1.3 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (10.0.14393.0) = C:\Windows\System32\rundll32.exe [16/07/2016 22:42:42] CPU Usage:0 % 7940 | [Owner : John | Parent : 4240(explorer.exe) | 952.64 Mo] - (.8pecxstudios - Cyberfox.) - (50.0.2.6178) = C:\Program Files\Cyberfox\Cyberfox.exe [15/07/2016 14:17:49] CPU Usage:7 % 1864 | [Owner : John | Parent : 4240(explorer.exe) | 162.02 Mo] - (.Skype Technologies S.A. - Skype.) - (7.30.0.105) = C:\Program Files (x86)\Skype\Phone\Skype.exe [15/11/2016 16:33:56] CPU Usage:0 % 5500 | [Owner : John | Parent : 352(svchost.exe) | 0.88 Mo] - (.-.) - (11.4.86.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe [17/07/2016 01:34:50] CPU Usage:0 % 4972 | [Owner : John | Parent : 4240(explorer.exe) | 31.7 Mo] - (.Cologne Code Company - XYplorer.) - (17.50.0.100) = C:\portable apps\xyplorer 17.5_full_noinstall\XYplorer.exe [31/01/2014 01:10:47] CPU Usage:0 % 7192 | [Owner : John | Parent : 4972(XYplorer.exe) | 14.41 Mo] - (.Microsoft Corporation - Notepad.) - (10.0.14393.0) = C:\Windows\SysWOW64\notepad.exe [16/07/2016 22:43:04] CPU Usage:0 % 7532 | [Owner : John | Parent : 4240(explorer.exe) | 32.16 Mo] - (.SosVirus - QuickDiag.) - (22.1.17.4) = C:\Users\John\Desktop\quickdiag_3_23.01.17.4.exe [24/01/2017 14:07:31] CPU Usage:0 % 5112 | [Owner : | Parent : 5696(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.206) = C:\Windows\System32\SearchProtocolHost.exe [11/11/2016 11:04:54] CPU Usage:0 % 2124 | [Owner : SYSTEM | Parent : 5696(SearchIndexer.exe) | 6.21 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.206) = C:\Windows\System32\SearchFilterHost.exe [11/11/2016 11:04:54] CPU Usage:0 % 4004 | [Owner : | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (10.0.14393.351) = C:\Windows\System32\sppsvc.exe [11/11/2016 11:04:56] CPU Usage:0 % ---------- | MD5 [MD5.43BF96FCF50945BE35C22206980C9068] - [11/11/2016 11:09:05] - (.© Microsoft Corporation. - Windows Explorer.) - [4563.77 Ko] - (10.0.14393.447) : C:\WINDOWS\Explorer.exe [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 22:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 22:42:16] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 22:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe [MD5.133390D061D94917125DC666DA67ECD0] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Services and Controller app.) - [443.95 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\services.exe [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe [MD5.5757459686554B784F3CCE8C3BAF6D8B] - [11/11/2016 11:04:54] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\user32.dll [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe [MD5.D243745884BCBC21E91AB569A0AD514E] - [11/11/2016 11:04:56] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Winlogon.exe [MD5.323AA1953ED9C01E23F740FA891FE064] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys [MD5.0D1D392ED2597F295956D058D33BD7C3] - [11/11/2016 11:04:59] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\dfsc.sys [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 22:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 22:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 22:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [11/11/2016 11:04:59] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys [MD5.D5564FC81350458ED570528C4E3B1CCF] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.84 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\ndis.sys [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys [MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - [11/11/2016 11:09:06] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.447) : C:\WINDOWS\System32\Drivers\ntfs.sys [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 22:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 22:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys [MD5.4F25E481124059CC593B4C68BC485640] - [11/11/2016 11:05:02] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2478.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\tcpip.sys [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\aticfx64.dll (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atiuxp64.dll (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atidxx64.dll (.IvoSoft.-.Classic Start Menu.) - (4.3.0.0) -- C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll (.Stardock.-.Stardock Fences Shell Extension.) - (3.0.3.0) -- C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll (..-..) - (0.0.0.0) -- :\program files (x86)\stardock\fences\DesktopDock64.dll (..-..) - (0.0.0.0) -- :\program files (x86)\stardock\fences\SdAppServices_x64.dll (..-..) - (1.2.502.0) -- C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll (.AVAST Software.-.avast! Shell Extension.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll (.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll (.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (7.3.0.1225) -- C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll (.Igor Pavlov.-.7-Zip Shell Extension.) - (15.14.0.0) -- C:\portable apps\7-ZipPortable 15\App\7-Zip64\7-zip.dll (..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll (.IvoSoft.-.Start Menu Helper Extension.) - (4.3.0.0) -- C:\WINDOWS\System32\StartMenuHelper64.dll (.Advanced Micro Devices, Inc..-.AMD Radeon Settings: Desktop Control Panel.) - (10.1.1.1605) -- C:\Program Files\AMD\CNext\CNext\atiamenu.dll (.9-lab LLC.-.9-lab Malware Removal Tool.) - (1.0.0.39) -- C:\PROGRA~1\9-lab\REMOVA~1\shellext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3640 Series" [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: NT AUTHORITY\SYSTEM OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE Fences - ("C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\...\Run]) - User: OFFICE6410\John EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3640 Series" [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT StartCN - ("C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon [HKLM\SOFTWARE\...\Run]) - User: Public Cmaudio8788 - (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [HKLM\SOFTWARE\...\Run]) - User: Public Cmaudio8788GX - (C:\Windows\syswow64\HsMgr.exe Envoke [HKLM\SOFTWARE\...\Run]) - User: Public Cmaudio8788GX64 - (C:\Windows\system\HsMgr64.exe Envoke [HKLM\SOFTWARE\...\Run]) - User: Public Fences - ("C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [HKLM\SOFTWARE\...\Run]) - User: Public Classic Start Menu - ("C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun [HKLM\SOFTWARE\...\Run]) - User: Public ZAM - ("C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Command Processor] "CompletionChar"=9 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=9 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "EPLTarget\P0000000000000001"=0x03000000E6F397C2831BD201 "Fences"=0x020000000000000000000000 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU] "a"=gpedit.msc\1 "MRUList"=adcb "b"=cmd\1 "c"=thunderbird.exe -p\1 "d"=winver\1 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead "AppData"=C:\Users\John\AppData\Roaming [10/11/2016 16:12:49] "Local AppData"=C:\Users\John\AppData\Local [10/11/2016 16:12:49] "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Libraries [15/07/2016 14:02:39] "My Video"=C:\Users\John\Videos [15/07/2016 14:02:32] "My Pictures"=C:\Users\John\Pictures [15/07/2016 14:02:32] "Desktop"=C:\Users\John\Desktop [15/07/2016 14:02:32] "History"=C:\Users\John\AppData\Local\Microsoft\Windows\History [15/07/2016 14:02:32] "NetHood"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Network Shortcuts [10/11/2016 16:12:49] "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\John\Contacts [15/07/2016 14:02:39] "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\John\AppData\Local\Microsoft\Windows\RoamingTiles [15/07/2016 14:02:39] "Cookies"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCookies [15/07/2016 14:02:32] "Favorites"=C:\Users\John\Favorites [15/07/2016 14:02:32] "SendTo"=C:\Users\John\AppData\Roaming\Microsoft\Windows\SendTo [10/11/2016 16:12:49] "Start Menu"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu [10/11/2016 16:12:49] "My Music"=C:\Users\John\Music [15/07/2016 14:02:32] "Programs"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [10/11/2016 16:12:49] "Recent"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Recent [15/07/2016 14:02:32] "CD Burning"=C:\Users\John\AppData\Local\Microsoft\Windows\Burn\Burn [10/11/2016 16:17:58] "PrintHood"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Printer Shortcuts [10/11/2016 16:12:49] "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\John\Searches [15/07/2016 14:02:39] "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\John\Downloads [15/07/2016 14:02:32] "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\John\AppData\LocalLow [15/07/2016 14:02:32] "Startup"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [15/07/2016 14:02:39] "Administrative Tools"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [15/07/2016 14:02:39] "Personal"=C:\Users\John\Documents [15/07/2016 14:02:32] "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\John\Links [15/07/2016 14:02:32] "Cache"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCache [10/11/2016 16:12:49] "Templates"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Templates [10/11/2016 16:12:49] "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\John\Saved Games [15/07/2016 14:02:32] "Fonts"=C:\WINDOWS\Fonts [16/07/2016 22:47:48] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "AppData"=%USERPROFILE%\AppData\Roaming "Desktop"=%USERPROFILE%\Desktop "Favorites"=%USERPROFILE%\Favorites "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History "Local AppData"=%USERPROFILE%\AppData\Local "My Music"=%USERPROFILE%\Music "My Pictures"=%USERPROFILE%\Pictures "My Video"=%USERPROFILE%\Videos "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts "Personal"=%USERPROFILE%\Documents "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads "Cache"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCache [10/11/2016 16:12:49] "Cookies"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCookies [15/07/2016 14:02:32] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "Device"=HP Officejet 7400 series,winspool,Ne02: "IsMRUEstablished"=1 "LegacyDefaultPrinterMode"=1 [HKLM\Software\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "StartCN"="C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon "Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd "Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe Envoke "Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe Envoke "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun "ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run] "Fences"=0x020000000000000000000000 "Cmaudio8788GX64"=0x020000000000000000000000 "Cmaudio8788GX"=0x020000000000000000000000 "Logitech Download Assistant"=0x030000001F02D3221DDFD101 "StartCN"=0x020000000000000000000000 "Cmaudio8788"=0x020000000000000000000000 "Classic Start Menu"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32] "AvastUI.exe"=0x020000000000000000000000 "PowerPanel Personal Edition User Interaction"=0x020000000000000000000000 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 22:47:48] "Common AppData"=C:\ProgramData [16/07/2016 22:47:48] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 18:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 18:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 22:47:48] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 22:47:48] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 22:47:48] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 18:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 18:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 18:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 18:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"=FencesShellExt [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 "Win32kLastWriteTime"=1D23BAFCFEB96DF [HKLM\Software\WOW6432Node\Microsoft\Command Processor] "CompletionChar"=64 "DefaultColor"=0 "EnableExtensions"=1 "PathCompletionChar"=64 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui "PowerPanel Personal Edition User Interaction"=C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [22/12/2015 11:10:32] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders] "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [16/07/2016 22:47:48] "Common AppData"=C:\ProgramData [16/07/2016 22:47:48] "Common Desktop"=C:\Users\Public\Desktop [30/10/2015 18:24:24] "Common Documents"=C:\Users\Public\Documents [30/10/2015 18:24:24] "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs [16/07/2016 22:47:48] "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 22:47:48] "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 22:47:48] "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates [30/10/2015 18:24:24] "CommonMusic"=C:\Users\Public\Music [30/10/2015 18:24:24] "CommonPictures"=C:\Users\Public\Pictures [30/10/2015 18:24:24] "CommonVideo"=C:\Users\Public\Videos [30/10/2015 18:24:24] "OEM Links"=C:\ProgramData\OEM\Links [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders] "Common AppData"=%ProgramData% "Common Desktop"=%PUBLIC%\Desktop "Common Documents"=%PUBLIC%\Documents "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup "Common Templates"=%ProgramData%\Microsoft\Windows\Templates "CommonMusic"=%PUBLIC%\Music "CommonPictures"=%PUBLIC%\Pictures "CommonVideo"=%PUBLIC%\Videos "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows] ""=mnmsrvc "AppInit_DLLs"= "DdeSendTimeout"=0 "DesktopHeapLogging"=1 "DeviceNotSelectedTimeout"=15 "DwmInputUsesIoCompletionPort"=1 "EnableDwmInputProcessing"=7 "GDIProcessHandleQuota"=10000 "IconServiceLib"=IconCodecService.dll "LoadAppInit_DLLs"=0 "NaturalInputHandler"=Ninput.dll "ShutdownWarningDialogTimeout"=4294967295 "Spooler"=yes "ThreadUnresponsiveLogTimeout"=500 "TransmissionRetryTimeout"=90 "USERNestedWindowLimit"=50 "USERPostMessageLimit"=10000 "USERProcessHandleQuota"=10000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} ---------- | Win.ini : ---------- | System.ini : ---------- | Startings up registry ¦ Folder ---------- | Other keys [HKLM\System\CurrentControlSet\Control\SecurityProviders] "SecurityProviders"=credssp.dll [HKLM\System\CurrentControlSet\Control\Terminal Server] "AllowRemoteRPC"=0 "DelayConMgrTimeout"=0 "DeleteTempDirsOnExit"=1 "fDenyTSConnections"=1 "fSingleSessionPerUser"=1 "NotificationTimeOut"=0 "PerSessionTempDir"=0 "ProductVersion"=5.1 "RCDependentServices"=CertPropSvc SessionEnv "SnapshotMonitors"=1 "StartRCM"=0 "TSUserEnabled"=0 "RailShowallNotifyIcons"=1 "RDPVGCInstalled"=1 "InstanceID"=e59d56ce-8012-4f46-a45b-60f03d2 "GlassSessionId"=4 [HKLM\System\CurrentControlSet\Control\Session Manager] "AutoChkTimeout"=8 "BootExecute"=autocheck autochk * "BootShell"=%SystemRoot%\system32\bootim.exe "CriticalSectionTimeout"=2592000 "ExcludeFromKnownDlls"= "GlobalFlag"=0 "HeapDeCommitFreeBlockThreshold"=0 "HeapDeCommitTotalFreeThreshold"=0 "HeapSegmentCommit"=0 "HeapSegmentReserve"=0 "InitConsoleFlags"=0 "NumberOfInitialSessions"=2 "ObjectDirectories"=\Windows \RPC Control "ProcessorControl"=2 "ProtectionMode"=1 "ResourceTimeoutCount"=648000 "RunLevelExecute"=WinInit ServiceControlManager "RunLevelValidate"=ServiceControlManager "SETUPEXECUTE"= "PendingFileRenameOperations"=\??\C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\John\AppData\Local\Temp\~nsu.tmp \??\C:\Program Files\9-lab\Removal Tool\core.dll \??\C:\Program Files\9-lab\Removal Tool\shellext.dll \??\C:\Program Files\9-lab \??\C:\Program Files\9-lab\Removal Tool [HKLM\System\CurrentControlSet\Control] "BootDriverFlags"=28 "CurrentUser"=USERNAME "EarlyStartServices"=RpcSs Power BrokerInfrastructure SystemEventsBroker DcomLaunch RpcEpMapper LSM AppIdSvc "PreshutdownOrder"=UsoSvc gpsvc trustedinstaller "WaitToKillServiceTimeout"=200 "SystemStartOptions"= NOEXECUTE=OPTIN "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4) "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2) "LastBootSucceeded"=1 "LastBootShutdown"=1 "DirtyShutdownCount"=2 [HKLM\System\CurrentControlSet\Control\lsa] "auditbasedirectories"=0 "auditbaseobjects"=0 "Bounds"=0x0030000000200000 "crashonauditfail"=0 "LimitBlankPasswordUse"=1 "NoLmHash"=1 "Security Packages"="" [15/07/2016 14:02:32] "Notification Packages"=scecli "Authentication Packages"=msv1_0 "disabledomaincreds"=0 "everyoneincludesanonymous"=0 "forceguest"=0 "fullprivilegeauditing"=0x80 "LsaPid"=944 "ProductType"=6 "restrictanonymous"=0 "restrictanonymoussam"=1 "SecureBoot"=1 ---------- | .LNK ---------- | AppCertDlls ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Control Panel\Desktop] "ActiveWndTrackTimeout"=0 "BlockSendInputResets"=0 "CaretWidth"=1 "ClickLockTime"=1200 "CoolSwitchColumns"=7 "CoolSwitchRows"=3 "CursorBlinkRate"=530 "DockMoving"=1 "DragFromMaximize"=1 "DragFullWindows"=1 "DragHeight"=4 "DragWidth"=4 "FocusBorderHeight"=1 "FocusBorderWidth"=1 "FontSmoothing"=2 "FontSmoothingGamma"=0 "FontSmoothingOrientation"=1 "FontSmoothingType"=2 "ForegroundFlashCount"=7 "ForegroundLockTimeout"=200000 "LeftOverlapChars"=3 "MenuShowDelay"=400 "MouseWheelRouting"=2 "PaintDesktopVersion"=0 "Pattern"=0 "RightOverlapChars"=3 "SnapSizing"=1 "TileWallpaper"=0 "WallPaper"=C:\Windows\Web\Wallpaper\fb\394818_o.jpg [01/08/2016 13:41:45] "WallpaperOriginX"=0 "WallpaperOriginY"=0 "WallpaperStyle"=10 "WheelScrollChars"=3 "WheelScrollLines"=3 "WindowArrangementActive"=1 "ScreenSaveActive"=1 "Win8DpiScaling"=0 "DpiScalingVer"=4096 "UserPreferencesMask"=0x9E1E078012000000 "MaxVirtualDesktopDimension"=2560 "MaxMonitorDimension"=2560 "TranscodedImageCount"=1 "LastUpdated"=4294967295 "TranscodedImageCache"=0x7AC30100C8B2080000080000550500001534C998E7D4D10143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C00660062005C003300390034003800310038005F006F002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "Pattern Upgrade"=TRUE "WaitToKillAppTimeout"=200 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer] "ShowDriveLettersFirst"=0 "ShellState"=0x2400000037A8000000000000000000000000000001000000130000000000000062000000 "ExplorerStartupTraceRecorded"=1 "UserSignedIn"=1 "SIDUpdatedOnLibraries"=1 "LocalKnownFoldersMigrated"=1 "TelemetrySalt"=1 "GlobalAssocChangedCounter"=136 "FirstRunTelemetryComplete"=1 "AppReadinessLogonComplete"=1 "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D290100000114020000000000C000000000000046B60100005D54A9A2C2A0B4429708A0B2BADD77C88D000000119826C5294A1848A4BB111F9FC63A5F6D0000000000000000000000000000000000000000000000 "Browse For Folder Width"=434 "Browse For Folder Height"=480 "link"=0x17000000 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_SearchFiles"=2 "ServerAdminUI"=0 "Hidden"=1 "ShowCompColor"=1 "HideFileExt"=0 "DontPrettyPath"=0 "ShowInfoTip"=1 "HideIcons"=0 "MapNetDrvBtn"=0 "WebView"=1 "Filter"=0 "ShowSuperHidden"=1 "SeparateProcess"=0 "AutoCheckSelect"=0 "IconsOnly"=0 "ShowTypeOverlay"=1 "ShowStatusBar"=1 "ListviewAlphaSelect"=1 "ListviewShadow"=1 "TaskbarAnimations"=1 "StoreAppsOnTaskbar"=1 "EnableStartMenu"=1 "StartMenuInit"=13 "ReindexedProfile"=1 "TaskbarSizeMove"=0 "HideDrivesWithNoMedia"=0 "ShowTaskViewButton"=0 "AlwaysShowMenus"=1 "SharingWizardOn"=1 "TaskbarStateLastRun"=0xCB64815800000000 "NavPaneExpandToCurrentFolder"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "SmartScreenEnabled"=Off "GlobalAssocChangedCounter"=21 "MultipleInvokePromptMinimum"=10000 [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorUser"=3 "DSCAutomationHostEnabled"=2 "EnableCursorSuppression"=1 "EnableInstallerDetection"=1 "EnableLUA"=1 "EnableSecureUIAPaths"=1 "EnableUIADesktopToggle"=0 "EnableVirtualization"=1 "ValidateAdminCodeSignatures"=0 "undockwithoutlogon"=1 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "scforceoption"=0 "shutdownwithoutlogon"=1 "ConsentPromptBehaviorAdmin"=0 "PromptOnSecureDesktop"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer] "ForceActiveDesktopOn"=0 "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "NoRecentDocsHistory"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop] "NoAddingComponents"=1 "NoComponents"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel] "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1 "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1 "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1 "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1 "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1 "{871C5380-42A0-1069-A2EA-08002B30309D}"=1 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1 "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu] "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0 "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] "CheckedValue"=1 "DefaultValue"=2 "HKeyRoot"=2147483649 "Id"=2 "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Text"=@shell32.dll,-30500 "Type"=radio "ValueName"=Hidden [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer] "ActiveSetupDisabled"=0 "ActiveSetupTaskOverride"=1 "AsyncRunOnce"=1 "AsyncUpdatePCSettings"=1 "DisableAppInstallsOnFirstLogon"=1 "DisableResolveStoreCategories"=1 "DisableUpgradeCleanup"=1 "EarlyAppResolverStart"=1 "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7} "FSIASleepTimeInMs"=60000 "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11} "IconUnderline"=2 "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed} "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff} "MachineOobeUpdates"=1 "NoWaitOnRoamingPayloads"=1 "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd} "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD} "GlobalAssocChangedCounter"=20 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced] "Start_TrackDocs"=1 "TaskbarSizeMove"=0 [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations] "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s ---------- | Winlogon [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders "BuildNumber"=14393 "FirstLogon"=0 "PUUActive"=0x0840B93E010002006A00DC01A04616007112170098F45A00D100000002001200751E36BE0CC45E0096201D00B7CE0E00661D0D0044B70100000000005E4E1900A85D0000AE050000B1630646EA75D201A0461600000000000100000000000000 "ParseAutoexec"=1 [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "AutoRestartShell"=1 "Background"=0 0 0 "CachedLogonsCount"=10 "DebugServerCommand"=no "DefaultDomainName"= "DisableBackButton"=1 "EnableSIHostIntegration"=1 "ForceUnlockLogon"=0 "LegalNoticeCaption"= "LegalNoticeText"= "PasswordExpiryWarning"=5 "PowerdownAfterShutdown"=0 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "ReportBootOk"=1 "Shell"=explorer.exe "ShellCritical"=0 "ShellInfrastructure"=sihost.exe "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 "VMApplet"=SystemPropertiesPerformance.exe /pagefile "WinStationsDisabled"=0 "LastLogOffEndTimePerfCounter"=1059764830136 "ShutdownFlags"=7 "Userinit"=C:\Windows\system32\userinit.exe, "DisableCad"=1 "DisableLockWorkstation"=0 "scremoveoption"=0 "AutoAdminLogon"=0 "DefaultUserName"=John "EnableFirstLogonAnimation"=1 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon] "DefaultDomainName"= "DefaultUserName"= "EnableSIHostIntegration"=1 "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16} "Shell"=explorer.exe "ShellCritical"=0 "SiHostCritical"=0 "SiHostReadyTimeOut"=0 "SiHostRestartCountLimit"=0 "SiHostRestartTimeGap"=0 ---------- | Associations [HKLM\Software\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\Classes\.com] ""=comfile [HKLM\Software\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.reg] ""=regfile [HKLM\Software\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\Classes\.scr] ""=scrfile [HKLM\Software\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\Classes\.bat] ""=batfile [HKLM\Software\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.cmd] ""=cmdfile [HKLM\Software\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.pif] ""=piffile [HKLM\Software\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\Classes\.inf] ""=inffile [HKLM\Software\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\Classes\.url] ""=InternetShortcut [HKLM\Software\Classes\.lnk] ""=lnkfile [HKLM\Software\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Internet Shortcut [HKLM\Software\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKLM\Software\WOW6432Node\Classes\.exe] ""=exefile "Content Type"=application/x-msdownload [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command] ""="%1" %* "IsolatedCommand"="%1" %* [HKLM\Software\WOW6432Node\Classes\.com] ""=comfile [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.reg] ""=regfile [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command] ""=regedit.exe "%1" [HKLM\Software\WOW6432Node\Classes\.scr] ""=scrfile [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command] ""="%1" /S [HKLM\Software\WOW6432Node\Classes\.bat] ""=batfile [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.cmd] ""=cmdfile [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.pif] ""=piffile [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command] ""="%1" %* [HKLM\Software\WOW6432Node\Classes\.inf] ""=inffile [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command] ""=%SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\Software\WOW6432Node\Classes\.url] ""=InternetShortcut [HKLM\Software\WOW6432Node\Classes\.lnk] ""=lnkfile [HKLM\Software\WOW6432Node\Classes\.hta] ""=htafile "Content Type"=application/hta "PerceivedType"=text [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command] ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* [HKLM\Software\WOW6432Node\Classes\InternetShortcut] "EditFlags"=2 "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046 "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment "IsShortcut"= "NeverShowExt"= "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment ""=Internet Shortcut [HKLM\Software\WOW6432Node\Classes\Application.Manifest] ""=Application Manifest "BrowserFlags"=4096 "EditFlags"=4259840 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200 [HKLM\Software\WOW6432Node\Classes\Application.Reference] ""=Application Reference "EditFlags"=131072 "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201 "IsShortcut"= "NeverShowExt"= [HKLM\Software\WOW6432Node\Classes\Folder] ""=Folder "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay "ContentViewModeLayoutPatternForBrowse"=delta "ContentViewModeLayoutPatternForSearch"=alpha "EditFlags"=0xD2030000 "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus "NoRecentDocs"= "ThumbnailCutoff"=0 "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command] ""="C:\Program Files\Cyberfox\Cyberfox.exe" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command] ""="C:\Program Files\Cyberfox\Cyberfox.exe" [HKLM\Software\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 22:43:06] [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command] ""="C:\Program Files\Cyberfox\Cyberfox.exe" [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo] "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command] ""=C:\Program Files\Internet Explorer\iexplore.exe [16/07/2016 22:43:06] [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo] "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall ---------- | AppcompatFlags [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted] "C:\Windows\SysWow64\cmicnfgp.dll"=16 "C:\Users\John\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe"=1 "C:\Windows\system32\Cmicnfgp.cpl"=16 "C:\Windows\System32\cmicnfgp.dll"=16 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store] "C:\Users\John\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000 "C:\Program Files\AMD\CNext\CNext\cnext.exe"=0x5341435001000000000000000700000028000000C8424A0013654A0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000300000003000000 "C:\Program Files\Hekasoft Backup & Restore\hbr.exe"=0x5341435001000000000000000700000028000000008A0F0000000000010000000000000000000306F502000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000077EE2400000000000800000008000000 "C:\portable apps\xyplorer16.9\XYplorer.exe"=0x5341435001000000000000000700000028000000A0F16A008BC26B0001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000077598E00000000002B0000002B000000 "C:\Program Files\AVAST Software\Avast\VisthAux.exe"=0x534143500100000000000000070000002800000098DA04004FFC040001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006E000000000000000100000001000000 "C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\Activation.exe"=0x5341435001000000000000000700000028000000C0327F00D17E7F0001000000000000000000000A0021000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000010000000000000000100000001000000 "C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe"=0x5341435001000000000000000700000028000000C0721B03E8EC1B030100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000040000000000000000000000000000001B3A4F00000000003600000036000000 "C:\Program Files\Microsoft Office\Office14\OIS.EXE"=0x534143500100000000000000070000002800000048960400114905000100000000000000000002067322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000096160000000000000100000001000000 "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\burningstudio16.exe"=0x534143500100000000000000070000002800000070254F01772F4F0101000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000010A94C00000000000600000006000000 "C:\portable apps\CathyPortable\CathyPortable.exe"=0x5341435001000000000000000700000028000000FA450200000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7E72600000000000E0000000E000000 "C:\portable apps\Pazera 2.1\AudioExtractor.exe"=0x5341435001000000000000000700000028000000E8331600B9FF16000100000000000000000003067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B6250700000000000400000004000000 "C:\portable apps\Beyond Compare Pro.v4.1.5.Portablex64\BCompare.exe"=0x534143500100000000000000070000002800000010A14B02471B4C0201000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E8C80100000000000700000007000000 "C:\portable apps\CCleaner.Pro.Plus.v5.16.Portable.FR.7z\CCleaner64.exe"=0x5341435001000000000000000700000028000000D88A84004DE4840001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000CE7C0400000000000D0000000D000000 "C:\portable apps\Everything-1.3.4.686.x64\Everything.exe"=0x5341435001000000000000000700000028000000000016001741160001000000000000000000030673020000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000BD612D00000000000C0000000C000000 "C:\portable apps\netscan\64-bit\netscan.exe"=0x5341435001000000000000000700000028000000181219002CB5190001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8E80700000000000600000006000000 "C:\Program Files (x86)\Stardock\Fences\Fences.exe"=0x5341435001000000000000000700000028000000D8013C0019F03C0001000000000000000000000A8021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A0800200000000000500000005000000 "C:\portable apps\7-ZipPortable 15\7-ZipPortable.exe"=0x5341435001000000000000000700000028000000A08603006DFB03000100000000000000000001060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000002000000000000000000000000000416010000000000040000000300000000000000000000400000000000000000000000000000000075F60000000000000200000000000000 "C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe"=0x534143500100000000000000070000002800000048D1570040495800010000000000000000000206F122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F4C5FD0100000000FA000000FA000000 "C:\Program Files (x86)\Firetrust\MailWasher\Keygen\Firetrust.MailWasherPRO.2013.Keygen.exe"=0x5341435001000000000000000700000028000000AFA0000000000000010000000000000000000106F502000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000063910000000000000100000001000000 "C:\Program Files (x86)\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000780B0600886706000100000000000000000001067102000033504C2B57DFD1010000000000000000020000005000000000000000002000200000000000000000000000000000000040052100000000000100000001000000000000000000000000000000000000000000000000000000DE380100000000000100000000000000 "C:\portable apps\FSCapture84\FSCapture.exe"=0x534143500100000000000000070000002800000000284D000000000001000000000000000000000A6120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008744B301000000006801000068010000 "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe"=0x5341435001000000000000000700000028000000D85CAA00AE72AA0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ACF53100000000001500000015000000 "C:\Program Files\VueScan\vuescan.exe"=0x5341435001000000000000000700000028000000F03602016078020101000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006DF50300000000000900000009000000 "C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe"=0x534143500100000000000000070000002800000000414F0020894F000100000000000000000001067120000033504C2B57DFD101000000000000000002000000280000000000000000000010001000000000000000000000000000009A0F0800000000000700000007000000 "C:\portable apps\7-ZipPortable 15\App\7-Zip64\7zFM.exe"=0x534143500100000000000000070000002800000000CA0C000000000001000000000000000000000A73200000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003B330200000000000800000008000000 "C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 14\apc.exe"=0x534143500100000000000000070000002800000060D9740044CB750001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004EDB0300000000000300000003000000 "C:\portable apps\freefilesync8.2\FreeFileSync.exe"=0x5341435001000000000000000700000028000000C80C07002A96070001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000069581200000000000200000002000000 "C:\portable apps\XnView\xnview.exe"=0x5341435001000000000000000700000028000000D8ED4F006450500001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E6AE4A00000000003500000035000000 "C:\Program Files (x86)\i-Menu\i-Menu.exe"=0x534143500100000000000000070000002800000050974F0078F44F000100000000000000000002067122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A0F52D00000000000300000003000000 "C:\Program Files\PowerISO\PowerISO.exe"=0x5341435001000000000000000700000028000000883A3C00237F3C0001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000001000000000000000000000000056290900000000000F0000000F000000 "C:\portable apps\Bulk Rename\Bulk Rename Utility.exe"=0x534143500100000000000000070000002800000058CC110063CA120001000000000000000000030673220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000314F7500000000000400000004000000 "C:\portable apps\xyplorer17\XYplorer.exe"=0x5341435001000000000000000700000028000000A0316B00CC0E6C0001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000446BEA0300000000C4000000C4000000 "C:\portable apps\herd\Scanner_Portable\herdProtectScan.exe"=0x5341435001000000000000000700000028000000101510008E741000010000000000000000000306F5020000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100000000000000000000000000000D9DB0000000000000300000003000000 "C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"=0x534143500100000000000000070000002800000050D901007C4202000100000000000000000001067322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000066860000000000000100000001000000 "C:\portable apps\USBDiskEjector1.3.0.3\USB_Disk_Eject.exe"=0x534143500100000000000000070000002800000000E60E00000000000100000000000000000001067122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000068291900000000001500000015000000 "C:\Program Files\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"=0x5341435001000000000000000700000028000000888D0300D13704000300000000000000000001067322000059193B14E312D10100000000000000000100000004000000010000000200000028000000000000000000000000008000000000000000800000000000D5570000000000001B0000001B000000 "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"=0x5341435001000000000000000700000028000000C02AA601A460A6010100000000000000000001060001000059193B14E312D1010000000100000000 "C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B004210076B221000100000000000000000001060001000059193B14E312D1010000000100000000 "C:\portable apps\WPU\Wise Program Uninstaller\WiseProgramUninstaller.exe"=0x5341435001000000000000000700000028000000F81C3900E5DA390001000000000000000000000A7122000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007D5D0100000000000600000006000000 "C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe"=0x534143500100000000000000070000002800000000A20200CEFC02000100000000000000000002067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008CFDC500000000000F0000000F000000 "C:\portable apps\Pazera_Free_Audio_Extractor_PORTABLE\AudioExtractor.exe"=0x5341435001000000000000000700000028000000B8DF1900CE1B1A0001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000009D81C00000000000900000009000000 "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000541400449F140001000000010000000000000A0021000059193B14E312D1010000000000000000 "C:\portable apps\pathsync04BETA2-install\$INSTDIR\pathsync.exe"=0x534143500100000000000000070000002800000000BC01000000000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CA720100000000000600000006000000 "C:\Users\John\Desktop\rufus-2.6p.exe"=0x5341435001000000000000000700000028000000A83D0D00169D0D0001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E9590300000000000200000002000000 "C:\Users\John\Desktop\Universal-USB-Installer-1.9.5.9.exe"=0x5341435001000000000000000700000028000000899D1000000000000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E9310100000000000200000002000000 "C:\Users\John\Desktop\YUMI-2.0.2.7.exe"=0x5341435001000000000000000700000028000000A73D1500000000000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DCDA4900000000001100000011000000 "C:\Users\John\Desktop\XBootv1.0beta14\xbootvs1.0beta14.exe"=0x534143500100000000000000070000002800000000125A0000000000010000000000000000000106F122000019B4C529E312D10100000000000000000200000028000000000000000000000000100000000000000000000000000000A5240200000000000100000001000000 "C:\Users\John\Desktop\adwcleaner_6.010.exe"=0x534143500100000000000000070000002800000040623A005A663A0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000944D0000000000000200000002000000 "C:\Program Files\Inpaint\Inpaint.exe"=0x534143500100000000000000070000002800000000EADC000000000001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C68F0800000000000900000009000000 "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000B88D000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC0F1400000000000600000006000000 "C:\portable apps\Mp3tagPortable\Mp3tag.exe"=0x5341435001000000000000000700000028000000E8AE650079A666000100000000000000000001067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000AFCF0100000000000100000001000000 "C:\portable apps\canremember\CanRemember.exe"=0x534143500100000000000000070000002800000000680300000000000100000000000000000001066122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E7011000000000000700000007000000 "C:\Users\John\Desktop\LogAnalyzer.exe"=0x534143500100000000000000070000002800000048640F00CC6F0F0001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D63D2700000000000F0000000F000000 "C:\portable apps\photoline portable\plo\PhotoLine64.exe"=0x5341435001000000000000000700000028000000006E74010F05750101000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000010470900000000000700000007000000 "C:\Users\John\AppData\Local\AMD\CN\cimmanifest.exe"=0x534143500100000000000000070000002800000078F2010047DE02000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008D000000000000002A0000002A000000 "C:\Users\John\Desktop\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000001A2500B66725000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000049A40B00000000000700000007000000 "C:\Users\John\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000B02500E07826000100000000000000000003060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000005A90900000000000500000005000000 "C:\Users\John\Desktop\webcamonoff\webcam_on_off_v1.2\WebCam.exe"=0x534143500100000000000000070000002800000049540600000000000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E0E91B00000000000900000009000000 "C:\Users\John\Desktop\MiniToolBox.exe"=0x5341435001000000000000000700000028000000009E0D0036680E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000843A0100000000000500000005000000 "C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x53414350010000000000000007000000280000000037E8004F51E80001000000000000000000000A6120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000035657D01000000000A0000000A000000 "C:\Program Files\Classic Shell\ClassicShellUpdate.exe"=0x5341435001000000000000000700000028000000D82306009303070001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000000000000000000000000000000000000000CC1F0000000000000400000004000000 "C:\Program Files\Classic Shell\ClassicStartMenu.exe"=0x5341435001000000000000000700000028000000D87F02004D9C020001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000E00700000000000001000000010000000000000000000000000000000000000000000000000000003F000000000000000100000000000000 "C:\ProgramData\Stardock\Fences3\Update\Fences_3.03_setup_sd.exe"=0x5341435001000000000000000700000028000000680D930003D2930001000000000000000000000A0021000019B4C529E312D1010000000000000000 "C:\portable apps\xyplorer17.3\XYplorer.exe"=0x5341435001000000000000000700000028000000A0D16C000B366D0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AD7ECB0100000000A5000000A5000000 "C:\Users\John\Desktop\zoek.exe"=0x534143500100000000000000070000002800000000FA1300000000000100000000000000000001067102000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040001000000000000000000000000000007F0E0500000000000600000006000000 "C:\Users\John\Desktop\Windows ISO Downloader.exe"=0x534143500100000000000000070000002800000000D40700D848080001000000000000000000000AF5200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000060E52400000000000900000009000000 "C:\Users\John\Desktop\JRT.exe"=0x5341435001000000000000000700000028000000B8E6180017AD19000100000000000000000001067102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F1FE0000000000000500000005000000 "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe"=0x5341435001000000000000000700000028000000887B7A00161A7B0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000 "C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000033504C2B57DFD1010000000100000000 "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0960C005DE50C0001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Users\John\Desktop\affinity-photo-public-beta.exe"=0x534143500100000000000000070000002800000010DB57111148581101000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AB360100000000000100000001000000 "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"=0x5341435001000000000000000700000028000000B8DE15009A4F160001000000000000000000010600010000D5B3B31A57DFD1010000000100000000 "C:\Users\John\Desktop\ResetBrowser.exe"=0x534143500100000000000000070000002800000000C21800410A19000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E4F42000000000000200000002000000 "C:\Users\John\Desktop\DnsJumper\DnsJumper\DnsJumper.exe"=0x5341435001000000000000000700000028000000EDF30900000000000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001B0C2300000000000200000002000000 "C:\Program Files\Macrium\Reflect\reflect.exe"=0x5341435001000000000000000700000028000000B8910400DE33050001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000E1200100000000000600000006000000 "C:\Users\John\Desktop\flashplayer23_xa_install.exe"=0x5341435001000000000000000700000028000000D0481200294B120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EB820000000000000400000004000000 "C:\Users\John\Desktop\Windows_Repair_Toolbox_Portable.exe"=0x5341435001000000000000000700000028000000746F2000439E01000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008E710500000000000200000002000000 "C:\portable apps\Zemana\ZAMv2.10.2.18.exe"=0x5341435001000000000000000700000028000000C0114F00020000000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AA730D00000000000600000006000000 "C:\Users\John\Desktop\Zemana.AntiMalware.Setup.exe"=0x5341435001000000000000000700000028000000A8CD52000214F01C01000000000000000000000A0021000033504C2B57DFD1010000000000000000 "C:\Users\John\Desktop\devicecleanup\x64\DeviceCleanup.exe"=0x5341435001000000000000000700000028000000F08C0000A2EB000001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000042160100000000000100000001000000 "C:\Users\John\Desktop\Autoruns\Autoruns64.exe"=0x5341435001000000000000000700000028000000B0DE0C003DB40D0001000000000000000000030600010000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000005BDA5700000000000A000000070000000000000000000000000000000000000000000000000000003D460400000000000300000000000000 "C:\Users\John\Desktop\Autoruns\Autoruns.exe"=0x5341435001000000000000000700000028000000A0EA0A00A5BF0B000100000000000000000003060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000009F651400000000000900000008000000000000000000000000000000000000000000000000000000F1A30000000000000400000000000000 "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02001930030001000000010000000000000A7122000033504C2B57DFD1010000000000000000 "C:\Users\John\Desktop\install_flash_player_23_plugin.exe"=0x5341435001000000000000000700000028000000C0D6330140A7340101000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BE240000000000000100000001000000 "C:\Users\John\AppData\Local\Temp\PotUpdate\PotPlayerSetup64.exe"=0x534143500100000000000000070000002800000058924901AA214A010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007B590000000000000100000001000000 "C:\Users\John\Desktop\Cyberfox-50.0.en-US.win64-x86_64.intel.exe"=0x53414350010000000000000007000000280000004816140396FB140301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000890D0400000000000200000002000000 "C:\Users\John\Desktop\freefixer_portable\freefixer_portable\x64\freefixer.exe"=0x5341435001000000000000000700000028000000002843005992430001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000723E0300000000000100000001000000 "C:\Users\John\Desktop\ispring_free_cam_8_3_0.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000046740000000000000100000001000000 "C:\Users\John\Desktop\UVKPortable.exe"=0x534143500100000000000000070000002800000020B96100D729620001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000002060200000000000100000001000000 "C:\Users\John\Desktop\PicturesToExe.v8.0.20.Portable.FR\Main\PicturesToExe.exe"=0x5341435001000000000000000700000028000000F81C510088AE510001000000000000000000000A6120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5B40100000000000100000001000000 "C:\Users\John\Desktop\Snipaste-1.10.4-x64\Snipaste.exe"=0x534143500100000000000000070000002800000000F217000000000001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000 "C:\Users\John\Desktop\wink20\wink20.exe"=0x5341435001000000000000000700000028000000C3513300000000000100000000000000000001057100000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000000000000000000000000000000000823B0000000000000100000001000000 "C:\portable apps\Snagit.v12.4.1.B3036.Portable.FR\SnagitPortable.exe"=0x53414350010000000000000007000000280000006C310100000000000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040001000000000000000000000000000002C231600000000000100000001000000 "C:\Users\John\Desktop\Network Test\Network Test.exe"=0x5341435001000000000000000700000028000000001204000000000001000000000000000000000A5120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E5020200000000000100000001000000 "C:\Users\John\Desktop\UltraAdwareKiller64.exe"=0x5341435001000000000000000700000028000000E0B20F005B79100001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DEC30300000000000400000004000000 "C:\Users\John\Desktop\ALA-FAFag.exe"=0x5341435001000000000000000700000028000000A05E05000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000049A50000000000000100000001000000 "C:\Program Files (x86)\ALA\ALA.exe"=0x534143500100000000000000070000002800000000F802003365030001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000079AF0000000000000200000002000000 "C:\Users\John\Desktop\Cyberfox-50.0.2.en-US.win64-x86_64.intel.exe"=0x534143500100000000000000070000002800000078DC1303D080140301000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000BC94200000000000100000001000000 "C:\Program Files\Cyberfox\Cyberfox.exe"=0x5341435001000000000000000700000028000000D8AA0D0070920E0001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3D0D20100000000E8000000E8000000 "C:\Program Files\AVAST Software\Avast\avastui.exe"=0x5341435001000000000000000700000028000000C08F8A00AAD68A0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000600000006000000 "C:\Users\John\Desktop\usboblivion-1.11.2.0\USBOblivion64.exe"=0x5341435001000000000000000700000028000000006C2E0009CF2E0001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000016130100000000000100000001000000 "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"=0x534143500100000000000000070000002800000028D7FA00B67FFB0001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001C350600000000000500000005000000 "C:\Users\John\Desktop\mb3-setup-consumer-3.0.4.1269.exe"=0x5341435001000000000000000700000028000000B8FF1803D6E9190301000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000024050900000000000100000001000000 "C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0AF05005F46060001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000FA000000000000000300000003000000 "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0937C00CB2C7D0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3290600000000000300000003000000 "C:\Users\John\Desktop\ccsetup525\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8BA8D000DCD8D0001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B0030200000000000200000002000000 "C:\Users\John\Desktop\CCEnhancer-4.4.1.exe"=0x5341435001000000000000000700000028000000004E04000000000001000000000000000000000AF122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C9250300000000000100000001000000 "C:\Users\John\Desktop\avidemux_2.6.15_win64.exe"=0x5341435001000000000000000700000028000000EC9B38018D1801000100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000037930000000000000100000001000000 "C:\Users\John\Desktop\avidemux_2.6.15_win64\avidemux_portable.exe"=0x534143500100000000000000070000002800000000CE28001C1D290001000000000000000000000A73200000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1600900000000000100000001000000 "C:\Users\John\Desktop\system-ninja-portable-3.1\System Ninja\System Ninja.exe"=0x5341435001000000000000000700000028000000004A0F000000000001000000000000000000000AF5220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400400000000000000000000000000000021980500000000000400000004000000 "C:\Users\John\Desktop\VLCPortable_2.2.4.paf.exe"=0x53414350010000000000000007000000280000008038A3012983A30101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002C8D0000000000000100000001000000 "C:\Users\John\Desktop\VLCPortable\VLCPortable.exe"=0x5341435001000000000000000700000028000000B8130200963302000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FB8D0600000000000200000002000000 "C:\Users\John\Desktop\Autoruns\autorunsc64.exe"=0x5341435001000000000000000700000028000000B0580B003C080C0001000000000000000000030600010000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000097010000000000000100000001000000 "C:\Users\John\Desktop\jaBuT_12.0.60_Portable_x64\jaBuT.exe"=0x534143500100000000000000070000002800000000A8C3000000000001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000075470400000000000100000001000000 "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe"=0x5341435001000000000000000700000028000000C0ED01003ABB020001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000637C0000000000000200000002000000 "C:\Users\John\Desktop\TidyTabs\TidyTabs.Daemon.exe"=0x5341435001000000000000000700000028000000B8801600FE02170001000000000000000000000A0021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004F640500000000000100000001000000 "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000D8579F011141A00101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000010000000000000000000000000000000008BE73D01000000001900000019000000 "C:\Users\John\Desktop\FreeFileSync_8.8_Windows_Setup.exe"=0x534143500100000000000000070000002800000070BBB00061B7B10001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005A050100000000000100000001000000 "C:\Program Files\FreeFileSync\FreeFileSync.exe"=0x5341435001000000000000000700000028000000C81A07004DE1070001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E5F9CF01000000000500000005000000 "C:\Users\John\Desktop\vc_redist.x86.exe"=0x53414350010000000000000007000000280000006014D2004B2FD20001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000B540000000000000100000001000000 "C:\Users\John\Desktop\vc_redist.x64.exe"=0x5341435001000000000000000700000028000000E059DE00D594DE0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B2190000000000000100000001000000 "C:\Users\John\Desktop\FreemakeVideoDownloaderSetup.exe"=0x5341435001000000000000000700000028000000487F1C002FA31C000100000000000000000002060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000044980E00000000000100000001000000 "C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000324D0E00000000000100000001000000 "C:\Users\John\Desktop\adwcleaner_6.042.exe"=0x5341435001000000000000000700000028000000D0DD3C00E49E3D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000015DF0000000000000100000001000000 "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000C87F07008415080001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000001E50000000000000100000001000000 "C:\Users\John\Desktop\avast_free_antivirus_setup_offline.exe"=0x534143500100000000000000070000002800000040B9C70D6EDEC70D01000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E4D40000000000000100000001000000 "C:\Users\John\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000EC2400CDB1250001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008AED2800000000000700000007000000 "C:\Users\John\Desktop\NoDefender\NoDefender.exe"=0x534143500100000000000000070000002800000000F615000000000001000000000000000000000AF522000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000056DC0000000000000100000001000000 "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe"=0x5341435001000000000000000700000028000000F07ED700A1E0D7000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006E000000000000000100000001000000 "C:\Users\John\Desktop\ALA-FAHai.exe"=0x5341435001000000000000000700000028000000937605000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000020BE0000000000000100000001000000 "C:\Users\John\Desktop\flashplayer24_xa_install.exe"=0x534143500100000000000000070000002800000068541200695F120001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000B470000000000000100000001000000 "C:\Users\John\Desktop\xyplorer 17.5_full_noinstall\XYplorer.exe"=0x5341435001000000000000000700000028000000A0C16F00452E700001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004DE00000000000000600000006000000 "C:\portable apps\xyplorer 17.5_full_noinstall\XYplorer.exe"=0x5341435001000000000000000700000028000000A0C16F00452E700001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000042A6B500000000000100000001000000 "C:\Users\John\Desktop\rmtool-setup-x64.exe"=0x534143500100000000000000070000002800000060AA620074EC62000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000A742700000000000100000001000000 "C:\Users\John\Desktop\quickdiag_3_23.01.17.4.exe"=0x5341435001000000000000000700000028000000A81B25007B28250001000000000000000000000A0021000033504C2B57DFD1010000000000000000 ---------- | IFEO ---------- | Mountpoints2 ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows] "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "Beep"=#USR:Control Panel\Sound "CoolSwitch"=USR:Control Panel\Desktop "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "DoubleClickHeight"=#USR:Control Panel\Mouse "DoubleClickSpeed"=#USR:Control Panel\Mouse "DoubleClickWidth"=#USR:Control Panel\Mouse "DragFullWindows"=USR:Control Panel\Desktop "InitialKeyboardIndicators"=USR:Control Panel\Keyboard "LowPowerActive"=#USR:Control Panel\Desktop "LowPowerTimeOut"=#USR:Control Panel\Desktop "MouseSpeed"=#USR:Control Panel\Mouse "MouseThreshold1"=#USR:Control Panel\Mouse "MouseThreshold2"=#USR:Control Panel\Mouse "PowerOffActive"=#USR:Control Panel\Desktop "PowerOffTimeOut"=#USR:Control Panel\Desktop "ScreenSaveActive"=#USR:Control Panel\Desktop "ScreenSaveTimeOut"=#USR:Control Panel\Desktop "SnapToDefaultButton"=#USR:Control Panel\Mouse "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS "SwapMouseButtons"=#USR:Control Panel\Mouse "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot] ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot "ScreenSaverActive"=USR:Control Panel\Desktop "ScreenSaverIsSecure"=USR:Control Panel\Desktop "SCRNSAVE.EXE"=USR:Control Panel\Desktop "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems] "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows Defender] "UIFirstRun"=0 [HKLM\SOFTWARE\Microsoft\Security Center] "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc] "VistaSp1"=131232285865150640 [HKLM\SOFTWARE\Microsoft\Windows Defender] "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100 "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000 "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe "DisableAntiSpyware"=1 "ProductType"=2 "ManagedDefenderProductType"=0 "ProductStatus"=0 "InstallTime"=0x86F05259D3DED101 "OOBEInstallTime"=0x3446DD8145DED101 "DisableAntiVirus"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall"=1 ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist) ---------- | Hosts ---------- | @ [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Internet Explorer\Main] "Anchor Underline"=yes "Cache_Update_Frequency"=Once_Per_Session "Disable Script Debugger"=yes "DisableScriptDebuggerIE"=yes "Display Inline Images"=yes "Do404Search"=0x01000000 "Local Page"=C:\WINDOWS\system32\blank.htm "Save_Session_History_On_Exit"=no "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Show_FullURL"=no "Show_StatusBar"=yes "Show_ToolBar"=yes "Show_URLinStatusBar"=yes "Show_URLToolBar"=yes "Use_DlgBox_Colors"=yes "UseClearType"=no "XMLHTTP"=1 "Enable Browser Extensions"=yes "Play_Background_Sounds"=yes "Play_Animations"=yes "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "ImageStoreRandomFolder"=knuaetx "OperationalData"=13 "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160223-1728 "CompatibilityFlags"=0 "FullScreen"=no "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF66030000BC0000005707000052030000 "Start Page_TIMESTAMP"=0x02757089923CD201 "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"= "IE10RunOnceLastShown"=1 "IE10RunOnceLastShown_TIMESTAMP"=0x0919577BA36BD201 "IE10TourShown"=1 "IE10TourShownTime"=0x3BE275040F3BD201 "NotifyDownloadComplete"=yes "Start Page Redirect Cache_TIMESTAMP"=0x5529FE71923CD201 "Start Page Redirect Cache AcceptLangs"=en-US "ScriptDebugger_EnableHiddenTabs"=0 "StatusBarWeb"=1 "ForceGDIPlus"=0 "AlwaysShowMenus"=0 "ShutdownWaitForOnUnload"=0 "DNSPreresolution"=8 "SpellChecking"=1 "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8} "DisablePasswordReveal"=0 "Check_Associations"=yes "DisableRequiresActiveXPrompt"= "SuppressScriptDebuggerDialog"=0 "PredictedViewExpansion"=100 "PredictedViewChangeThreshold"=10 "PredictedViewChangeThresholdPaint"=10 "ContentLayerCacheExpansion"=300 "RenderingLoopMaxTime"=250 "NscSingleExpand"=0 "Error Dlg Displayed On Every Error"=no "Friendly http errors"=yes "CSS_Compat"=doctype "Expand Alt Text"=no "Display Inline Videos"=1 "Use Stylesheets"=1 "SmoothScroll"=1 "Show image placeholders"=0 "Disable Diagnostics Mode"=no "Move System Caret"=no "Enable AutoImageResize"=yes "UseThemes"=1 "UseHR"=0 "Q300829"=0 "Cleanup HTCs"=0 "XDomainRequest"=1 "DOMStorage"=1 "EnableAlternativeCodec"=yes "JScriptProfileCacheEventDelay"=5000 "HideLocalHostIP"=0 "CrossfadeMinTimeoutInMS"=30000 "CrossfadeMaxTimeoutInMS"=30000 "CrossfadeCurrentTimeoutInMS"=30000 "ScrollTimeoutInMS"=6000 "DisableFirstRunCustomize"=0 "IE10RunOncePerInstallCompleted"=0 "IE10TourNoShow"=0 "IE10RecommendedSettingsNo"=0 "FrameTabWindow"=1 "AdminTabProcs"=1 "SessionMerging"=1 "FrameMerging"=1 "HangRecovery"=1 "DesktopTransparentCoverWindowTime"=8 "TSEnable"=1 "Isolation"=PMIL "Isolation64Bit"=0 "IsolationImmersive"=PMEM "TabShutdownDelay"=60000 "FrameShutdownDelay"=0 "NoUpdateCheck"=1 "Search Bar"=Preserve "MinIEEnabled"=1 "RefcountTracker"=0 "TabDragOnSingleProc"=0 "ForceBFCacheCandidacyPass"=0 "Fasterback"=1 "BackForwardInstrumentation"=0 "Start Page"=https://www.google.com.au/ [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings] "DisableCachingOfSSLPages"=0 "IE5_UA_Backup_Flag"=5.0 "PrivacyAdvanced"=1 "SecureProtocols"=2688 "CertificateRevocation"=1 "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32) "ZonesSecurityUpgrade"=0x3BE275040F3BD201 "WarnonZoneCrossing"=0 "EnableNegotiate"=1 "MigrateProxy"=1 "ProxyEnable"=0 "UrlEncoding"=0 "EnableAutodial"=0 "NoNetAutodial"=0 "EnableHttp1_1"=1 "ProxyHttp1.1"=1 "EnableHTTP2"=1 "BackgroundConnections"=1 "SyncMode5"=4 "EmailName"=IEUser@ "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges "EnableSSL3Fallback"=1 "EnablePunycode"=1 "ShowPunycode"=0 "CreateUriCacheSize"=80 "CoInternetCombineIUriCacheSize"=80 "SecurityIdIUriCacheSize"=30 "SpecialFoldersCacheSize"=8 "PrivDiscUiShown"=1 "WarnOnIntranet"=1 "AutoConfigProxy"=wininet.dll "UseSchannelDirectly"=0x01000000 [HKLM\Software\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\System32\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE "EnableAutoUpgrade"=0 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main] "Anchor_Visitation_Horizon"=0x01000000 "ApplicationTileImmersiveActivation"=1 "AssociationActivationMode"=0 "AutoHide"=yes "Cache_Percent_of_Disk"=0x0A000000 "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Delete_Temp_Files_On_Exit"=yes "Enable_Disk_Cache"=yes "Extensions Off Page"=about:NoAdd-ons "Local Page"=C:\Windows\SysWOW64\blank.htm "Placeholder_Height"=0x1A000000 "Placeholder_Width"=0x1A000000 "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141 "Use_Async_DNS"=yes "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs] "blank"=res://mshtml.dll/blank.htm "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm "Home"=270 "InPrivate"=res://ieframe.dll/inprivate.htm "NavigationCanceled"=res://ieframe.dll/navcancl.htm "NavigationFailure"=res://ieframe.dll/navcancl.htm "NoAdd-ons"=res://ieframe.dll/noaddon.htm "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm "PostNotCached"=res://ieframe.dll/repost.htm "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes] "ftp"=ftp:// "home"=http:// "mosaic"=http:// "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings] "ActiveXCache"=C:\Windows\Downloaded Program Files "CodeBaseSearchPath"=CODEBASE "EnablePunycode"=1 "MinorVersion"=0 "WarnOnIntranet"=1 ---------- | reparsepoint ---------- | Detection of offsets ---------- | Notify ---------- | Execution FileExts [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSR] "progid"=Potplayer.nsr ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} -- C:\Program Files\AVAST Software\Avast\ashShA64.dll [30/08/2016 15:05:08] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} -- C:\Windows\System32\EhStorShell.dll [16/07/2016 22:42:17] [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} -- %SystemRoot%\System32\cscui.dll [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} -- [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} -- ---------- | Toolbar [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "Locked"=1 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser] "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 "ITBar7Height"=21 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} "Version"=5 "UpgradeTime"=0x3BE275040F3BD201 [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A} ---------- | Extensions ---------- | SearchScopes [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | ElevationPolicy [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{000209FF-0000-0000-C000-000000000046}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03288CB3-3893-46D1-8D58-B2F8BB6FF5BF}] - (C:\Program Files\Microsoft Office\Office14) - MSACCESS.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE903C-2776-4574-9855-EC1597ABE3D6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57ddcd4f-cedc-489f-bc0e-8b68e565478f}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YJACKDE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643CDDDA-BB87-4B3D-BB82-E8BF99DBF2C6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\Office14) - NAMECONTROLSERVER.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a27aa6b7-4726-4a86-9759-3882af8f6594}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YARNKDE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73D8D09-594A-431F-AB27-72AF4FCF25CF}] - (C:\Program Files\Microsoft Office\Office14) - MSACCESS.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1750F5-7ECC-4DAA-AA46-CFC6EE89A953}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dcf785e6-be49-4097-9954-187dfc881d20}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YPREKDE.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6A6CA96-B08E-4429-BA30-39232494F292}] - (C:\Program Files\Microsoft Office\Office14) - MSPUB.EXE : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC88B53C-9B2A-1A25-5867-C8612E79DBF6}] - (C:\Program Files\Microsoft Office\Office14) - POWERPNT.EXE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{000209FF-0000-0000-C000-000000000046}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE903C-2776-4574-9855-EC1597ABE3D6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643CDDDA-BB87-4B3D-BB82-E8BF99DBF2C6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788}] - (C:\Program Files\Microsoft Office\Office14) - winproj.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\Office14) - NAMECONTROLSERVER.EXE : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1750F5-7ECC-4DAA-AA46-CFC6EE89A953}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () - : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC88B53C-9B2A-1A25-5867-C8612E79DBF6}] - (C:\Program Files\Microsoft Office\Office14) - POWERPNT.EXE : ---------- | Ext\Settings [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] : : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL ---------- | Ext\Stats [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] : : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] : : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] : : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [06/03/2013 08:37:48] ---------- | Chrome ---------- | Opera ---------- | Firefox [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL ---------- | DNS [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7173e2d8-f7f2-4250-b930-9c99644fecc5}] "NameServer"=8.8.8.8,8.8.4.4 [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7173e2d8-f7f2-4250-b930-9c99644fecc5}] "NameServer"=8.8.8.8,8.8.4.4 ---------- | ActiveX [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - -> [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - -> [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - -> [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - -> [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\inf\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{31699572-6286-3C1C-A03C-511D59181038}] - (.NET Framework) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> U [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{71A5A636-652F-3BE0-BC14-02545E9F5EC7}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - -> ---------- | Applications [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\FSCapture.exe] : "C:\portable apps\FSCapture84\FSCapture.exe" "%1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\Inpaint.exe] : "C:\Program Files\Inpaint\Inpaint.exe" "%1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\VideoReDo4.exe] : "C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe" "%1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\xnview.exe] : "C:\portable apps\XnView\xnview.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office14\OIS.EXE /shellOpen "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1 [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L" [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af} Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68} Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba} Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3} Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5} Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030} Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd} Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B} Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B} Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23} Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168} Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299} Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96} Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A} Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B} Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3} Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3} Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94} Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1} Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C} Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de} Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E} Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666} Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80} Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0} Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B} Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC} Name: DelayAPO - AppID: {158401D3-257E-422E-9033-9C465D3F262E} Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A} Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A} Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31} Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC} Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6} Name: Office Licensing COM Server 14 - AppID: {1E886174-DC88-4B83-8BC5-66409EC75F14} Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c} Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0} Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2} Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7} Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717} Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526} Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137} Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829} Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97} Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e} Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF} Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798} Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E} Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69} Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32} Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E} Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A} Name: InstallAgentUserBroker - AppID: {28d08f70-46eb-4f26-a6cb-54b75132e100} Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78} Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A} Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5} Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37} Name: ConvertToPDFShellExtension - AppID: {2EAE6086-084B-4C42-B2CA-B30549B3D047} Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C} Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD} Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5} Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7} Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606} Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97} Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B} Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F} Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90} Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d} Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB} Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C} Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2} Name: HP Status Server - AppID: {3B05F114-4087-4557-8952-AAF023709EB0} Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6} Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1} Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F} Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e} Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7} Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683} Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25} Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c} Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91} Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E} Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8} Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775} Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85} Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9} Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29} Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C} Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E} Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849} Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077} Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF} Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB} Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d} Name: IndexedDbCacheServer - AppID: {49f6e667-6658-4bd1-9de9-6af87f9faf85} Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A} Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17} Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C} Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC} Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94} Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345} Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B} Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630} Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25} Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601} Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1} Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919} Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8} Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5} Name: Offline Files Service - AppID: {52551A19-B337-498d-AE75-2283E29902DE} Name: FsrmPropertiesPropSheet - AppID: {52FC5917-F4E4-4C78-B469-20E722379F6C} Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B} Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B} Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C} Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660} Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E} Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b} Name: HP Port Resolver - AppID: {55F3F296-4775-4AE9-B0AA-52393842EF3C} Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF} Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B} Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212} Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC} Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2} Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61} Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6} Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309} Name: PrintBrmEngine - AppID: {5C797117-3B23-4549-A6D8-475AB3B62228} Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1} Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF} Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25} Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1} Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D} Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327} Name: StartMenuHelper - AppID: {62D2FBE4-89F7-48A5-A35F-DA2B8A3C54B7} Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2} Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E} Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E} Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6} Name: AvAScr - AppID: {66A841F2-956C-4631-BFE7-C90225F417D6} Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30} Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8} Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F} Name: Watson subscriber for SENS Network Events - AppID: {6CF90891-3E04-4092-B96C-28E071EEEACB} Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b} Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56} Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56} Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B} Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D} Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce} Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca} Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8} Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5} Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23} Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e} Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC} Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD} Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED} Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436} Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950} Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070} Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100} Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d} Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7} Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829} Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7} Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32} Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6} Name: MediaMonkey - AppID: {7DB2DA7A-8F3D-4329-990C-32E15C849F00} Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB} Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715} Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034} Name: GPMC Reporting - AppID: {7f9bbc82-ba5f-4448-8622-ef76b8d007e6} Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629} Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B} Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F} Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850} Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE} Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059} Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54} Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24} Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED} Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820} Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854} Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB} Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee} Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D} Name: AppVClient - AppID: {8D315960-32C4-4235-8369-901DF222816F} Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C} Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2} Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb} Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444} Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db} Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F} Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139} Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60} Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE} Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7} Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39} Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276} Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8} Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030} Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D} Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57} Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811} Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe} Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3} Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357} Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6} Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C} Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24} Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121} Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0} Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F} Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50} Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D} Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800} Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C} Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22} Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94} Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41} Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325} Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d} Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871} Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1} Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA} Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1} Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492} Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E} Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA} Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C} Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599} Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2} Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D} Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755} Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287} Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4} Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70} Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B} Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145} Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B} Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41} Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b} Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D} Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880} Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF} Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6} Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412} Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF} Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1} Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E} Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444} Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D} Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3} Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5} Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F} Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8} Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9} Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81} Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D} Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C} Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125} Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F} Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad} Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B} Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F} Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF} Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF} Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933} Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2} Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03} Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395} Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7} Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5} Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937} Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652} Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30} Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03} Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6} Name: IndexedDbBrokerServer - AppID: {dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6} Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61} Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a} Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44} Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5} Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F} Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E} Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E} Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212} Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB} Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7} Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F} Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A} Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9} Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886} Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8} Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5} Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90} Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4} Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A} Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB} Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8} Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744} Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A} Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A} Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A} Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58} Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147} Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7} Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522} Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC} Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09} Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7} Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B} Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801} Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A} Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248} Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717} Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9} Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8} Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a} Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E} Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996} Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7} Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333} Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E} Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb} Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160} Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137} Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9} Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00} Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C} Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D} Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7} Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{37B05236-FFB5-4D42-B0C8-4A36CBF1BE62}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{37B05236-FFB5-4D42-B0C8-4A36CBF1BE62}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{52FC5917-F4E4-4C78-B469-20E722379F6C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{52FC5917-F4E4-4C78-B469-20E722379F6C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546" Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{7f9bbc82-ba5f-4448-8622-ef76b8d007e6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{7f9bbc82-ba5f-4448-8622-ef76b8d007e6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6" Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708" Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11" Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D63377CC-5B83-4213-BCA8-1E6CD0462F2A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{D63377CC-5B83-4213-BCA8-1E6CD0462F2A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628" Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551" Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950" Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20" Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18" Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544" ---------- | SvcHost [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost] "bthaudiosvc"=BthHFSrv "DcomLaunch"=Power LSM BrokerInfrastructure PlugPlay DeviceInstall SystemEventsBroker DcomLaunch "defragsvc"=defragsvc "LocalServiceNetworkRestricted"=TimeBrokerSvc wscsvc LmHosts AppIDSvc homegroupprovider NgcCtnrSvc AJRouter icssvc wcmsvc eventlog AudioSrv DHCP RmSvc vmictimesync "RPCSS"=RpcEptMapper RpcSs "sdrsvc"=sdrsvc "utcsvc"=DiagTrack "WepHostSvcGroup"=WepHostSvc "LocalService"=nsi WdiServiceHost EventSystem RemoteRegistry SstpSvc netprofm lltdsvc fdphost bthserv PhoneSvc WebClient workfolderssvc w32time WinHttpAutoProxySvc FontCache LicenseManager CDPSvc tzautoupdate "LocalSystemNetworkRestricted"=HvHost WdiSystemHost ScDeviceEnum WiaRpc trkwks WUDFSvc hidserv dot3svc DsSvc WPDBusEnum fhsvc sysmain irmon EmbeddedMode DevQueryBroker svsvc Netman TabletInputService PcaSvc SmsRouter homegrouplistener vmicvss wlansvc NcbService CscService UmRdpService NgcSvc AudioEndpointBuilder SensorService DeviceAssociationService vmickvpexchange vmicshutdown vmicguestinterface vmicvmsession StorSvc "netsvcs"=CertPropSvc SCPolicySvc lanmanserver gpsvc IKEEXT iphlpsvc seclogon AppInfo msiscsi EapHost schedule winmgmt browser SessionEnv wercplsupport shpamsvc Themes lfsvc DmEnrollmentSvc FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr dmwappushservice WpnService XboxNetApiSvc DcpSvc RetailDemo BDESVC DsmSvc NcaSvc AppMgmt ProfSvc UserManager dosvc XblAuthManager wisvc XblGameSave UsoSvc NetSetupSvc wlidsvc "WerSvcGroup"=wersvc "WbioSvcGroup"=WbioSrvc "LocalServiceNoNetwork"=DPS PLA BFE NcdAutoSetup mpssvc WwanSvc CoreMessagingRegistrar "imgsvc"=StiSvc "termsvcs"=TermService "swprv"=swprv "smphost"=smphost "ICService"=vmicrdv vmicheartbeat "wsappx"=clipsvc AppXSvc "Camera"=FrameServer "LocalServicePeerNet"=PNRPSvc p2pimsvc p2psvc PnrpAutoReg "NetworkServiceAndNoImpersonation"=KtmRm "appmodel"=TileDataModelSvc WalletService EntAppSvc StateRepository "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr QWAVE fdrespub wcncsvc SensrSvc BthHFSrv "NetworkServiceNetworkRestricted"=PolicyAgent "AxInstSVGroup"=AxInstSV "AppReadiness"=AppReadiness "NetworkService"=CryptSvc WECSVC MapsBroker DHCP TermService Tapisrv nlasvc lanmanworkstation WinRM DNSCache "smbsvcs"=lanmanserver browser "UnistackSvcGroup"=UnistoreSvc UserDataSvc OneSyncSvc MessagingService WpnUserService PimIndexMaintenanceSvc CDPUserSvc "PeerDist"=PeerDistSvc "print"=PrintNotify "HPZ12"=Pml Driver HPZ12 Net Driver HPZ12 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost] "netsvcs"=CertPropSvc SCPolicySvc lanmanserver gpsvc iphlpsvc msiscsi schedule winmgmt SessionEnv FastUserSwitchingCompatibility Ias Irmon Nla Ntmssvc NWCWorkstation Nwsapagent Rasauto Rasman Remoteaccess SENS Sharedaccess SRService Tapisrv Wmi WmdmPmSp wuauserv BITS ShellHWDetection LogonHours PCAudit helpsvc uploadmgr AppMgmt UserManager NetSetupSvc "LocalSystemNetworkRestricted"=ScDeviceEnum WiaRpc dot3svc Netman WPDBusEnum NcbService wlansvc AudioEndpointBuilder DeviceAssociationService "LocalService"=netprofm WebClient WinHttpAutoProxySvc "imgsvc"=StiSvc "LocalServiceNoNetwork"=PLA "smphost"=smphost "rpcss"=RpcSs "LocalServiceNetworkRestricted"=wscsvc LmHosts AudioSrv DHCP "appmodel"=StateRepository "LocalServiceAndNoImpersonation"=SSDPSRV upnphost SCardSvr QWAVE wcncsvc BthHFSrv "DcomLaunch"=PlugPlay DeviceInstall DcomLaunch "NetworkService"=CryptSvc WECSVC DHCP TermService Tapisrv WinRM DNSCache "smbsvcs"=lanmanserver ---------- | SvcHost - Netsvcs (Whitelisted) ---------- | Software [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\4kdownload.com] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\7-zip] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Adlice Software] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Adobe] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Akeo Consulting] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AMD] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AppDataLow] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Ashampoo] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ATI] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AudioFX] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AVAST Software] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\BitTorrent] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\C-Media] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Caphyon] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\CMEDIA] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Computerinsel] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Daum] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\DRD Systems] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\EaseUS] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Elecard] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\EPSON] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\FastStone] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\FireTrust] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Foxit Software] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\g3n-h@ckm@n] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\geissplugin] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\GNU] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Google] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Hewlett-Packard] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\IM Providers] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\iSpring Solutions] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\IvoSoft] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Kingsoft] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\LogiShrd] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\macrium] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Macromedia] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Malwarebytes] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\MediaMonkey] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mirage] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mozilla] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mozilla Backup] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Netscape] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Nurgo-Software] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\O&O] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ODBC] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Paramount Software (UK) Ltd.] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PCurVersion] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PEiD] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Piriform] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Policies] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PowerISO] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\QtProject] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Reason] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\RegisteredApplications] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\roamingdevice] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Skype] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Softpointer] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Solveig Multimedia] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Spoon] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Stardock] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Sys] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Sysinternals] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\techPowerUp] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Teorex] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\TGRMN Software] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Thunderbird] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\TPV] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Trolltech] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\VS Revo Group] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\VueScan] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Winamp] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Wow6432Node] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ZebHelpProcess Helper] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Zemana] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\AppDataLow\Software\Microsoft] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\DWM] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Roaming] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Shell] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\TabletPC] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Windows Error Reporting] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\AMD] [HKLM\Software\ASIO] [HKLM\Software\ATI] [HKLM\Software\ATI Technologies] [HKLM\Software\BANDISOFT] [HKLM\Software\Clients] [HKLM\Software\DAUM] [HKLM\Software\EPSON] [HKLM\Software\Foxit Software] [HKLM\Software\g3n-h@ckm@n] [HKLM\Software\Hewlett-Packard] [HKLM\Software\IM Providers] [HKLM\Software\Intel] [HKLM\Software\IvoSoft] [HKLM\Software\Khronos] [HKLM\Software\Logishrd] [HKLM\Software\Logitech] [HKLM\Software\Macrium] [HKLM\Software\Macromedia] [HKLM\Software\Microsoft] [HKLM\Software\Mozilla] [HKLM\Software\MozillaPlugins] [HKLM\Software\ODBC] [HKLM\Software\OEM] [HKLM\Software\Partner] [HKLM\Software\Policies] [HKLM\Software\RegisteredApplications] [HKLM\Software\Serif] [HKLM\Software\sysinternals] [HKLM\Software\UVK - Ultra virus killer backups] [HKLM\Software\Volatile] [HKLM\Software\VueScan] [HKLM\Software\WOW6432Node] [HKLM\Software\Zemana] [HKLM\Software\ZmnGlobalSDK] [HKLM\Software\Microsoft\Windows\ClickNote] [HKLM\Software\Microsoft\Windows\Configuration] [HKLM\Software\Microsoft\Windows\CurrentVersion] [HKLM\Software\Microsoft\Windows\DWM] [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\Microsoft\Windows\Help] [HKLM\Software\Microsoft\Windows\HTML Help] [HKLM\Software\Microsoft\Windows\ITStorage] [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics] [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\Microsoft\Windows\Shell] [HKLM\Software\Microsoft\Windows\Tablet PC] [HKLM\Software\Microsoft\Windows\TabletPC] [HKLM\Software\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\Microsoft\Windows\Windows Search] [HKLM\Software\Microsoft\Windows NT\CurrentVersion] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport] [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx] [HKLM\Software\WOW6432Node\2BrightSparks] [HKLM\Software\WOW6432Node\8pecxstudios] [HKLM\Software\WOW6432Node\ALA] [HKLM\Software\WOW6432Node\Ashampoo] [HKLM\Software\WOW6432Node\ASIO] [HKLM\Software\WOW6432Node\ASUS Xonar Essence STX Audio] [HKLM\Software\WOW6432Node\ATI] [HKLM\Software\WOW6432Node\ATI Technologies] [HKLM\Software\WOW6432Node\AVAST Software] [HKLM\Software\WOW6432Node\BANDISOFT] [HKLM\Software\WOW6432Node\Caphyon] [HKLM\Software\WOW6432Node\EPSON] [HKLM\Software\WOW6432Node\Foxit Software] [HKLM\Software\WOW6432Node\FreeFileSync] [HKLM\Software\WOW6432Node\Google] [HKLM\Software\WOW6432Node\IM Providers] [HKLM\Software\WOW6432Node\Intel] [HKLM\Software\WOW6432Node\Khronos] [HKLM\Software\WOW6432Node\Licenses] [HKLM\Software\WOW6432Node\macrium] [HKLM\Software\WOW6432Node\Macromedia] [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware] [HKLM\Software\WOW6432Node\Marvell] [HKLM\Software\WOW6432Node\Microsoft] [HKLM\Software\WOW6432Node\Mozilla] [HKLM\Software\WOW6432Node\MozillaPlugins] [HKLM\Software\WOW6432Node\ODBC] [HKLM\Software\WOW6432Node\OpenAL] [HKLM\Software\WOW6432Node\PowerISO] [HKLM\Software\WOW6432Node\Skype] [HKLM\Software\WOW6432Node\Stardock] [HKLM\Software\WOW6432Node\Virustotal] [HKLM\Software\WOW6432Node\Volatile] [HKLM\Software\WOW6432Node\webroot] [HKLM\Software\WOW6432Node\WOW6432Node] [HKLM\Software\WOW6432Node\WRData] [HKLM\Software\WOW6432Node\Clients] [HKLM\Software\WOW6432Node\Policies] [HKLM\Software\WOW6432Node\RegisteredApplications] [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager] [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help] [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage] [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider] [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting] [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing] [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | FeatureControl [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL] "SdDisplay.exe"="1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "SdDisplay.exe"="11001" "PotPlayerMini64.exe"="11000" "UVKPortable.exe"="11001" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_MODE] "iexplore.exe"="8" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION] "PotPlayerMini64.exe"="1" [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" "msaccess.exe"="1" "powerpnt.exe"="1" "excel.exe"="1" "winword.exe"="1" "winwordd.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "excel.exe"="1" "infopath.exe"="1" "powerpnt.exe"="1" "winword.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" "clview.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "infopath.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS] "HelpPane.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION] "HelpPane.exe"="10000" "prevhost.exe"="8000" "Skype.exe"="11001" "SkypeBrowserHost.exe"="10001" "FoxitPhantomPDF.exe"="11000" "mbam.exe"="11000" "WiseProgramUninstaller.exe"="11000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL] "*"="1" "explorer.exe"="1" "iexplore.exe"="1" "SAPfewgsrv.exe"="0" "SAPGUI.exe"="0" "SAPGuiIT.exe"="0" "SAPLgPad.exe"="0" "SAPLOGON.exe"="0" "Scale_for_R3.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP] "ieuser.exe"="1" "iexplore.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL] "HelpPane.exe"="1" "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK] "YahooMusicEngine.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE] "HelpPane.exe"="100000" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT] "devenv.exe"="1" "dexplore.exe"="1" "helppane.exe"="1" "PresentationHost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS] "msfeedssync.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS] "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG] ""="" "msiexec.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART] "cs.exe"="1" "waol.exe"="1" "wm.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS] "iexplore.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS] "helppane.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS] "wlmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER] "explorer.exe"="4" "Skype.exe"="6" "SkypeBrowserHost.exe"="6" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER] "explorer.exe"="2" "Skype.exe"="6" "SkypeBrowserHost.exe"="6" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME] "mshta.exe"="1" "outlook.exe"="1" "sidebar.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN] "explorer.exe"="0" "iexplore.exe"="0" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING] "communicator.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD] "msimn.exe"="1" "prevhost.exe"="1" "winmail.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ] "HelpPane.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT] "explorer.exe"="1" "HelpPane.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND] "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE] "HelpPane.exe"="0" "prevhost.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX] "PresentationHost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN] "msimn.exe"="1" "outlook.exe"="1" "winmail.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK] "HelpPane.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL] "excel.exe"="1" "infopath.exe"="1" "powerpnt.exe"="1" "winword.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL] "HelpPane.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE] "HelpPane.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED] "mbam.exe"="0" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD] "msn.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS] "explorer.exe"="1" "iexplore.exe"="1" "wmplayer.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER] "iexplore.exe"="1" "prevhost.exe"="1" [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION] "explorer.exe"="1" "iexplore.exe"="1" "PresentationHost.exe"="1" "prevhost.exe"="1" "wmplayer.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.01C2DBF55CAEDE1D3CA17F07F2534EF2] - [11/01/2017 10:27:31] - |A| - [43524096] - C:\WINDOWS\Installer\8137a326.msi [MD5.1227887B20C2646CA402AE3C7B97440F] - [18/01/2017 10:51:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{0D3E9E15-DE7A-300B-96F1-B4AF12B96488} [MD5.EFBBB7F43A39F8E67F1C4619D93E4599] - [18/01/2017 10:51:25] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A2563E55-3BEC-3828-8D67-E5E8B9E8B675} [MD5.BD1256AE79E035FF6338C60BC41A0940] - [18/01/2017 10:51:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BC958BD2-5DAC-3862-BB1A-C1BE0790438D} [MD5.85DA1FDA1663891A2C2400D0EB0053DE] - [18/01/2017 10:51:25] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BE960C1C-7BAD-3DE6-8B1A-2616FE532845} [MD5.00000000000000000000000000000000] - [11/01/2017 10:27:44] - |D| - [143612] - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6} [MD5.E43AEE6A66067C6535C1F994BCFB93A1] - [20/01/2017 12:09:28] - |A| - [391496] - C:\WINDOWS\system32\aswBoot.exe [MD5.00000000000000000000000000000000] - [21/01/2017 16:36:49] - |D| - [65536] - C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 [MD5.00000000000000000000000000000000] - [22/01/2017 11:40:43] - |D| - [0] - C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore ---------- | Drives D: ---------- | C: [30/10/2015 18:24:24] - |SHD| - [548080989] - C:\$Recycle.Bin [20/01/2017 10:30:20] - |D| - [5460655] - C:\AdwCleaner [15/07/2016 14:05:07] - |D| - [113592595] - C:\AMD [17/07/2016 10:42:30] - |D| - [255448015] - C:\boot [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 19:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 19:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT [MD5.7F8AF53C42B892D90E0D888797057E91] - [08/11/2016 13:02:16] - |A| - (.-.) - [84916] - (0.0.0.0) - C:\cc_20161108_130213.reg [16/07/2016 07:00:30] - |SHD| - [0] - C:\Documents and Settings [20/01/2017 16:27:30] - |D| - [102671433] - C:\FRST [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/11/2016 16:14:39] - |ASH| - (.-.) - [6834819072] - (0.0.0.0) - C:\hiberfil.sys [27/04/2016 17:42:39] - |D| - [17268736] - C:\Logs [15/07/2016 17:08:40] - |RHD| - [723967093] - C:\MSOCache [21/07/2016 11:22:53] - |D| - [2348650120] - C:\My Shared Folder [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/07/2016 06:58:57] - |ASH| - (.-.) - [1073741824] - (0.0.0.0) - C:\pagefile.sys [16/07/2016 22:47:47] - |D| - [0] - C:\PerfLogs [15/07/2016 15:27:05] - |D| - [2980637051] - C:\portable apps [02/09/2016 15:25:48] - |D| - [0] - C:\processed mp3 [16/07/2016 17:04:24] - |RD| - [3620826521] - C:\Program Files [16/07/2016 17:04:24] - |RD| - [1988286544] - C:\Program Files (x86) [16/07/2016 22:47:48] - |AHD| - [1649006402] - C:\ProgramData [24/01/2017 14:07:36] - |D| - [262052] - C:\QuickDiag [MD5.E2ACBC051880E7EC6BC310026A794C52] - [24/01/2017 14:08:46] - |A| - (.-.) - [301726] - (0.0.0.0) - C:\QuickDiag.txt [11/11/2016 11:11:00] - |SHD| - [971] - C:\Recovery [23/07/2016 16:25:22] - |D| - [410030110] - C:\RegBackup [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/07/2016 06:58:57] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys [16/07/2016 06:58:56] - |SHD| - [0] - C:\System Volume Information [15/07/2016 15:31:37] - |D| - [6960297400] - C:\Temp [16/07/2016 17:04:24] - |RD| - [88857630847] - C:\Users [16/07/2016 17:04:24] - |D| - [22115571843] - C:\Windows [20/07/2016 16:17:55] - |D| - [505509599] - C:\Z97X-UD5H-BK 20-Jul-16 3-17-55 PM ---------- | C:\WINDOWS [16/07/2016 22:47:48] - |D| - [802] - C:\WINDOWS\addins [16/07/2016 22:47:48] - |D| - [11791252] - C:\WINDOWS\appcompat [16/07/2016 22:47:48] - |D| - [12418566] - C:\WINDOWS\AppPatch [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness [16/07/2016 22:47:47] - |RSD| - [905483285] - C:\WINDOWS\assembly [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/07/2016 14:05:08] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [30/08/2016 15:05:07] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr [16/07/2016 22:47:48] - |D| - [272580] - C:\WINDOWS\bcastdvr [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 22:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe [17/07/2016 01:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents [16/07/2016 22:47:48] - |D| - [38115521] - C:\WINDOWS\Boot [MD5.7805E6F1D9596FA94A9AD69A2B4FFA23] - [10/11/2016 16:12:10] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat [16/07/2016 22:47:48] - |D| - [3715096] - C:\WINDOWS\Branding [16/07/2016 22:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp [MD5.4A29BFC96FC8DA14587F01A1D2A278F2] - [15/07/2016 14:53:54] - |A| - (.-.) - [4879] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.cfg [MD5.11177480C554EEE171F517D92F065529] - [15/07/2016 14:53:55] - |A| - (.-.) - [52576] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.cfl [MD5.770459804C0B7AF057B19BDAA7287B20] - [15/07/2016 14:53:54] - |A| - (.-.) - [1154] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.imi [MD5.E58124757713EE89D06897AE95E77270] - [15/07/2016 14:53:54] - |A| - (.-.) - [491] - (0.0.0.0) - C:\WINDOWS\cmudaxp.ini [MD5.D8F768A92F71D5F69C859F6A5C7A0606] - [10/11/2016 16:14:54] - |A| - (.-.) - [6540] - (0.0.0.0) - C:\WINDOWS\comsetup.log [15/07/2016 14:00:47] - |D| - [0] - C:\WINDOWS\CSC [16/07/2016 22:47:48] - |D| - [9074162] - C:\WINDOWS\Cursors [16/07/2016 22:47:48] - |D| - [2893219] - C:\WINDOWS\debug [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [10/11/2016 16:15:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml [16/07/2016 22:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [10/11/2016 16:15:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml [MD5.9CADC91DF349C198FFB5477A5B23B6C2] - [15/07/2016 14:53:54] - |A| - (.© Microsoft Corporation. - Driver Install Frameworks for API library module.) - [524768] - (2.1.0.0) - C:\WINDOWS\difxapi.dll [17/07/2016 01:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker [16/07/2016 22:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files [MD5.35D8790AAB5C5F65F4E3A344345234DA] - [16/07/2016 22:49:13] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log [16/07/2016 22:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP [17/07/2016 01:14:00] - |D| - [105984] - C:\WINDOWS\en-US [MD5.43BF96FCF50945BE35C22206980C9068] - [11/11/2016 11:09:05] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4673304] - (10.0.14393.447) - C:\WINDOWS\explorer.exe [16/07/2016 22:47:48] - |RSD| - [389580888] - C:\WINDOWS\Fonts [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter [16/07/2016 22:47:48] - |D| - [27490828] - C:\WINDOWS\Globalization [16/07/2016 22:47:48] - |D| - [1405337] - C:\WINDOWS\Help [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 22:42:20] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 22:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe [16/07/2016 22:47:48] - |D| - [173189416] - C:\WINDOWS\IME [16/07/2016 22:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel [16/07/2016 22:45:54] - |D| - [54986644] - C:\WINDOWS\INF [16/07/2016 22:47:48] - |D| - [1076853729] - C:\WINDOWS\InfusedApps [16/07/2016 22:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod [16/07/2016 22:47:48] - |SHD| - [4010206032] - C:\WINDOWS\Installer [16/07/2016 22:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas [16/07/2016 22:47:48] - |D| - [882096548] - C:\WINDOWS\LiveKernelReports [16/07/2016 17:04:29] - |D| - [21644329] - C:\WINDOWS\Logs [MD5.CF26438B72C37413AA12BE1A1DA1C387] - [17/11/2016 12:08:06] - |A| - (.-.) - [5007] - (0.0.0.0) - C:\WINDOWS\Macrium Reflect Patch Log.txt [16/07/2016 22:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 22:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin [16/07/2016 22:47:47] - |RD| - [730094365] - C:\WINDOWS\Microsoft.NET [16/07/2016 22:47:48] - |D| - [2563] - C:\WINDOWS\Migration [16/07/2016 22:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 22:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe [17/07/2016 01:15:09] - |D| - [219754] - C:\WINDOWS\OCR [16/07/2016 22:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages [MD5.22E9853298C96B1AB89D8F71C4E82302] - [24/09/2016 14:28:26] - |A| - (.Copyright (c) 2012-2015 Power Admin LLC - PAExec Application.) - [189112] - (1.26.0.0) - C:\WINDOWS\PAExec.exe [11/11/2016 11:11:00] - |DC| - [257364032] - C:\WINDOWS\Panther [16/07/2016 22:47:48] - |D| - [29400963] - C:\WINDOWS\Performance [MD5.5CE93CD98D979232883C63F09231DC23] - [10/11/2016 16:14:39] - |A| - (.-.) - [36560] - (0.0.0.0) - C:\WINDOWS\PFRO.log [16/07/2016 22:47:48] - |D| - [1121835] - C:\WINDOWS\PLA [16/07/2016 22:47:48] - |D| - [6168888] - C:\WINDOWS\PolicyDefinitions [10/11/2016 16:11:40] - |D| - [4788533] - C:\WINDOWS\Prefetch [16/07/2016 22:47:48] - |RD| - [2036530] - C:\WINDOWS\PrintDialog [MD5.4ACE1A172D35E492443D29527441BB30] - [17/07/2016 01:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml [16/07/2016 22:47:48] - |D| - [1415126] - C:\WINDOWS\Provisioning [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 22:42:17] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe [16/07/2016 22:47:48] - |D| - [1094420] - C:\WINDOWS\Registration [17/07/2016 01:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages [16/07/2016 22:47:48] - |D| - [3640336] - C:\WINDOWS\rescache [16/07/2016 22:47:48] - |D| - [3868402] - C:\WINDOWS\Resources [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\SchCache [16/07/2016 22:47:48] - |D| - [121229] - C:\WINDOWS\schemas [16/07/2016 22:47:48] - |D| - [9249596] - C:\WINDOWS\security [10/11/2016 16:11:29] - |D| - [43622263] - C:\WINDOWS\ServiceProfiles [16/07/2016 17:04:24] - |D| - [115011971] - C:\WINDOWS\servicing [16/07/2016 22:49:46] - |D| - [42] - C:\WINDOWS\Setup [MD5.707740924999691826836B5010267874] - [10/11/2016 16:11:41] - |A| - (.-.) - [28492] - (0.0.0.0) - C:\WINDOWS\setupact.log [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/11/2016 16:11:41] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log [16/07/2016 22:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences [27/04/2016 17:21:24] - |D| - [35886] - C:\WINDOWS\ShellNew [17/07/2016 01:14:36] - |D| - [3757408] - C:\WINDOWS\SKB [23/07/2016 16:27:36] - |D| - [90528057] - C:\WINDOWS\SoftwareDistribution [16/07/2016 22:47:48] - |D| - [107844594] - C:\WINDOWS\Speech [16/07/2016 22:47:48] - |D| - [51335125] - C:\WINDOWS\Speech_OneCore [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [11/11/2016 11:04:57] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe [16/07/2016 22:47:48] - |D| - [875530] - C:\WINDOWS\System [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 18:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini [16/07/2016 17:04:24] - |D| - [5069325318] - C:\WINDOWS\System32 [16/07/2016 22:47:48] - |D| - [145475045] - C:\WINDOWS\SystemApps [16/07/2016 22:47:48] - |D| - [17388709] - C:\WINDOWS\SystemResources [16/07/2016 17:04:27] - |D| - [1292643685] - C:\WINDOWS\SysWOW64 [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\TAPI [30/10/2015 18:24:25] - |D| - [2734] - C:\WINDOWS\Tasks [16/07/2016 22:47:48] - |D| - [4980] - C:\WINDOWS\Temp [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\tracing [16/07/2016 22:47:48] - |D| - [225792] - C:\WINDOWS\twain_32 [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 22:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll [17/07/2016 11:04:47] - |D| - [281600] - C:\WINDOWS\twain_64 [MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - [23/07/2016 16:25:23] - |A| - (.-.) - [207] - (0.0.0.0) - C:\WINDOWS\tweaking.com-regbackup-OFFICE6410-Windows-10-Pro-(64-bit).dat [16/07/2016 22:47:48] - |D| - [12420] - C:\WINDOWS\Vss [16/07/2016 22:47:48] - |D| - [101486259] - C:\WINDOWS\Web [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 18:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 22:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest [MD5.038356387332650843BCB352BB89A101] - [10/11/2016 15:12:13] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 22:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe [16/07/2016 17:04:24] - |D| - [6294634177] - C:\WINDOWS\WinSxS [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 22:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 22:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe [MD5.138DCF6DCAB9A273267E5BD7E8F79A9E] - [15/07/2016 14:53:56] - |A| - (.-.) - [97846] - (0.0.0.0) - C:\WINDOWS\Xonar STX Audio.ico [MD5.376AB38903301084A831934237CBADBE] - [16/07/2016 12:45:53] - |A| - (.-.) - [428240] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace [MD5.BFA37A3513CC2FF852AFC75CE60C0353] - [16/07/2016 12:45:52] - |A| - (.-.) - [412253] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace ---------- | C:\WINDOWS\System32\GroupPolicy [17/07/2016 10:58:04] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System [15/07/2016 14:53:54] - |A| - [1093] - C:\WINDOWS\System\Cmicnfgp.ini () - () [03/06/2015 11:23:06] - |A| - [315392] - C:\WINDOWS\System\CmiFltr.dll (Copyright c 2004) - (CmiFltr) [15/07/2016 14:53:55] - |A| - [134] - C:\WINDOWS\System\Dlap.pfx () - () [15/07/2016 14:53:56] - |A| - [282112] - C:\WINDOWS\System\HsMgr64.exe (Copyright (C) 2007) - (HsMgr Application) [15/07/2016 14:53:56] - |A| - [122880] - C:\WINDOWS\System\HsSrv64.dll (Copyright (C) 2008 C-Media Electronics Inc.) - (HsSrv Dynamic Link Library) [15/07/2016 14:53:56] - |A| - [122880] - C:\WINDOWS\System\HsSrv642.dll (Copyright (C) 2008 C-Media Electronics Inc.) - (HsSrv Dynamic Link Library) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/09/2016 06:58:26] - C:\WINDOWS\Installer\1edcfb10.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:58:52] - C:\WINDOWS\Installer\1edcfb15.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:59:16] - C:\WINDOWS\Installer\1edcfb1a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:59:40] - C:\WINDOWS\Installer\1edcfb1f.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:30] - C:\WINDOWS\Installer\1edcfb4e.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:54] - C:\WINDOWS\Installer\1edcfb59.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:18] - C:\WINDOWS\Installer\1edcfb5e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:44] - C:\WINDOWS\Installer\1edcfb63.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:02:10] - C:\WINDOWS\Installer\1edcfb68.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:02:34] - C:\WINDOWS\Installer\1edcfb6d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:03:22] - C:\WINDOWS\Installer\1edcfb88.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:03:46] - C:\WINDOWS\Installer\1edcfb93.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:10] - C:\WINDOWS\Installer\1edcfb98.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:34] - C:\WINDOWS\Installer\1edcfb9d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:58] - C:\WINDOWS\Installer\1edcfba2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:05:22] - C:\WINDOWS\Installer\1edcfba7.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:06:08] - C:\WINDOWS\Installer\1edcfbc3.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:06:32] - C:\WINDOWS\Installer\1edcfbce.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:42] - C:\WINDOWS\Installer\1edcfbd3.msi : (AMD Start Now Installation package - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:08] - C:\WINDOWS\Installer\1edcfbd8.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:44] - C:\WINDOWS\Installer\1edcfbdd.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 17:44:38] - C:\WINDOWS\Installer\24d8df.msi : (Intel(R) ME UninstallLegacy - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/07/2015 17:44:50] - C:\WINDOWS\Installer\24d8e3.msi : (Intel(R) Management Engine Components - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [27/06/2015 10:21:04] - C:\WINDOWS\Installer\24d8e7.msi : (Intel(R) Chipset Device Software - Intel Corporation) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:52:34] - C:\WINDOWS\Installer\47d10.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:52:40] - C:\WINDOWS\Installer\47d14.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:52:48] - C:\WINDOWS\Installer\47d18.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:52:56] - C:\WINDOWS\Installer\47d1c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:02] - C:\WINDOWS\Installer\47d20.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:10] - C:\WINDOWS\Installer\47d24.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:16] - C:\WINDOWS\Installer\47d28.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:22] - C:\WINDOWS\Installer\47d2c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:30] - C:\WINDOWS\Installer\47d30.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:36] - C:\WINDOWS\Installer\47d34.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:44] - C:\WINDOWS\Installer\47d38.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:50] - C:\WINDOWS\Installer\47d3c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:53:58] - C:\WINDOWS\Installer\47d40.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:04] - C:\WINDOWS\Installer\47d44.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:12] - C:\WINDOWS\Installer\47d48.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:18] - C:\WINDOWS\Installer\47d4c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:26] - C:\WINDOWS\Installer\47d50.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:32] - C:\WINDOWS\Installer\47d54.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:38] - C:\WINDOWS\Installer\47d58.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:46] - C:\WINDOWS\Installer\47d5c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [30/11/2015 15:54:54] - C:\WINDOWS\Installer\47d60.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/07/2016 14:48:15] - C:\WINDOWS\Installer\61755.msi : (Intel(R) Network Connections - Intel) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [01/11/2016 13:34:36] - C:\WINDOWS\Installer\66966d64.msi : (Classic Shell - IvoSoft) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [11/01/2017 10:27:31] - C:\WINDOWS\Installer\8137a326.msi : (Skype - Skype Technologies S.A.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2016 15:49:02] - C:\WINDOWS\Installer\815189.msi : (MailWasherPro - Firetrust) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2016 10:41:56] - C:\WINDOWS\Installer\d56ae.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:58:26] - C:\WINDOWS\Installer\d619.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:58:52] - C:\WINDOWS\Installer\d61e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:59:16] - C:\WINDOWS\Installer\d623.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 06:59:40] - C:\WINDOWS\Installer\d628.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:04] - C:\WINDOWS\Installer\d62d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:30] - C:\WINDOWS\Installer\d632.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:54] - C:\WINDOWS\Installer\d637.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:18] - C:\WINDOWS\Installer\d63c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:44] - C:\WINDOWS\Installer\d641.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:02:10] - C:\WINDOWS\Installer\d646.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:02:34] - C:\WINDOWS\Installer\d64b.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:02:58] - C:\WINDOWS\Installer\d650.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:03:22] - C:\WINDOWS\Installer\d655.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:03:46] - C:\WINDOWS\Installer\d65a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:10] - C:\WINDOWS\Installer\d65f.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:34] - C:\WINDOWS\Installer\d664.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:04:58] - C:\WINDOWS\Installer\d669.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:05:22] - C:\WINDOWS\Installer\d66e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:05:46] - C:\WINDOWS\Installer\d673.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:06:08] - C:\WINDOWS\Installer\d678.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:06:32] - C:\WINDOWS\Installer\d67d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:42] - C:\WINDOWS\Installer\d682.msi : (AMD Start Now Installation package - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:00:08] - C:\WINDOWS\Installer\d687.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/09/2016 07:01:44] - C:\WINDOWS\Installer\d68c.msi : (AMD Settings - Advanced Micro Devices, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [16/07/2016 17:57:15] - C:\WINDOWS\Installer\f63fec.msi : (CyberPower PowerPanel Personal Edition 1.6.1 - Cyber Power Systems, Inc.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [17/07/2016 10:41:56] - C:\WINDOWS\Installer\reflect_setupv6.1.1366-x64-00.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.) [Offsets ok ! : D0CF11E0A1B11AE10000000000000000] [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}\ARPPRODUCTICON.exe () - () [16/07/2016 10:21:07] - [733166] - C:\WINDOWS\Installer\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}\IconName.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{26567561-DFB2-2B63-9BA8-6A490ED37016}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{2F544F46-5F6E-97BB-3550-A0242A3C5754}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}\ARPPRODUCTICON.exe () - () [01/11/2016 13:35:23] - [34494] - C:\WINDOWS\Installer\{383BB30A-B4A7-4666-9A83-22CFA8640097}\StartScreen.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{3AF70346-52C7-0334-606F-118D1C1CB7A2}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{51F85784-6799-5CA3-97B2-2E5904FC3E58}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:13] - [8306] - C:\WINDOWS\Installer\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{53AE8AC7-5213-67AF-0DC0-CED696B77643}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{59D2664C-949B-7FA7-9880-ECB993B6616A}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{5FD706FF-6AD8-E372-A35A-879409982655}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{5FEACE78-C338-9AED-FF05-7DE7E273C774}\ARPPRODUCTICON.exe () - () [15/07/2016 14:49:35] - [326456] - C:\WINDOWS\Installer\{638A518B-0D2E-4143-ACF8-F3D83D822E85}\ARPPRODUCTICON.exe (Copyright (C) 2012 Intel Corporation.) - (Intel (R) Network Connections Driver Uninstaller) [16/07/2016 15:49:42] - [285478] - C:\WINDOWS\Installer\{6657DA03-A39B-472C-8458-6292E128A3D9}\ext.exe () - () [16/07/2016 15:49:42] - [285478] - C:\WINDOWS\Installer\{6657DA03-A39B-472C-8458-6292E128A3D9}\SystemFolder_msiexec_1.exe () - () [17/07/2016 10:42:24] - [43646] - C:\WINDOWS\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\ImgToVHD.exe () - () [17/07/2016 10:42:24] - [19942] - C:\WINDOWS\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\xReflect.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{970A40CA-46AB-986C-1798-976ED0EA00FA}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{A50C89BC-8D8E-8828-824A-7171F6D583D5}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{AC85CF50-9A55-0103-ADBF-365C37603AA4}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{AD28960A-6190-C991-C964-308B86EAA2E2}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{B349892D-B015-033C-4CA8-3635E6B655D7}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{C14A3A5B-8A86-C239-37D7-158211778C54}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{C3EE628C-7394-FE2C-0C90-C05284EB528D}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{DAB44116-0266-C65B-B643-AC11217C3041}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:12] - [4846] - C:\WINDOWS\Installer\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}\ARPPRODUCTICON.exe () - () [10/11/2016 16:12:13] - [8306] - C:\WINDOWS\Installer\{E29B4E12-2EB0-93F6-8556-3ED42722D653}\ARPPRODUCTICON.exe () - () [16/07/2016 17:57:26] - [4846] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\assist_1.exe () - () [16/07/2016 17:57:26] - [13822] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe.exe () - () [16/07/2016 17:57:26] - [13822] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe_1.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}\ARPPRODUCTICON.exe () - () [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{FC4086D6-E345-5F43-08BB-280FB57DAF49}\ARPPRODUCTICON.exe () - () [11/01/2017 10:27:44] - [143612] - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe () - () ---------- | %System%\*.in* [15/07/2016 14:53:56] - [61] - C:\WINDOWS\System32\cmasiopx.ini [16/07/2016 22:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf [27/10/2012 10:42:24] - [29494] - C:\WINDOWS\System32\lvcoin64.ini [15/07/2016 14:07:14] - [1169502] - C:\WINDOWS\System32\PerfStringBackup.INI [16/07/2016 22:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini [16/07/2016 22:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini [15/07/2016 14:53:56] - [57] - C:\WINDOWS\Syswow64\cmasiop.ini [16/07/2016 22:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf [16/07/2016 22:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64 [MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 22:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb [MD5.50EF6BB9E06CAE09D33E89B989D0D766] - |A| - [11/11/2016 11:04:57] - (.-.) - [539.77 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb [MD5.00000000000000000000000000000000] - |D| - [20/01/2017 16:37:55] - [0 Ko] - C:\WINDOWS\Temp\macrium [MD5.BADCBB7052C7D58D4985AA354AF7B703] - |A| - [20/01/2017 17:21:00] - (.-.) - [4.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 16:14:52] - [0 Ko] - C:\WINDOWS\Temp\_avast_ [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:00] - [0 Ko] - C:\WINDOWS\System32\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 22:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 22:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 22:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 22:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 22:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 22:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 22:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png [MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 22:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers [MD5.15E48BE612310DCE461355B5FA6EFEB0] - |A| - [16/12/2015 17:06:10] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amd-vulkan64.json [MD5.D3E20E50BAFB4D0A9440491500C68B80] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [162.51 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdave64.dll [MD5.60D3FF6476231E05A194FA08126B4C74] - |A| - [26/10/2016 01:04:24] - (.-.) - [260.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll [MD5.B75FF1E9B2F49D9A88850DEDAA493DD7] - |A| - [26/10/2016 01:05:38] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [158.41 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdhcp64.dll [MD5.35F0ED7436D860A33D533CD5BE219E00] - |A| - [05/07/2016 10:56:32] - (.-.) - [17.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AMDKernelEvents.man [MD5.3E78CA7A3379BA252FC8B22661D26925] - |A| - [26/10/2016 01:04:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [750.02 Ko] - (1.0.5.1) - C:\WINDOWS\System32\amdlvr64.dll [MD5.2A03D9F82CAD8E9746F9C74A9C41DABA] - |A| - [26/10/2016 01:04:26] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [98.52 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmcl64.dll [MD5.644ED8E7B1B54E0BEA0E7F29B3A4EF05] - |A| - [26/10/2016 01:05:38] - (.-.) - [477.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll [MD5.68D1E35540A34E28334F8DDE07614612] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [127.17 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdpcom64.dll [MD5.22BBEB9339D3A0BBFD7604C12CE623A1] - |A| - [26/10/2016 01:04:36] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [9185.02 Ko] - (1.0.21.0) - C:\WINDOWS\System32\amdvlk64.dll [MD5.73909BE2A96CF1A415642A616E0C9A0C] - |A| - [26/10/2016 01:04:38] - (.Advanced Micro Devices, Inc. Copyright (C) 2016 - Advanced Media Framework.) - [2405.52 Ko] - (1.3.0.5) - C:\WINDOWS\System32\amfrt64.dll [MD5.971819F3DD0996BCCB9E4330C52C4207] - |A| - [11/11/2016 11:09:06] - (.-.) - [436.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [7762.11 Ko] - C:\WINDOWS\System32\appraiser [MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 22:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA [MD5.E43AEE6A66067C6535C1F994BCFB93A1] - |A| - [20/01/2017 12:09:28] - (.Copyright (c) 2014 AVAST Software - avast! start-up scanner.) - [382.32 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\aswBoot.exe [MD5.EC83A581FABE54CAE1185D4C20BE7A32] - |A| - [26/10/2016 01:04:36] - (.© 2004 Advanced Micro Devices, Inc. - eRecord Message Resource File.) - [76.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\ati2erec.dll [MD5.EE8CCC6F0A6DD567583940B98DDFE580] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1319.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiadlxx.dll [MD5.57C062C8895B25592D6D1026E74BFE8D] - |A| - [16/09/2016 15:00:14] - (.-.) - [733.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb [MD5.6B650127AA80F10CEE49B79ED88E2929] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [410.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiapfxx.exe [MD5.D4FDAC30A1AB3917DCA71C4961D082AE] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub64.dll.) - [154.63 Ko] - (8.17.10.1484) - C:\WINDOWS\System32\aticfx64.dll [MD5.10F7B50C0BE0104DFF0E2E0442EBEE7E] - |A| - [26/10/2016 01:04:38] - (.2002-2012 - Graphics DEM.) - [465.52 Ko] - (4.5.6103.25025) - C:\WINDOWS\System32\atidemgy.dll [MD5.850A4FCDF26D246EB35B9A40B097F489] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2011 AMD Inc. - atidxxstub64.dll.) - [116.02 Ko] - (8.17.10.690) - C:\WINDOWS\System32\atidxx64.dll [MD5.12261F23AF18D7B382A872DF42AA2BD1] - |A| - [26/10/2016 01:04:38] - (.-.) - [242.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe [MD5.858812E799B05B28C90EDD438E3AA692] - |A| - [26/10/2016 01:04:40] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [528.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atieclxx.exe [MD5.264B9AE7F91280A3A99560BE562CEEA8] - |A| - [26/10/2016 01:04:40] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [298.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiesrxx.exe [MD5.240A345AAA1553CBE42E46FDFB75B340] - |A| - [26/10/2016 01:04:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [214.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atig6txx.dll [MD5.4C9B5560677E3D6C8DE22E44509C0C8C] - |A| - [26/10/2016 01:05:40] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [127.17 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atimpc64.dll [MD5.7DE3C20D9ACAF196C1939A3D9900F618] - |A| - [26/10/2016 01:04:40] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [125.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atimuixx.dll [MD5.9F364202C2450DD50E6398BCA947D8DD] - |A| - [26/10/2016 01:04:42] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [151.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atisamu64.dll [MD5.B3EA61C09466563056AD6443024AE84D] - |A| - [16/09/2016 14:58:44] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap [MD5.CD35635BD1B0990F2B385089A512980D] - |A| - [23/09/2015 13:21:42] - (.-.) - [316 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_el.dat [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/09/2016 14:57:24] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/09/2016 14:57:24] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:46:18] - [1.42 Ko] - C:\WINDOWS\System32\BestPractices [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4451.88 Ko] - C:\WINDOWS\System32\Boot [MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 22:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [63393.77 Ko] - C:\WINDOWS\System32\CatRoot [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [35427.65 Ko] - C:\WINDOWS\System32\catroot2 [MD5.76C6E06E02984A23B8F316698C663CEA] - |A| - [26/10/2016 01:04:44] - (.-.) - [280.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe [MD5.4879B899B7DD732371B34D8179F66615] - |A| - [15/07/2016 14:53:56] - (.Copyright (c) 2004-2012 C-Media Electronics Inc. - C-Media Universal ASIO Driver.) - [454.5 Ko] - (2.0.0.12) - C:\WINDOWS\System32\cmasiopx.dll [MD5.738AE9031F5E11A707462503EABF8689] - |A| - [15/07/2016 14:53:56] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cmasiopx.ini [MD5.AFE67D6CED5706CD1B7CB912EEB0AA60] - |A| - [15/07/2016 14:53:55] - (.Copyright (C) 2015 - Driver Installer.) - [815.5 Ko] - (1.0.6.0) - C:\WINDOWS\System32\Cmeauoxy.exe [MD5.ED31B969F049D2E5F4315653B71277EA] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2012 - ConfigPanel DLL.) - [4427.5 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CmiCnfgp.cpl [MD5.11BB3D5DC9336037C14A46873FA1FFDF] - |A| - [15/07/2016 14:53:54] - (.Copyright (C) 2006 - Vista Driver Installer.) - [351 Ko] - (1.0.1.0) - C:\WINDOWS\System32\CmiInstallResAll64.dll [MD5.D0202455E9140E0F8847F50B5F03FF8F] - |A| - [03/06/2015 11:23:06] - (.Copyright c 2007 - cmudaxp.dll.) - [32 Ko] - (5.12.1.9) - C:\WINDOWS\System32\cmudaxp.dll [MD5.06FB32873596CBB20E1DC83677940FAF] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2000-2006 - CMedia OpenAL(TM) Implementation.) - [120 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Cm_Oal.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [2011.66 Ko] - C:\WINDOWS\System32\CodeIntegrity [MD5.DBC0B91713CEF31F737CF3338564BF23] - |A| - [23/04/2016 11:52:36] - (.AMD. - CoInstaller DLL.) - [853.48 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.30.dll [MD5.F372FB5156609ACB00FE4DB57468B905] - |A| - [26/10/2016 01:04:44] - (.AMD. - CoInstaller DLL.) - [888.02 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_16.40.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [360 Ko] - C:\WINDOWS\System32\Com [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [294373.13 Ko] - C:\WINDOWS\System32\config [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE [MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 22:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 22:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json [MD5.CF07114FDC5692425E179A7D2CD21C6C] - |A| - [12/02/2016 00:17:30] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [110.74 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DelayAPO.dll [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [27/10/2012 10:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\System32\DevManagerCore.dll [MD5.91A3172B40F30446804FC0B1FD579AE9] - |A| - [26/10/2016 01:04:44] - (.-.) - [303.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dgtrayicon.exe [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs [MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 22:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:24] - [84805.57 Ko] - C:\WINDOWS\System32\drivers [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [1831920.86 Ko] - C:\WINDOWS\System32\DriverStore [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR [MD5.DE00239530F39B2305EE0DFC0E92DF82] - |A| - [15/07/2016 15:52:05] - (.-.) - [15.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\empty.ico [MD5.5B1C9F61DB0A0C962629034B8D1C805B] - |A| - [10/11/2016 16:15:17] - (.-.) - [22.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [42131.83 Ko] - C:\WINDOWS\System32\en-US [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_YD4BKDE.DLL [MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\WINDOWS\System32\E_YLMBKDE.DLL [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12 [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI [MD5.6A18CBBE6B13ECFFEC75E20F0E08F322] - |A| - [10/11/2016 16:11:28] - (.-.) - [263.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp [MD5.9F5449DC115ED438CE2293D2E55FAB96] - |A| - [26/10/2016 01:04:44] - (.-.) - [286.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameManager64.dll [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 22:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs [MD5.00000000000000000000000000000000] - |HD| - [30/10/2015 18:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 18:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL [MD5.17646020C8DACD0F51E76846CFDAEB3A] - |A| - [10/06/2009 21:51:30] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HPEACLHN.HPI [MD5.C5E82BCFD577AF98F3A7937A69A338B9] - |A| - [14/07/2009 02:41:04] - (.Copyright (C) 1999-2008 - LanguageMonitor.) - [35.5 Ko] - (0.3.7071.0) - C:\WINDOWS\System32\HPZ3LWN7.DLL [MD5.5E397C92860B114CF2A9E036F02EBDC6] - |A| - [26/10/2016 01:04:46] - (.-.) - [279.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU [MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 22:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml [MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 22:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [25926.67 Ko] - C:\WINDOWS\System32\IME [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\inetsrv [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4803 Ko] - C:\WINDOWS\System32\InputMethod [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi [MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 22:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [235.5 Ko] - C:\WINDOWS\System32\ja-jp [MD5.0C2C5388D6590842F0FAFC6CAA9E67B4] - |A| - [14/07/2016 18:48:58] - (.-.) - [115.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin [MD5.3A532B3DBAF4ABE35517CEE1F0007B28] - |A| - [05/08/2016 19:02:54] - (.-.) - [111.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [233 Ko] - C:\WINDOWS\System32\ko-KR [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 22:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 21:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [12008.5 Ko] - C:\WINDOWS\System32\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [27/10/2012 10:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [27/10/2012 10:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPPApp.exe [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [21/09/2012 10:02:06] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV [MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvco1380853.dll [MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvcod64.dll [MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [27/10/2012 10:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoin64.ini [MD5.8712C10DFF5681EBE493E18445CE74B8] - |A| - [10/11/2016 16:12:15] - (.-.) - [8.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log [MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUI64.dll [MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUIRC64.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [57409.5 Ko] - C:\WINDOWS\System32\Macromed [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 22:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf [MD5.07DD57569955686E4042438869687BD2] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [174.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\mantle64.dll [MD5.D56961BFA0F335BB3F89638E85CE0FA4] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [144.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\mantleaxl64.dll [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 22:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin [MD5.00000000000000000000000000000000] - |D| - [11/11/2016 11:01:47] - [4.62 Ko] - C:\WINDOWS\System32\Microsoft [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6554.3 Ko] - C:\WINDOWS\System32\migration [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [47558.48 Ko] - C:\WINDOWS\System32\migwiz [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 10:28:02] - [0 Ko] - C:\WINDOWS\System32\MRT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO [MD5.451F4315A0579FB2FE1C519EF48DE616] - |A| - [10/11/2016 16:11:29] - (.-.) - [18.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 22:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [51 Ko] - C:\WINDOWS\System32\networklist [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui [MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 22:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml [MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 22:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [12625.7 Ko] - C:\WINDOWS\System32\oobe [MD5.C0931D5268C84343A19E158D7F8D4A1B] - |A| - [15/07/2016 14:54:01] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [109 Ko] - (6.14.357.23) - C:\WINDOWS\System32\OpenAL32.dll [MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 22:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:44:56] - [64 Ko] - C:\WINDOWS\System32\P [MD5.E5C724C6C0A579B5A374802E3D48E35D] - |A| - [16/07/2016 22:49:31] - (.-.) - [201.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 22:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat [MD5.092CA894E3CE62036E0CB2AC8ADA0C88] - |A| - [16/07/2016 22:49:31] - (.-.) - [938.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat [MD5.B87C59F07CE5F38064E14D1F4124527A] - |A| - [15/07/2016 14:07:14] - (.-.) - [1142.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts [MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 22:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast [MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 22:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [2.03 Ko] - C:\WINDOWS\System32\Recovery [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 22:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof [MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [27/10/2012 10:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Repository.reg [MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 22:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList [MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 22:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.07 Ko] - C:\WINDOWS\System32\restore [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [243.5 Ko] - C:\WINDOWS\System32\ro-RO [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [300 Ko] - C:\WINDOWS\System32\ru-RU [MD5.823766420F635089EF07D4DABDDC0D54] - |A| - [11/02/2016 14:11:08] - (.-.) - [145.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [12/12/2013 09:53:56] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 22:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 22:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat [MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |A| - [15/07/2016 14:49:33] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SetupBD.din [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [245 Ko] - C:\WINDOWS\System32\sk-SK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [240.5 Ko] - C:\WINDOWS\System32\sl-SI [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 16:11:29] - [4427.94 Ko] - C:\WINDOWS\System32\SleepStudy [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 22:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [12881.02 Ko] - C:\WINDOWS\System32\SMI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8565.2 Ko] - C:\WINDOWS\System32\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [216603.01 Ko] - C:\WINDOWS\System32\spool [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8698.89 Ko] - C:\WINDOWS\System32\spp [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui [MD5.B3C318456F25FD2BA8B96521784553C1] - |A| - [10/11/2016 16:11:55] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\spu_storage.bin [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 22:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8088 Ko] - C:\WINDOWS\System32\sru [MD5.643BC8D0DD30E19D542D8EA97A2D81CF] - |A| - [30/07/2016 09:05:16] - (.Copyright (C) 2009-2016, Ivo Beltchev - Start Menu Helper Extension.) - [282.46 Ko] - (4.3.0.0) - C:\WINDOWS\System32\StartMenuHelper64.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 22:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1622.33 Ko] - C:\WINDOWS\System32\Sysprep [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [508.25 Ko] - C:\WINDOWS\System32\Tasks [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 18:24:25] - [431.53 Ko] - C:\WINDOWS\System32\Tasks_Migrated [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 22:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [227.5 Ko] - C:\WINDOWS\System32\th-TH [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [289.5 Ko] - C:\WINDOWS\System32\tr-TR [MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 22:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 22:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 22:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 22:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA [MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 22:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [80437.17 Ko] - C:\WINDOWS\System32\wbem [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [111436.48 Ko] - C:\WINDOWS\System32\WDI [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 22:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [9524.25 Ko] - C:\WINDOWS\System32\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [113860 Ko] - C:\WINDOWS\System32\winevt [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 22:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 22:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml [MD5.7E17D0060DD9270800C469A52F982A3C] - |A| - [15/07/2016 14:54:01] - (.Copyright © 2005 - OpenAL32.) - [410 Ko] - (2.2.0.0) - C:\WINDOWS\System32\wrap_oal.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [208 Ko] - C:\WINDOWS\System32\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-HK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-TW [MD5.00000000000000000000000000000000] - |D| - [21/01/2017 16:36:49] - [64 Ko] - C:\WINDOWS\System32\ÿÿÿÿÿÿÿÿ8 [MD5.00000000000000000000000000000000] - |D| - [22/01/2017 11:40:43] - [0 Ko] - C:\WINDOWS\System32\ÿÿÿÿÿÿÿÿerStore [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409 [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 22:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 22:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 22:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers [MD5.4BD514B1671CE16F504AD60C64241952] - |A| - [15/12/2015 13:54:08] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amd-vulkan32.json [MD5.54822F373E034B5F0DF5DFD8495D7897] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [141.95 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdave32.dll [MD5.B6B3A9015E23E425832CEC9F843F1E0B] - |A| - [26/10/2016 01:04:24] - (.-.) - [233.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll [MD5.2419EBC4D61131BD96605F627F94D09A] - |A| - [26/10/2016 01:05:38] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [142.45 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdhcp32.dll [MD5.C623D109E090F9823450770164414902] - |A| - [26/10/2016 01:04:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [628.02 Ko] - (1.0.5.1) - C:\WINDOWS\SysWOW64\amdlvr32.dll [MD5.3A012958F3CE956EDE29354F27CFB2CA] - |A| - [26/10/2016 01:04:26] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [82.52 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmcl32.dll [MD5.229E7E015A43409450FDAAA9FF844878] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [109.7 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdpcom32.dll [MD5.D9BAB312D6D1E3C7AE7E01127D89FA41] - |A| - [26/10/2016 01:04:34] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [7411.52 Ko] - (1.0.21.0) - C:\WINDOWS\SysWOW64\amdvlk32.dll [MD5.3A8C33F094F77CBE47613BB78B7FD73F] - |A| - [26/10/2016 01:04:38] - (.Advanced Micro Devices, Inc. Copyright (C) 2016 - Advanced Media Framework.) - [2100.52 Ko] - (1.3.0.5) - C:\WINDOWS\SysWOW64\amfrt32.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA [MD5.1047B89F1D409A17CCFE2F78F933F5A0] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [992.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atiadlxx.dll [MD5.1047B89F1D409A17CCFE2F78F933F5A0] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [992.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atiadlxy.dll [MD5.57C062C8895B25592D6D1026E74BFE8D] - |A| - [16/09/2016 15:00:14] - (.-.) - [733.73 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb [MD5.71CADF0D987A3570F827C483D9B2E92B] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub32.dll.) - [142.53 Ko] - (8.17.10.1484) - C:\WINDOWS\SysWOW64\aticfx32.dll [MD5.B97C243106B7B87A587651422EA1A0AD] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2011 AMD Inc. - atidxxstub32.dll.) - [105.02 Ko] - (8.17.10.690) - C:\WINDOWS\SysWOW64\atidxx32.dll [MD5.E38CC8AA0E708067AEB39CEA63F95F51] - |A| - [26/10/2016 01:04:38] - (.-.) - [221.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe [MD5.CF273BFD0544FD416235DA384C626586] - |A| - [26/10/2016 01:04:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [189.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atigktxx.dll [MD5.BC7113C43A430ABEEBBC3427D0962831] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [109.7 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atimpc32.dll [MD5.36CC1440350744C5C6F357F2987B5F13] - |A| - [26/10/2016 01:04:42] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [132.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atisamu32.dll [MD5.D31B40E8E02B7099CA4EE1095AD386A3] - |A| - [16/09/2016 14:54:12] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/09/2016 14:57:24] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/09/2016 14:57:24] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:46:18] - [1.42 Ko] - C:\WINDOWS\SysWOW64\BestPractices [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot [MD5.DC63352F62FEBF6F2B83FE0C7BDB9596] - |A| - [15/07/2016 14:53:56] - (.Copyright (c) 2004-2012 C-Media Electronics Inc. - C-Media Universal ASIO Driver.) - [296 Ko] - (2.0.0.12) - C:\WINDOWS\SysWOW64\cmasiop.dll [MD5.41A77E5512C8690F2F271EF0C199ABF1] - |A| - [15/07/2016 14:53:56] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cmasiop.ini [MD5.B8B44F6431C68171BB4B2380D238AC6F] - |A| - [03/06/2015 11:23:06] - (.Copyright c 2004 - CmiFltr.) - [308 Ko] - (1.0.0.0) - C:\WINDOWS\SysWOW64\CmiFltr.dll [MD5.8AC47B5D5A2521C194B9433B9A0159D6] - |A| - [15/07/2016 14:53:56] - (.C-Media. 2006 - CmPaput.) - [196 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\Cmpaoxy.dll [MD5.06FB32873596CBB20E1DC83677940FAF] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2000-2006 - CMedia OpenAL(TM) Implementation.) - [120 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\Cm_Oal.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [13.55 Ko] - C:\WINDOWS\SysWOW64\config [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [264.5 Ko] - C:\WINDOWS\SysWOW64\da-DK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [298.5 Ko] - C:\WINDOWS\SysWOW64\de-DE [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [27/10/2012 10:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\DevManagerCore.dll [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [3410.93 Ko] - C:\WINDOWS\SysWOW64\drivers [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [3108.5 Ko] - C:\WINDOWS\SysWOW64\en [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [34143.91 Ko] - C:\WINDOWS\SysWOW64\en-US [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [209 Ko] - C:\WINDOWS\SysWOW64\et-EE [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [21626.66 Ko] - C:\WINDOWS\SysWOW64\F12 [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [237 Ko] - C:\WINDOWS\SysWOW64\fr-CA [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [294 Ko] - C:\WINDOWS\SysWOW64\fr-FR [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp [MD5.F718B871013C76D0AF117A7BF933B1D0] - |A| - [26/10/2016 01:04:44] - (.-.) - [252.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GameManager32.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [217 Ko] - C:\WINDOWS\SysWOW64\hr-HR [MD5.5D4B81BCFF4F330A6827D544648D3053] - |A| - [26/10/2016 01:04:46] - (.-.) - [245.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll [MD5.0740D338A42F7778760F2B0CB6DA5830] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2007 - HsMgr Application.) - [196 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\HsMgr.exe [MD5.1CB2F37F3A13FA1389ED068007D65693] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2008 C-Media Electronics Inc. - HsSrv Dynamic Link Library.) - [208 Ko] - (1.0.12.106) - C:\WINDOWS\SysWOW64\HsSrv.dll [MD5.1CB2F37F3A13FA1389ED068007D65693] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2008 C-Media Electronics Inc. - HsSrv Dynamic Link Library.) - [208 Ko] - (1.0.12.106) - C:\WINDOWS\SysWOW64\HsSrv2.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [21385.67 Ko] - C:\WINDOWS\SysWOW64\IME [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [201 Ko] - C:\WINDOWS\SysWOW64\InputMethod [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [27/10/2012 10:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPP.dll [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [27/10/2012 10:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPPApp.exe [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV [MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\lvcodec2.dll [MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2.dll [MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2RC.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [48858.23 Ko] - C:\WINDOWS\SysWOW64\Macromed [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync [MD5.8C4F082A307CC618745B7DEE519DD1BB] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [149.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\mantle32.dll [MD5.582007B2EF34B2496579FC81B22D3F05] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [123.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\mantleaxl32.dll [MD5.00000000000000000000000000000000] - |SD| - [02/12/2016 04:35:58] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [3008.97 Ko] - C:\WINDOWS\SysWOW64\migration [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [644.69 Ko] - C:\WINDOWS\SysWOW64\oobe [MD5.27F100DDD1B016087162CE506BB1FDDF] - |A| - [15/07/2016 14:54:01] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [100 Ko] - (6.14.357.23) - C:\WINDOWS\SysWOW64\OpenAL32.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [219 Ko] - C:\WINDOWS\SysWOW64\sk-SK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4199.34 Ko] - C:\WINDOWS\SysWOW64\Speech [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6318.85 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1682.05 Ko] - C:\WINDOWS\SysWOW64\spp [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [223 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [219.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sru [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 22:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA [MD5.A31EB8FF1492B63BDADA025D994C5B0D] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2013 - Vmix Dynamic Link Library.) - [140 Ko] - (1.0.0.26) - C:\WINDOWS\SysWOW64\VmixP8.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [16742.42 Ko] - C:\WINDOWS\SysWOW64\wbem [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8799.41 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm [MD5.5FB883AE7A93A069207A15AC8B86CA86] - |A| - [15/07/2016 14:54:01] - (.Copyright © 2005 - OpenAL32.) - [404 Ko] - (2.2.0.0) - C:\WINDOWS\SysWOW64\wrap_oal.dll [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [John] [10/11/2016 16:12:49] - |D| - [1321900496] - C:\Users\John\AppData\Local [15/07/2016 14:02:32] - |D| - [4379379] - C:\Users\John\AppData\LocalLow [10/11/2016 16:12:49] - |AD| - [1567146567] - C:\Users\John\AppData\Roaming [05/11/2016 16:01:08] - |D| - [64852] - C:\Users\John\AppData\Local\2BrightSparks [21/07/2016 11:15:26] - |D| - [7460839] - C:\Users\John\AppData\Local\4kdownload.com [15/07/2016 14:17:57] - |D| - [385121393] - C:\Users\John\AppData\Local\8pecxstudios [15/07/2016 14:04:38] - |D| - [0] - C:\Users\John\AppData\Local\ActiveSync [17/07/2016 14:26:35] - |D| - [80114] - C:\Users\John\AppData\Local\Adobe [15/07/2016 14:05:33] - |D| - [124997675] - C:\Users\John\AppData\Local\AMD [10/11/2016 16:12:49] - |SHD| - [13212282637] - C:\Users\John\AppData\Local\Application Data [18/07/2016 16:31:28] - |D| - [0] - C:\Users\John\AppData\Local\Apps [16/07/2016 11:46:24] - |D| - [366364] - C:\Users\John\AppData\Local\ashampoo [02/09/2016 15:25:10] - |D| - [0] - C:\Users\John\AppData\Local\Audacity [15/07/2016 16:07:05] - |D| - [0] - C:\Users\John\AppData\Local\CEF [17/07/2016 12:54:55] - |D| - [1688893] - C:\Users\John\AppData\Local\ClassicShell [15/07/2016 14:19:34] - |D| - [20996120] - C:\Users\John\AppData\Local\Comms [10/11/2016 16:16:42] - |D| - [1690377] - C:\Users\John\AppData\Local\ConnectedDevicesPlatform [17/07/2016 12:16:19] - |A| - [3584] - C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [24/12/2016 16:48:21] - |D| - [3245056] - C:\Users\John\AppData\Local\drmingw [28/07/2016 16:34:57] - |D| - [0] - C:\Users\John\AppData\Local\ElevatedDiagnostics [03/12/2016 12:16:02] - |D| - [28678] - C:\Users\John\AppData\Local\FreeFixer [13/11/2016 13:50:28] - |D| - [2791] - C:\Users\John\AppData\Local\Google [15/07/2016 15:23:58] - |D| - [955] - C:\Users\John\AppData\Local\Hekasoft [10/11/2016 16:12:49] - |SHD| - [130] - C:\Users\John\AppData\Local\History [20/01/2017 13:36:52] - |AH| - [80396] - C:\Users\John\AppData\Local\IconCache.db [31/08/2016 13:41:00] - |D| - [62140661] - C:\Users\John\AppData\Local\ImpressionFacile [22/07/2016 17:44:07] - |D| - [11853448] - C:\Users\John\AppData\Local\Learnpulse [16/07/2016 16:18:15] - |D| - [0] - C:\Users\John\AppData\Local\MediaMonkey [10/11/2016 16:12:49] - |D| - [232713048] - C:\Users\John\AppData\Local\Microsoft [15/07/2016 17:08:55] - |D| - [0] - C:\Users\John\AppData\Local\Microsoft Help [15/07/2016 14:05:51] - |D| - [83515] - C:\Users\John\AppData\Local\MicrosoftEdge [28/09/2016 14:33:52] - |D| - [0] - C:\Users\John\AppData\Local\MusicBrainz [15/07/2016 14:02:38] - |D| - [160651535] - C:\Users\John\AppData\Local\Packages [16/07/2016 14:12:07] - |D| - [0] - C:\Users\John\AppData\Local\PeerDistRepub [06/12/2016 09:53:29] - |D| - [4111] - C:\Users\John\AppData\Local\PicturesToExe [16/07/2016 17:57:26] - |AD| - [2108] - C:\Users\John\AppData\Local\PowerPanel Personal Edition [15/07/2016 14:17:02] - |D| - [0] - C:\Users\John\AppData\Local\Programs [15/07/2016 14:02:44] - |D| - [0] - C:\Users\John\AppData\Local\Publishers [27/08/2016 15:46:08] - |D| - [817] - C:\Users\John\AppData\Local\ShamurShamur [16/07/2016 10:39:38] - |D| - [91611] - C:\Users\John\AppData\Local\Stardock [10/11/2016 16:12:49] - |D| - [1262556] - C:\Users\John\AppData\Local\Temp [10/11/2016 16:12:49] - |SHD| - [26304617] - C:\Users\John\AppData\Local\Temporary Internet Files [18/01/2017 10:52:28] - |D| - [0] - C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb [18/01/2017 10:52:18] - |D| - [0] - C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 [15/07/2016 16:16:25] - |D| - [62050286] - C:\Users\John\AppData\Local\Thunderbird [15/07/2016 14:02:38] - |D| - [15949824] - C:\Users\John\AppData\Local\TileDataLayer [15/07/2016 14:02:39] - |D| - [577439] - C:\Users\John\AppData\Local\VirtualStore [16/07/2016 10:25:46] - |D| - [160368763] - C:\Users\John\AppData\Local\VS Revo Group [06/12/2016 09:53:29] - |D| - [0] - C:\Users\John\AppData\Local\WnSoft-WaveCache [19/11/2016 13:03:39] - |D| - [68322687] - C:\Users\John\AppData\Local\Zemana [11/11/2016 08:55:59] - |D| - [0] - C:\Users\John\AppData\LocalLow\AMD [15/07/2016 15:24:28] - |D| - [518660] - C:\Users\John\AppData\LocalLow\LastPass [15/07/2016 14:02:50] - |SD| - [3860719] - C:\Users\John\AppData\LocalLow\Microsoft [26/11/2016 09:17:05] - |D| - [0] - C:\Users\John\AppData\LocalLow\Mozilla [05/11/2016 16:01:08] - |D| - [0] - C:\Users\John\AppData\Roaming\2BrightSparks [15/07/2016 14:17:57] - |D| - [126034240] - C:\Users\John\AppData\Roaming\8pecxstudios [15/07/2016 14:02:38] - |D| - [1381691] - C:\Users\John\AppData\Roaming\Adobe [16/07/2016 11:47:35] - |D| - [4414773] - C:\Users\John\AppData\Roaming\Ashampoo [15/07/2016 14:54:02] - |D| - [2253] - C:\Users\John\AppData\Roaming\ASUS [02/09/2016 15:25:10] - |D| - [4908] - C:\Users\John\AppData\Roaming\Audacity [15/07/2016 16:05:46] - |D| - [14763644] - C:\Users\John\AppData\Roaming\AVAST Software [17/07/2016 12:54:28] - |D| - [2221] - C:\Users\John\AppData\Roaming\ClassicShell [05/11/2016 15:33:39] - |D| - [0] - C:\Users\John\AppData\Roaming\cryptlib [16/07/2016 15:49:55] - |D| - [5854236] - C:\Users\John\AppData\Roaming\Firetrust [16/07/2016 10:22:47] - |D| - [6096058] - C:\Users\John\AppData\Roaming\Foxit Software [01/09/2016 14:02:53] - |D| - [109276] - C:\Users\John\AppData\Roaming\FreeFileSync [03/12/2016 12:16:02] - |D| - [0] - C:\Users\John\AppData\Roaming\FreeFixer [15/07/2016 15:23:29] - |D| - [7] - C:\Users\John\AppData\Roaming\Hekasoft [22/07/2016 17:44:04] - |D| - [65326] - C:\Users\John\AppData\Roaming\Learnpulse [16/07/2016 15:50:34] - |D| - [1027] - C:\Users\John\AppData\Roaming\Macromedia [16/07/2016 16:18:09] - |D| - [33880210] - C:\Users\John\AppData\Roaming\MediaMonkey [10/11/2016 16:12:49] - |SD| - [6838348] - C:\Users\John\AppData\Roaming\Microsoft [12/11/2016 17:29:17] - |D| - [0] - C:\Users\John\AppData\Roaming\Mozilla [05/10/2016 11:49:16] - |D| - [452] - C:\Users\John\AppData\Roaming\PhotoLine [16/07/2016 17:00:19] - |D| - [18006] - C:\Users\John\AppData\Roaming\PotPlayerMini64 [15/07/2016 17:19:44] - |D| - [101986168] - C:\Users\John\AppData\Roaming\Skype [04/11/2016 15:45:59] - |D| - [7482511] - C:\Users\John\AppData\Roaming\Solveig Multimedia [16/07/2016 10:39:38] - |D| - [87665408] - C:\Users\John\AppData\Roaming\Stardock [16/07/2016 10:39:40] - |A| - [0] - C:\Users\John\AppData\Roaming\Stardockfences_debug_snapshot.dat [15/07/2016 16:16:25] - |D| - [1108326312] - C:\Users\John\AppData\Roaming\Thunderbird [16/07/2016 13:59:09] - |D| - [797545] - C:\Users\John\AppData\Roaming\uTorrent [17/07/2016 11:34:20] - |D| - [73298] - C:\Users\John\AppData\Roaming\VideoReDo-TVSuite4 [23/07/2016 14:05:13] - |D| - [282] - C:\Users\John\AppData\Roaming\Wise Uninstaller [15/07/2016 15:43:16] - |D| - [46844185] - C:\Users\John\AppData\Roaming\XYplorer [06/10/2016 14:33:19] - |D| - [14241846] - C:\Users\John\AppData\Roaming\ZHP [15/07/2016 14:02:39] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini [10/11/2016 16:12:49] - |RD| - [28878] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs [10/11/2016 16:12:49] - |RD| - [3888] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [10/11/2016 16:12:49] - |RD| - [2925] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [15/07/2016 14:02:39] - |RD| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [12/12/2016 12:50:47] - |D| - [3821] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALA [15/10/2016 14:07:37] - |A| - [1393] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo Burning Studio 16.lnk [15/07/2016 14:10:34] - |A| - [1243] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk [10/11/2016 16:16:43] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini [10/11/2016 16:12:49] - |D| - [170] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [15/07/2016 14:04:08] - |A| - [2360] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [15/07/2016 14:02:39] - |RD| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [10/11/2016 16:12:49] - |RD| - [5318] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [10/11/2016 16:12:49] - |RD| - [7238] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell [15/07/2016 14:02:39] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public] ---------- | C:\ProgramData [18/01/2017 10:52:17] - |D| - [0] - C:\ProgramData\Adobe [17/07/2016 10:29:58] - |D| - [26720] - C:\ProgramData\AMD [10/11/2016 16:16:35] - |SHD| - [17130792365] - C:\ProgramData\Application Data [16/07/2016 11:46:13] - |D| - [523938] - C:\ProgramData\Ashampoo [31/08/2016 13:41:09] - |D| - [0] - C:\ProgramData\Avanquest Software [15/07/2016 16:04:41] - |D| - [73482099] - C:\ProgramData\AVAST Software [01/11/2016 13:35:36] - |D| - [11736] - C:\ProgramData\ClassicShell [16/07/2016 22:47:48] - |D| - [0] - C:\ProgramData\Comms [10/11/2016 16:16:35] - |SHD| - [29551] - C:\ProgramData\Desktop [10/11/2016 16:16:35] - |SHD| - [278] - C:\ProgramData\Documents [17/07/2016 11:24:52] - |D| - [3993517] - C:\ProgramData\EPSON [16/07/2016 15:49:02] - |D| - [15556274] - C:\ProgramData\Firetrust [15/07/2016 14:40:43] - |D| - [14556643] - C:\ProgramData\Intel [17/07/2016 10:37:29] - |D| - [261909742] - C:\ProgramData\Macrium [18/12/2016 10:09:50] - |D| - [66947826] - C:\ProgramData\Malwarebytes [16/07/2016 16:18:08] - |D| - [295241] - C:\ProgramData\MediaMonkey [16/07/2016 22:47:48] - |SD| - [790622413] - C:\ProgramData\Microsoft [15/07/2016 17:08:55] - |D| - [7594] - C:\ProgramData\Microsoft Help [10/11/2016 16:18:12] - |D| - [0] - C:\ProgramData\Microsoft OneDrive [31/08/2016 13:41:00] - |A| - [117] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [17/07/2016 10:59:11] - |RASH| - [8] - C:\ProgramData\ntuser.pol [10/11/2016 16:12:07] - |D| - [367023011] - C:\ProgramData\Package Cache [16/07/2016 22:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft [15/07/2016 17:19:41] - |D| - [43524096] - C:\ProgramData\Skype [16/07/2016 22:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution [16/07/2016 10:39:38] - |D| - [9638796] - C:\ProgramData\Stardock [10/11/2016 16:16:35] - |SHD| - [142635] - C:\ProgramData\Start Menu [19/12/2016 16:48:48] - |D| - [160] - C:\ProgramData\TechSmith [17/07/2016 11:34:23] - |AD| - [0] - C:\ProgramData\TEMP [10/11/2016 16:16:35] - |SHD| - [0] - C:\ProgramData\Templates [13/12/2016 11:31:39] - |D| - [2] - C:\ProgramData\Ultra Adware Killer [16/07/2016 22:47:48] - |D| - [968] - C:\ProgramData\USOPrivate [10/11/2016 16:17:28] - |D| - [1114112] - C:\ProgramData\USOShared [16/07/2016 10:25:45] - |D| - [1786] - C:\ProgramData\VS Revo Group ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 22:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini [16/07/2016 22:47:48] - |RD| - [141417] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs [17/07/2016 11:04:47] - |A| - [1044] - C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [24/10/2016 11:58:26] - |D| - [1351] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download [16/07/2016 22:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility [16/07/2016 22:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories [16/07/2016 22:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools [10/11/2016 16:12:13] - |D| - [2003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings [16/07/2016 11:46:24] - |D| - [2943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [15/07/2016 14:53:56] - |D| - [1371] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar Essence STX Audio [02/09/2016 15:24:02] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [15/07/2016 16:05:45] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk [01/11/2016 13:35:23] - |D| - [4719] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [16/07/2016 17:57:26] - |D| - [4320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition [22/08/2016 15:22:59] - |D| - [3220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum [16/07/2016 22:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini [16/07/2016 15:49:42] - |D| - [4137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust [17/07/2016 16:11:48] - |D| - [2189] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu [16/07/2016 22:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk [31/08/2016 13:11:20] - |D| - [1922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint [17/07/2016 10:42:24] - |D| - [2030] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium [16/07/2016 22:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance [18/12/2016 10:09:53] - |D| - [4038] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes [16/07/2016 16:18:09] - |D| - [4247] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey [15/07/2016 17:12:19] - |D| - [29434] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [16/07/2016 22:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk [18/07/2016 13:55:33] - |D| - [7109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO [16/07/2016 22:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk [16/07/2016 10:25:45] - |D| - [3535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro [15/07/2016 17:19:43] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [16/07/2016 10:39:37] - |D| - [2089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock [16/07/2016 22:47:48] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp [16/07/2016 22:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools [17/07/2016 11:34:23] - |D| - [3315] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoReDo [10/11/2016 16:14:00] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [20/01/2017 13:06:10] - |D| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 22:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [24/10/2016 11:58:23] - |D| - [124113891] - C:\Program Files (x86)\4KDownload [12/12/2016 12:50:47] - |D| - [1868888] - C:\Program Files (x86)\ALA [10/11/2016 16:12:12] - |AD| - [56201665] - C:\Program Files (x86)\AMD [16/07/2016 11:46:13] - |D| - [571802231] - C:\Program Files (x86)\Ashampoo [02/09/2016 15:24:00] - |AD| - [60007596] - C:\Program Files (x86)\Audacity [16/07/2016 17:04:24] - |D| - [138648186] - C:\Program Files (x86)\Common Files [16/07/2016 17:57:26] - |AD| - [7451812] - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition [16/07/2016 22:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini [16/07/2016 15:49:42] - |D| - [20313812] - C:\Program Files (x86)\Firetrust [16/07/2016 10:21:04] - |D| - [523087461] - C:\Program Files (x86)\Foxit Software [17/07/2016 16:11:48] - |AD| - [19876210] - C:\Program Files (x86)\i-Menu [15/07/2016 14:54:03] - |HD| - [5681879] - C:\Program Files (x86)\InstallShield Installation Information [15/07/2016 14:40:43] - |D| - [1336022] - C:\Program Files (x86)\Intel [16/07/2016 22:47:48] - |D| - [1988463] - C:\Program Files (x86)\Internet Explorer [16/07/2016 16:18:07] - |AD| - [56791189] - C:\Program Files (x86)\MediaMonkey [15/07/2016 17:09:34] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services [15/07/2016 17:08:55] - |D| - [4155781] - C:\Program Files (x86)\Microsoft Office [16/07/2016 22:47:48] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET [15/07/2016 16:13:45] - |AD| - [87742116] - C:\Program Files (x86)\Mozilla Thunderbird [11/11/2016 11:01:26] - |D| - [25757] - C:\Program Files (x86)\MSBuild [15/07/2016 14:54:01] - |D| - [765952] - C:\Program Files (x86)\OpenAL [11/11/2016 11:01:26] - |D| - [36957953] - C:\Program Files (x86)\Reference Assemblies [15/07/2016 17:19:43] - |RD| - [85152973] - C:\Program Files (x86)\Skype [16/07/2016 10:39:37] - |D| - [16195056] - C:\Program Files (x86)\Stardock [10/11/2016 16:14:53] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information [16/07/2016 13:59:52] - |AD| - [396152] - C:\Program Files (x86)\uTorrent [17/07/2016 11:34:20] - |AD| - [75376266] - C:\Program Files (x86)\VideoReDoTVSuite4 [15/08/2016 17:01:08] - |D| - [220079] - C:\Program Files (x86)\VirusTotalUploader2 [16/07/2016 22:47:48] - |D| - [1922048] - C:\Program Files (x86)\Windows Defender [16/07/2016 22:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail [16/07/2016 22:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player [16/07/2016 22:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform [16/07/2016 22:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT [16/07/2016 22:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer [16/07/2016 22:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices [16/07/2016 22:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar [16/07/2016 22:47:48] - |D| - [3222839] - C:\Program Files (x86)\WindowsPowerShell [19/11/2016 13:04:04] - |AD| - [16862105] - C:\Program Files (x86)\Zemana AntiMalware ---------- | C:\Program Files [24/01/2017 13:18:29] - |D| - [7983488] - C:\Program Files\9-lab [10/11/2016 16:11:53] - |AD| - [151556709] - C:\Program Files\AMD [15/07/2016 14:53:55] - |D| - [12274616] - C:\Program Files\ASUS Xonar Essence STX Audio [10/11/2016 16:12:12] - |AD| - [189078] - C:\Program Files\ATI Technologies [15/07/2016 16:05:37] - |D| - [672979221] - C:\Program Files\AVAST Software [01/11/2016 13:35:23] - |D| - [10118035] - C:\Program Files\Classic Shell [16/07/2016 17:04:24] - |D| - [269079103] - C:\Program Files\Common Files [15/07/2016 14:17:49] - |AD| - [119691438] - C:\Program Files\Cyberfox [16/07/2016 16:59:34] - |D| - [75150277] - C:\Program Files\DAUM [16/07/2016 22:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini [01/09/2016 14:02:06] - |AD| - [46196986] - C:\Program Files\FreeFileSync [15/07/2016 15:23:29] - |AD| - [2284117] - C:\Program Files\Hekasoft Backup & Restore [31/08/2016 13:11:20] - |AD| - [15199322] - C:\Program Files\Inpaint [15/07/2016 14:42:21] - |AD| - [26740] - C:\Program Files\Intel [16/07/2016 22:47:47] - |D| - [2580826] - C:\Program Files\Internet Explorer [17/07/2016 10:42:24] - |D| - [181879847] - C:\Program Files\Macrium [18/12/2016 10:09:50] - |D| - [131019021] - C:\Program Files\Malwarebytes [15/07/2016 17:09:34] - |D| - [66182091] - C:\Program Files\Microsoft Analysis Services [15/07/2016 17:08:55] - |AD| - [576152023] - C:\Program Files\Microsoft Office [11/11/2016 11:01:26] - |D| - [25757] - C:\Program Files\MSBuild [18/07/2016 13:55:33] - |AD| - [8464279] - C:\Program Files\PowerISO [11/11/2016 11:01:26] - |D| - [34617001] - C:\Program Files\Reference Assemblies [27/04/2016 17:34:16] - |HD| - [0] - C:\Program Files\Uninstall Information [16/07/2016 10:25:44] - |D| - [41385246] - C:\Program Files\VS Revo Group [17/07/2016 11:04:46] - |D| - [33914848] - C:\Program Files\VueScan [16/07/2016 22:47:47] - |RD| - [14858410] - C:\Program Files\Windows Defender [17/07/2016 01:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection [16/07/2016 22:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail [16/07/2016 22:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player [16/07/2016 22:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform [16/07/2016 22:47:47] - |D| - [7730882] - C:\Program Files\Windows NT [16/07/2016 22:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer [16/07/2016 22:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices [16/07/2016 22:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar [16/07/2016 22:47:47] - |HD| - [1111920222] - C:\Program Files\WindowsApps [16/07/2016 22:47:47] - |D| - [3639928] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [10/11/2016 16:12:16] - |D| - [337630] - C:\Program Files (x86)\Common Files\logishrd [16/07/2016 22:47:48] - |AD| - [125839059] - C:\Program Files (x86)\Common Files\Microsoft Shared [16/07/2016 22:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services [11/11/2016 11:48:15] - |AD| - [2581120] - C:\Program Files (x86)\Common Files\Skype [16/07/2016 22:47:48] - |D| - [9887675] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [10/11/2016 16:11:54] - |D| - [2638144] - C:\Program Files\Common files\ATI Technologies [23/07/2016 14:15:24] - |AD| - [99992] - C:\Program Files\Common files\DESIGNER [17/07/2016 11:26:10] - |D| - [152640] - C:\Program Files\Common files\EPSON [10/11/2016 16:12:15] - |D| - [1022022] - C:\Program Files\Common files\logishrd [16/07/2016 22:47:47] - |AD| - [254479768] - C:\Program Files\Common files\microsoft shared [16/07/2016 22:47:47] - |D| - [2702] - C:\Program Files\Common files\Services [16/07/2016 22:47:47] - |D| - [10683835] - C:\Program Files\Common files\System ---------- | Tasks [MD5.D30F8816AF69EFEBC4AA28033865FF7E] - [18/11/2016 12:12:44] - |A| - [830] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job [MD5.1B89EB54F8FB57EA2E8A98EE0412725A] - [24/09/2016 14:28:24] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job [MD5.09970ABE8E8DB299E79E1A26834A2653] - [01/10/2016 10:31:17] - |A| - [749] - C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job [MD5.6C64775151600A736761DCB4B967DA23] - [01/10/2016 10:31:17] - |A| - [935] - C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [10/11/2016 16:15:47] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT [MD5.00000000000000000000000000000000] - [10/11/2016 16:15:47] - |D| - [0] - C:\WINDOWS\System32\Tasks\2BrightSparks [MD5.202A4A8E61E949FE3A7F6F71B0F69856] - [18/11/2016 12:12:44] - |A| - [3818] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater : C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [MD5.BB91DE30AA99425F2389D2A20996A502] - [10/11/2016 16:15:47] - |A| - [4004] - C:\WINDOWS\System32\Tasks\avast! Emergency Update : C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [MD5.96A11ED431FE61A859A7A7EB730B2F9C] - [10/11/2016 16:15:47] - |A| - [3370] - C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002} : C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [MD5.88B8463A6ED97CFE00CC972916ACECA9] - [10/11/2016 16:15:47] - |A| - [3548] - C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002} : C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [MD5.00000000000000000000000000000000] - [16/07/2016 22:47:48] - |D| - [501182] - C:\WINDOWS\System32\Tasks\Microsoft [MD5.00000000000000000000000000000000] - [10/11/2016 16:15:48] - |D| - [4522] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform [MD5.00000000000000000000000000000000] - [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules] "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700| "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700| "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751| "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751| "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010| "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010| "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay| "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100| "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302| "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE| "{6E02EDC5-5B51-4FBF-9A42-6C549FE2F8E1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8612|App=C:\Program Files\VueScan\vuescan.exe|Name=VueScan (canon-bjnp2-In)|Desc=Inbound rule for VueScan to allow searching network for legacy Canon scanners.| "{BD4885C8-3297-4CAF-955D-C4798CA65EEA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\VueScan\vuescan.exe|Name=VueScan (mDNS-In)|Desc=Inbound rule for VueScan to allow searching network for scanners using mDNS.| "{00FF91AC-7766-460C-85DF-7DA7366849E8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe|Name=MediaMonkey auto-conf 1328497419| "{2BBF161C-9403-493C-B659-F591ED39EDD8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{97D71CC0-B247-4ADE-B9CA-B8D46510D6E2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE| "{EF71B855-1CE4-4569-9CE9-AC990983B87D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype| "{DB4754A4-1643-406F-AC7B-EA58F494E227}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{384D0EF4-88EC-497D-8FCE-87728664CB98}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{804EECA6-4E4C-4303-A7D0-22AD25B64F1E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{14D5127A-5277-4D63-9E5A-64465DE0CE72}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{79D23DB5-67E8-4D5B-B4BB-1F3D9D5DDC81}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{6A8D883B-BF8C-4147-9381-A05F8EEC6475}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{7D8EEA86-4296-4000-B4D6-0BE76F117281}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{A9754056-E5D6-43CC-AF4C-D5777E1E9BB0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{22C5E545-4446-4C3E-B9C6-142D881A82CD}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ| "{CD419A58-7EC1-4CD6-BE5E-DBEA1A04FFF8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{33E46CBC-5152-4C31-9A73-C39AA98F5376}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{DDE80687-9317-45D6-9ECF-7635CA79E916}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ| "{C950B8FD-8397-42BC-8C83-56BC9D0FB6E6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{3B2266F9-D0A8-457D-A002-D7D9124B9CCB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{894C4550-7760-4D43-85D3-28DB720CF830}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{CCD9DB1A-8EE1-4902-AA88-026B9B8C4BD4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{9DC17756-D478-4A4D-940F-ED27A70A9221}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{3DB7BB9F-5885-47A3-8C8C-0D73F70998BF}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{4F5C4C9E-3EFE-4F11-8678-142439A48325}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{CD1CDA90-9CB1-486B-A449-ECD34731C7C4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{A5B8B344-41B4-4C91-927A-3CAC18C5D16B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{EDA9A1C8-E4D2-4D7F-B606-BE4D48BDB532}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ| "{229EE879-D1FF-444D-BF1A-267250F49986}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{462841C1-BCAE-457C-B9B5-58AEAC362F6D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{6927B265-8737-4EBC-81F2-5D78B86DF926}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{27D1A47D-F7C8-415F-92E8-9D323430B247}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ| "{BB6D8200-DD74-440B-A0D9-9D0FE77B14A7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{23227A95-604C-4806-B473-20769E15F9B1}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{33AC586B-A8D2-41F3-A970-9683D7F1D8F9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{F0E6C910-5001-4EB8-8BF1-2F0B6F680CAE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{FF9E7C7B-C7CD-4607-9414-21CE344626C2}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{461E208C-89A2-4E0D-A5DF-3357AEBA8ADF}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ| "{F462D453-BD09-4DFC-9CB1-A40ACD2CB60A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{41875873-9EAA-4319-AC69-0A2F83D04BE4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{E868F82C-C822-4D33-BF11-B53915945BD5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices| "{E9791158-64F0-4404-8A5A-CFC6A6463810}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{1FC98750-AB07-45AC-9558-0FE3FBBC8180}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{BFA84485-FCD9-4F12-9C1A-8E22774BFF6B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ| "{EA726BB5-E50C-4A4C-AAE8-D40453646998}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName}|Desc=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3733603082-4179795269-1217541644-381468798-1681740699-3059609168-2054985149|EmbedCtxt=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{58F22165-1917-4D76-B079-2F1D4AB281A5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{9FD2D571-5218-40C7-8794-2A3ACD112B2B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ| "{24788DDF-A96A-42F7-ABEA-6460B3EADB91}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{4D5DDC9D-70DA-4A7E-8837-F424B5DD1294}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ| "{EABB7793-AEC7-4B0F-85E8-F39B62D5AE7B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE| "{32E349FE-46C7-47B3-8C9F-7D2D82CF487D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{548084E8-0DE8-44BA-83AF-DB0BE113CAFC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ| "{97FECF52-1FDD-4FD3-9732-05A1DE64E665}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ| "{F08F550B-F619-41AC-99B0-78D2CE69E496}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{11087C58-9735-4599-830E-C0920E21C087}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ| "{635797E5-BC7B-4612-9EDE-8318E88221CE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ| "{D93E2B03-D594-478C-B156-1675495CBD47}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| "{E7B13D76-957D-4F4E-AF6C-5E75527F0B9C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ| ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem37.inf,%ClassName%;SAMSUNG Android Phone [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs) [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101 [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem28.inf,%ClassName%;ADB Interface [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] -> [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.) [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [16/07/2016 12:45:47] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zamguard64.sys [16/07/2016 12:45:48] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zam64.sys [18/07/2016 13:55:33] - (6.6.0.0) - (Power Software Ltd - PowerISO Virtual Drive) - C:\WINDOWS\System32\Drivers\SCDEmu.SYS [03/06/2015 11:23:06] - (0.0.8.1823) - (C-Media Inc - C-Media Audio WDM Driver) - C:\WINDOWS\system32\drivers\cmudaxp.sys [17/07/2016 16:11:57] - (3.8.0.0) - (Nicomsoft Ltd. - WINI2C-DDC Kernel Mode Driver) - C:\Windows\system32\drivers\mi2c.sys [12/10/2015 16:39:20] - (6.1.865.0) - (Windows (R) Win 7 DDK provider - Paramount Software Image Mounting Driver) - C:\Windows\system32\drivers\psmounterex.sys [21/07/2014 13:36:48] - (1.0.0.1) - (Paramount Software UK Ltd - Volume Access driver) - C:\WINDOWS\System32\Drivers\PSVolAcc.SYS ---------- | LoadOrderGroup Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK Name: Network - DriverEnabled: False - GroupOrder: 71 - Status: OK Name: PnP Filter - DriverEnabled: False - GroupOrder: 72 - Status: OK Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 73 - Status: OK Name: NetworkService - DriverEnabled: False - GroupOrder: 74 - Status: OK Name: _Early-Launch - DriverEnabled: False - GroupOrder: 75 - Status: OK Name: LocalService - DriverEnabled: False - GroupOrder: 76 - Status: OK ---------- | LoadOrderGroupServiceDependencies LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs" ---------- | LoadOrderGroupServiceMembers LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc" LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder" LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="avast! Antivirus" LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure" LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="CscService" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch" LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall" LoadOrderGroup.Name="TDI" - Service.Name="Dhcp" LoadOrderGroup.Name="TDI" - Service.Name="Dnscache" LoadOrderGroup.Name="TDI" - Service.Name="dot3svc" LoadOrderGroup.Name="Event Log" - Service.Name="EventLog" LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc" LoadOrderGroup.Name="TDI" - Service.Name="icssvc" LoadOrderGroup.Name="TDI" - Service.Name="irmon" LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation" LoadOrderGroup.Name="TDI" - Service.Name="lmhosts" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM" LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker" LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc" LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI" LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc" LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay" LoadOrderGroup.Name="Plugplay" - Service.Name="Power" LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper" LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs" LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr" LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS" LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection" LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler" LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller" LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="UevAgentService" LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc" LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc" LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient" LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc" LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc" LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc" LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware" LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag" LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata" LoadOrderGroup.Name="FSFilter HSM" - SystemDriver.Name="AppvStrm" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AppvVemgr" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AppvVfs" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="aswMonFlt" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="aswRdr" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="aswRvrt" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="aswSnx" LoadOrderGroup.Name="FSFilter Security Enhancer" - SystemDriver.Name="aswSP" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="aswStm" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="aswVmm" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay" LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2" LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep" LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs" LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass" LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS" LoadOrderGroup.Name="base" - SystemDriver.Name="clreg" LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG" LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus" LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv" LoadOrderGroup.Name="network" - SystemDriver.Name="CSC" LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc" LoadOrderGroup.Name="Base" - SystemDriver.Name="dg_ssudbus" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="e1iexpress" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass" LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat" LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt" LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol" LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr" LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd" LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt" LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO" LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus" LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="irda" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic" LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD" LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MEIx64" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr" LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10" LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge" LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf" LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="MsSecFlt" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig" LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr" LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy" LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT" LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS" LoadOrderGroup.Name="Base" - SystemDriver.Name="Null" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor" LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia" LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="PSVolAcc" LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd" LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Revoflt" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr" LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum" LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial" LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv" LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2" LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme" LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt" LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum" LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="tsusbhub" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000" LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="UevAgentDriver" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea" LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000" LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub" LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci" LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint" LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci" LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt" LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp" LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx" LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid" LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6" LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs" LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs" LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot" LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000" LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS" LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT" LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad" LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi" LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof" LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr" LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice" LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan" LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf" LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd" LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip" LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid" LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="XtuAcpiDriver" LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="MBAMSwissArmy" ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - aswRvrt (avast! Revert) -> (?) - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - aswVmm (avast! VM Monitor) -> (?) - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - SCDEmu (SCDEmu) -> (?) - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\Windows\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\Windows\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - mi2c (mi2c) -> \??\C:\Windows\system32\drivers\mi2c.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - AppvStrm (@%systemroot%\system32\drivers\AppvStrm.sys,-101) -> \SystemRoot\system32\drivers\AppvStrm.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - AppvVemgr (@%systemroot%\system32\drivers\AppvVemgr.sys,-101) -> \SystemRoot\system32\drivers\AppvVemgr.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - AppvVfs (@%systemroot%\system32\drivers\AppvVfs.sys,-101) -> \SystemRoot\system32\drivers\AppvVfs.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - aswHwid (avast! HardwareID) -> \SystemRoot\system32\drivers\aswHwid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - AtiHDAudioService (@oem11.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service) -> \SystemRoot\system32\drivers\AtihdWT6.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - cmudaxp (@oem8.inf,%CMUDA.SvcDesc%;ASUS Xonar Essence STX Audio Interface) -> \SystemRoot\system32\drivers\cmudaxp.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - dg_ssudbus (@oem0.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\DRIVERS\drmkaud.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - e1iexpress (@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I) -> \SystemRoot\System32\drivers\e1i63x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - lvrs64 (@oem20.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - LVUVC64 (@oem18.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - MEIx64 (@oem21.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface) -> \SystemRoot\System32\drivers\TeeDriverW8x64.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - monitor (@oem3.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - NTFS () -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - PSMounterEx (Macrium Reflect Image Explorer Driver) -> \??\C:\Windows\system32\drivers\psmounterex.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - PSVolAcc (PSVolAcc) -> (?) - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: True S3 - [File System Driver] - ReFSv1 () -> (?) - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - Revoflt (Revoflt) -> system32\DRIVERS\revoflt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - scmdisk0101 (@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver) -> \SystemRoot\System32\drivers\scmdisk0101.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - ssudmdm (@oem34.inf,%ssud.Service.Name%;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudmdm.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - tsusbhub (@%SystemRoot%\system32\drivers\tsusbhub.sys,-1) -> system32\drivers\tsusbhub.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True R3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys - AcceptPause: False - AcceptStop: False S3 - [File System Driver] - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;WSD Scan Support) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: True S3 - [Kernel Driver] - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> system32\drivers\WudfRd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys - AcceptPause: False - AcceptStop: False S3 - [Kernel Driver] - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys - AcceptPause: False - AcceptStop: False R3 - [Kernel Driver] - XtuAcpiDriver (@oem32.inf,%XtuAcpiDriver.SVCDESC%;Intel(R) Extreme Tuning Utility Service) -> \SystemRoot\System32\drivers\XtuAcpiDriver.sys - AcceptPause: False - AcceptStop: True R3 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: True S4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: False S4 - [Kernel Driver] - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys - AcceptPause: False - AcceptStop: False S4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: False S4 - [File System Driver] - UevAgentDriver (@%systemroot%\system32\drivers\UevAgentDriver.sys,-101) -> \SystemRoot\system32\drivers\UevAgentDriver.sys - AcceptPause: False - AcceptStop: False S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 22:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 22:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 22:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 22:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 22:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 22:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys [MD5.9B480B472D6826E7257C90E2D0EE2954] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [36.77 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys [MD5.1BB00571CC2C78463ABD7E9C32970758] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [106.27 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys [MD5.7010B57D708DA5C9686A5923EE621776] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [100.65 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys [MD5.937885085BFE5BD08EC1BC0245DD203B] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [72.8 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys [MD5.0B6352251C5D84130DF4252D33D266C2] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [946.47 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsnx.sys [MD5.28213B34725B18387CC1B8C3D73858A1] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [501.59 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsp.sys [MD5.9C58B6E9663D0A76D00D83E43C765BDF] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [159.59 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswStm.sys [MD5.D60D9201739400F0FBDB9E36A3212D91] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [286.48 Ko] - (12.3.3154.16) - C:\WINDOWS\System32\Drivers\aswvmm.sys [MD5.7FFB1E6F81C7BFD5B64D02A5B344B1D2] - [12/02/2016 00:17:18] - (.© Advanced Micro Devices. - AMD High Definition Audio Function Driver.) - [108.52 Ko] - (10.0.0.2) - C:\WINDOWS\System32\Drivers\AtihdWT6.sys [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 22:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 22:41:53] - (.© Broadcom Corporation. - BCM Function 2 Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 22:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 22:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 22:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 22:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys [MD5.12145BABD827F3B68B27A4F73B7284CD] - [03/06/2015 11:23:06] - (.Copyright (C) C-Media Inc. 1998-2015 - C-Media Audio WDM Driver.) - [2671.5 Ko] - (0.0.8.1823) - C:\WINDOWS\System32\Drivers\cmudaxp.sys [MD5.83E4A14F851341C933C3235BFB882ECA] - [16/07/2016 22:41:54] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [512.5 Ko] - (12.15.22.6) - C:\WINDOWS\System32\Drivers\e1i63x64.sys [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 22:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 22:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 22:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 22:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 22:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 22:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 22:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 22:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 22:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 22:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys [MD5.A0A527569856B9814E8920F52EBB67F5] - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Kernel Audio Improvement Filter Driver.) - [343.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvrs64.sys [MD5.415E344294D1C0D04627B29146F68481] - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech USB Video Class Driver.) - [4646.66 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvuvc64.sys [MD5.047244823B2EA707E1F6076CA20DEF90] - [18/12/2016 10:09:53] - (.-.) - [75.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\mbae64.sys [MD5.ABB371D9AEF728B0489B0E6872B4A1C0] - [18/12/2016 10:09:55] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [244.94 Ko] - (4.2.0.101) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys [MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [11/11/2016 11:04:52] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 22:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys [MD5.8EA880DC2E0F8D93A943C25EF17E18FC] - [17/07/2016 16:11:57] - (.©2006-2011, Nicomsoft Ltd. - WINI2C-DDC Kernel Mode Driver.) - [20.3 Ko] - (3.8.0.0) - C:\WINDOWS\System32\Drivers\mi2c.sys [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 22:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 22:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 22:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 22:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys [MD5.8E78AB9B9709BAFB11695A0A6EDDEFF9] - [05/11/2016 15:37:13] - (.Copyright (C) M. Russinovich 1996-2011 - Process Explorer.) - [34.88 Ko] - (15.0.0.0) - C:\WINDOWS\System32\Drivers\PROCEXP152.SYS [MD5.D06C8A05ABD8B3D0EDCEC1B632396143] - [12/10/2015 16:39:20] - (.Copyright (C) 2014 Paramount Software UK Ltd - Paramount Software Image Mounting Driver.) - [165.01 Ko] - (6.1.865.0) - C:\WINDOWS\System32\Drivers\psmounterex.sys [MD5.436E1F795F0495B2715116A4EC176803] - [21/07/2014 13:36:48] - (.(c) Paramount Software UK Ltd 2010 - Volume Access driver.) - [12.46 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Drivers\PSVolAcc.sys [MD5.9C3AC71A9934B884FAC567A8807E9C4D] - [16/07/2016 10:25:45] - (.© VS Revo Group, Ltd. - Revo Uninstaller Minifilter.) - [31.05 Ko] - (1.0.0.4) - C:\WINDOWS\System32\Drivers\revoflt.sys [MD5.81912490882BE0F971B582AD1C33CA57] - [18/07/2016 13:55:33] - (.Copyright (C) 2004-2016 - PowerISO Virtual Drive.) - [134.06 Ko] - (6.6.0.0) - C:\WINDOWS\System32\Drivers\scdemu.sys [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 22:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 22:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys [MD5.9593475FBC857A05D93BFF4FA7323C2B] - [05/09/2016 05:47:06] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver.) - [128.63 Ko] - (2.12.4.0) - C:\WINDOWS\System32\Drivers\ssudbus.sys [MD5.5252D7BC56E5E0ED715AEA8FE173A455] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008. (www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) - [201.25 Ko] - (2.11.7.0) - C:\WINDOWS\System32\Drivers\ssudmdm.sys [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 22:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys [MD5.6D1671CB2E5402F01D2F13ECF764CAA1] - [20/01/2016 16:50:38] - (.Copyright © 2006-2015, Intel Corporation. - Intel(R) Management Engine Interface.) - [197.3 Ko] - (11.0.0.1157) - C:\WINDOWS\System32\Drivers\TeeDriverW8x64.sys [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 22:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 22:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys [MD5.DCF1C283860C3CAB0BF0A71528A0136C] - [06/06/2015 05:16:54] - (.Copyright(C) 2012 Intel Corporation. - Intel(R) Acpi Control Driver.) - [62.34 Ko] - (4.0.0.1) - C:\WINDOWS\System32\Drivers\XtuAcpiDriver.sys [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [16/07/2016 12:45:48] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zam64.sys [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [16/07/2016 12:45:47] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zamguard64.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON WF-3640 Series] : (EPSON WF-3640 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSKDE.EXE /R /APD /P:"EPSON WF-3640 Series" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MacriumReflect] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> C:\Program Files\Macrium\Reflect\xReflect.exe [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PotPlayer64] : (Potplayer-64 bit.-.Kakao Corp.) -> "C:\Program Files\DAUM\PotPlayer\uninstall.exe" [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VueScan x64] : (VueScan x64.-.) -> "C:\Program Files\VueScan\vuescan.exe" /remove [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WUCCCApp] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> "C:\AMD\WU-CCC2\ccc2_install\WULaunchApp.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26567561-DFB2-2B63-9BA8-6A490ED37016}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1] : (Inpaint 6.2.-.Teorex) -> "C:\Program Files\Inpaint\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2F544F46-5F6E-97BB-3550-A0242A3C5754}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.4.1269.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{383BB30A-B4A7-4666-9A83-22CFA8640097}] : (Classic Shell.-.IvoSoft) -> MsiExec.exe /X{383BB30A-B4A7-4666-9A83-22CFA8640097} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3AF70346-52C7-0334-606F-118D1C1CB7A2}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{51F85784-6799-5CA3-97B2-2E5904FC3E58}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{53AE8AC7-5213-67AF-0DC0-CED696B77643}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{59D2664C-949B-7FA7-9880-ECB993B6616A}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1] : (Cyberfox Web Browser.-.8pecxstudios) -> "C:\Program Files\Cyberfox\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5FD706FF-6AD8-E372-A35A-879409982655}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5FEACE78-C338-9AED-FF05-7DE7E273C774}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60DC6F22-D268-44F0-8720-200033508384}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{60DC6F22-D268-44F0-8720-200033508384} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{638A518B-0D2E-4143-ACF8-F3D83D822E85}] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1 [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1] : (Revo Uninstaller Pro 3.1.7.-.VS Revo Group, Ltd.) -> "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> MsiExec.exe /I{6E9A87FE-8050-4714-BBDF-1A096B8CB288} [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{713690A5-53D0-2627-5ABE-55DA9B3E8BDE}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{918989F1-06FC-BFAC-FC46-6C2479AC0C0E}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{970A40CA-46AB-986C-1798-976ED0EA00FA}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A50C89BC-8D8E-8828-824A-7171F6D583D5}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC85CF50-9A55-0103-ADBF-365C37603AA4}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AD28960A-6190-C991-C964-308B86EAA2E2}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B349892D-B015-033C-4CA8-3635E6B655D7}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C14A3A5B-8A86-C239-37D7-158211778C54}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C3EE628C-7394-FE2C-0C90-C05284EB528D}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4B3454F-7529-4F5F-851D-2C36933F7D64}] : (.-.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DAB44116-0266-C65B-B643-AC11217C3041}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}] : (AMD Start Now.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DF17C0DB-76D8-4A45-B26E-674F8455B803}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{DF17C0DB-76D8-4A45-B26E-674F8455B803} ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) -> ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FC4086D6-E345-5F43-08BB-280FB57DAF49}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{PBR27112011-M1447-7KS6-C3E2-1X8374W715U4}_is1] : (Hekasoft Backup & Restore 0.53.-.Hekasoft) -> "C:\Program Files\Hekasoft Backup & Restore\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\4K Video Downloader_is1] : (4K Video Downloader 4.1.-.Open Media LLC) -> "C:\Program Files (x86)\4KDownload\4kvideodownloader\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 24 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_Plugin.exe -maintain plugin [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ALA] : (ALA (Ache Logfile Analyzer).-.) -> "C:\Program Files (x86)\ALA\ALAuninst.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.2.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Free Antivirus.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeFileSync_is1] : (FreeFileSync 8.8.-.www.FreeFileSync.org) -> "C:\Program Files\FreeFileSync\Uninstall\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MediaMonkey_is1] : (MediaMonkey 4.1.-.Ventis Media Inc.) -> "C:\Program Files (x86)\MediaMonkey\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Thunderbird 45.6.0 (x86 en-US)] : (Mozilla Thunderbird 45.6.0 (x86 en-US).-.Mozilla) -> C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OpenAL] : (OpenAL.-.) -> "C:\Program Files (x86)\OpenAL\openalweax.exe" /U [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PowerISO] : (PowerISO.-.Power Software Ltd) -> "C:\Program Files\PowerISO\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) -> "C:\Program Files (x86)\Stardock\Fences\uninstall.exe" "/U:C:\Program Files (x86)\Stardock\Fences\Uninstall\uninstall.xml" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.) -> "C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VideoReDo4_is1] : (VideoReDo TVSuite Version 4.20.7.629.-.DRD Systems, Inc.) -> "C:\Program Files (x86)\VideoReDoTVSuite4\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VTUploader] : (VirusTotal Uploader 2.2.-.) -> "C:\Program Files (x86)\VirusTotalUploader2\uninstall.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1] : (i-Menu version 4.3.1.-.AOC) -> "C:\Program Files (x86)\i-Menu\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}] : (Foxit PhantomPDF Business.-.Foxit Software Inc.) -> MsiExec.exe /I{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6657DA03-A39B-472C-8458-6292E128A3D9}] : (MailWasherPro.-.Firetrust) -> MsiExec.exe /X{6657DA03-A39B-472C-8458-6292E128A3D9} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71B53BA8-4BE3-49AF-BC3E-07F392008788}] : (ASUS Xonar Essence STX Audio.-.ASUSTeK Computer Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{71B53BA8-4BE3-49AF-BC3E-07F392008788}\Setup.exe" -runfromtemp -l0x0409 -removeonly /Cmicheck [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{899B0A57-C6BA-6FAB-DF06-D095CFBC60EC}] : (.-.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiMalware\unins000.exe" [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1] : (Ashampoo Burning Studio 16.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}\SetupChipset.exe" /uninstall [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1] : (Ashampoo Photo Commander 14.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 14\unins000.exe" ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E29B4E12-2EB0-93F6-8556-3ED42722D653}] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}] : (CyberPower PowerPanel Personal Edition 1.6.1.-.Cyber Power Systems, Inc.) -> MsiExec.exe /I{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5} [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.30.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} ---------- | Ports ---------- | Microsoft Specifications CheckID: SetupControllerFiles0{90140000-00A1-0409-1000-0000000FF1CE} - CLICK2RUN -> SetupControllerFiles ---------- | CLSID ---------- | Installer [HKCR\Installer\Products\035EBE8F5D4A15FB6F3273786E8B8A87] : Catalyst Control Center Next Localization EL -> C:\Windows\Installer\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}\ARPPRODUCTICON.exe [HKCR\Installer\Products\05FC58CA55A93010DAFB63C57306A34A] : Catalyst Control Center Next Localization FI -> C:\Windows\Installer\{AC85CF50-9A55-0103-ADBF-365C37603AA4}\ARPPRODUCTICON.exe [HKCR\Installer\Products\0F3365B0514C80F276E1C4E9F2AADC54] : Catalyst Control Center Next Localization TR -> C:\Windows\Installer\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}\ARPPRODUCTICON.exe [HKCR\Installer\Products\165765622BFD36B2B98AA694E03D0761] : Catalyst Control Center Next Localization IT -> C:\Windows\Installer\{26567561-DFB2-2B63-9BA8-6A490ED37016}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1BA6D8EB9403C0F276AF000C5A3D123A] : Catalyst Control Center Next Localization HU -> C:\Windows\Installer\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}\ARPPRODUCTICON.exe [HKCR\Installer\Products\1CEF908068FE9E152801CDB1B1BD7654] : Catalyst Control Center Next Localization JA -> C:\Windows\Installer\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}\ARPPRODUCTICON.exe [HKCR\Installer\Products\21E4B92E0BE26F395865E34D72226D35] : AMD Settings -> C:\WINDOWS\Installer\{E29B4E12-2EB0-93F6-8556-3ED42722D653}\ARPPRODUCTICON.exe [HKCR\Installer\Products\22F6CD06862D0F447802020033053848] : Intel(R) Management Engine Components [HKCR\Installer\Products\2703D7E182D1A33E99FD589D7FCE0DE6] : Catalyst Control Center Next Localization DE -> C:\WINDOWS\Installer\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2955F6E8E7DE05C947CAFB14B7F12E19] : Catalyst Control Center Next Localization CHS -> C:\WINDOWS\Installer\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2A2FFE1CA4FD1D6F9BC9E11D49EAE987] : Catalyst Control Center Next Localization RU -> C:\WINDOWS\Installer\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}\ARPPRODUCTICON.exe [HKCR\Installer\Products\2BAEA5633FC4BBC7D0CA9E1EB486E856] : Catalyst Control Center Next Localization CHS -> C:\Windows\Installer\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}\ARPPRODUCTICON.exe [HKCR\Installer\Products\30AD7566B93AC274488526291E823A9D] : MailWasherPro [HKCR\Installer\Products\38D6CBA7E61884D66ED50BECDD92E4E4] : Catalyst Control Center Next Localization CHT -> C:\Windows\Installer\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\48758F1599763AC5792BE29540CFE385] : Catalyst Control Center Next Localization BR -> C:\WINDOWS\Installer\{51F85784-6799-5CA3-97B2-2E5904FC3E58}\ARPPRODUCTICON.exe [HKCR\Installer\Products\57670CADFA1A1F94FD7B161BA56DC1A9] : AMD Start Now -> C:\WINDOWS\Installer\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5C2F3C482B7F80F2DC4F97FEC75CD547] : Catalyst Control Center Next Localization CS -> C:\WINDOWS\Installer\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}\ARPPRODUCTICON.exe [HKCR\Installer\Products\5CD401BE9D83A6D47B0008BEA4E90B5F] : CyberPower PowerPanel Personal Edition 1.6.1 -> C:\Windows\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe.exe [HKCR\Installer\Products\61144BAD6620B56C6B34CA1112C70314] : Catalyst Control Center Next Localization KO -> C:\WINDOWS\Installer\{DAB44116-0266-C65B-B643-AC11217C3041}\ARPPRODUCTICON.exe [HKCR\Installer\Products\64307FA37C25433006F611D8C1C17B2A] : Catalyst Control Center Next Localization NL -> C:\WINDOWS\Installer\{3AF70346-52C7-0334-606F-118D1C1CB7A2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\64F445F2E6F5BB7953050A42A2C37545] : Catalyst Control Center Next Localization DA -> C:\Windows\Installer\{2F544F46-5F6E-97BB-3550-A0242A3C5754}\ARPPRODUCTICON.exe [HKCR\Installer\Products\670F1A988B911B2A5D3A8E42E7AF1F75] : Catalyst Control Center Next Localization TR -> C:\WINDOWS\Installer\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}\ARPPRODUCTICON.exe [HKCR\Installer\Products\6D6804CF543E34F580BB82F05BD7FA94] : Catalyst Control Center Next Localization DE -> C:\Windows\Installer\{FC4086D6-E345-5F43-08BB-280FB57DAF49}\ARPPRODUCTICON.exe [HKCR\Installer\Products\71B3A8E0306D6B1B2C506158BEDD329E] : Catalyst Control Center Next Localization DA -> C:\WINDOWS\Installer\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.30 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe [HKCR\Installer\Products\776FC82B8C2EAC2125BB916B0F663DA6] : Catalyst Control Center Next Localization HU -> C:\WINDOWS\Installer\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\7CA8EA353125FA76D00CEC6D697B6734] : Catalyst Control Center Next Localization NO -> C:\WINDOWS\Installer\{53AE8AC7-5213-67AF-0DC0-CED696B77643}\ARPPRODUCTICON.exe [HKCR\Installer\Products\8255973A275F41364C3EEED9FAF0FB20] : Catalyst Control Center Next Localization FI -> C:\WINDOWS\Installer\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}\ARPPRODUCTICON.exe [HKCR\Installer\Products\87ECAEF5833CDEA9FF50D77E2E377C47] : Catalyst Control Center Next Localization ES -> C:\WINDOWS\Installer\{5FEACE78-C338-9AED-FF05-7DE7E273C774}\ARPPRODUCTICON.exe [HKCR\Installer\Products\A03BB3837A4B6664A93822FC8A460079] : Classic Shell -> C:\Windows\Installer\{383BB30A-B4A7-4666-9A83-22CFA8640097}\icon.ico [HKCR\Installer\Products\A06982DA0916199C9C4603B868AE2A2E] : Catalyst Control Center Next Localization CHT -> C:\WINDOWS\Installer\{AD28960A-6190-C991-C964-308B86EAA2E2}\ARPPRODUCTICON.exe [HKCR\Installer\Products\AC04A079BA64C689718979E60DAE00AF] : Catalyst Control Center Next Localization PL -> C:\Windows\Installer\{970A40CA-46AB-986C-1798-976ED0EA00FA}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B134E6A734FCE3CEDFE7A0A0BAB152CF] : Catalyst Control Center Next Localization TH -> C:\WINDOWS\Installer\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B22D6F349E0E09EEB926C1F55C1DA555] : Catalyst Control Center Next Localization IT -> C:\WINDOWS\Installer\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B5A3A41C68A8932C737D51281177C845] : Catalyst Control Center Next Localization SV -> C:\Windows\Installer\{C14A3A5B-8A86-C239-37D7-158211778C54}\ARPPRODUCTICON.exe [HKCR\Installer\Products\B815A836E2D03414CA8F3F8DD328E258] : -> C:\Windows\Installer\{638A518B-0D2E-4143-ACF8-F3D83D822E85}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BA3D4A55FD8C2B62988AE7611E4E7000] : Catalyst Control Center Next Localization BR -> C:\Windows\Installer\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}\ARPPRODUCTICON.exe [HKCR\Installer\Products\BD0C71FD8D6754A42BE676F448558B30] : Intel(R) ME UninstallLegacy [HKCR\Installer\Products\C07B62ABC8D341D2142212F13B6E6F19] : Catalyst Control Center Next Localization EL -> C:\WINDOWS\Installer\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C0AC7E4ABE4892E5F240604C4E97C0F2] : Catalyst Control Center Next Localization NL -> C:\Windows\Installer\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C4662D95B9497AF78908CE9B396B16A6] : Catalyst Control Center Next Localization NO -> C:\Windows\Installer\{59D2664C-949B-7FA7-9880-ECB993B6616A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\C826EE3C4937C2EFC0090C2548BE25D8] : Catalyst Control Center Next Localization CS -> C:\Windows\Installer\{C3EE628C-7394-FE2C-0C90-C05284EB528D}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CB98C05AE8D8828828A417176F5D385D] : Catalyst Control Center Next Localization TH -> C:\Windows\Installer\{A50C89BC-8D8E-8828-824A-7171F6D583D5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CCBD7E255BAECFED3B1CBB255598375C] : AMD Settings -> C:\WINDOWS\Installer\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}\ARPPRODUCTICON.exe [HKCR\Installer\Products\CFBC70744DE8E364F09FED684F7A349E] : Catalyst Control Center Next Localization RU -> C:\Windows\Installer\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D298943B510BC330C48A63536E6B557D] : Catalyst Control Center Next Localization FR -> C:\Windows\Installer\{B349892D-B015-033C-4CA8-3635E6B655D7}\ARPPRODUCTICON.exe [HKCR\Installer\Products\D65A35841397B80AB57AE8D21640D39F] : Catalyst Control Center Next Localization FR -> C:\WINDOWS\Installer\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}\ARPPRODUCTICON.exe [HKCR\Installer\Products\DA0D586B8A2493A4B9EFC860F39AFA92] : Intel(R) Chipset Device Software [HKCR\Installer\Products\EB86BE64CAA8B2C82748D8DE6E5BDCA2] : Catalyst Control Center Next Localization SV -> C:\WINDOWS\Installer\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}\ARPPRODUCTICON.exe [HKCR\Installer\Products\EF78A9E605084174BBFDA190B6C82B88] : Macrium Reflect Free Edition -> C:\Windows\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\Reflect.ico [HKCR\Installer\Products\F0E0944DB7E879015BA667347CF5C182] : Catalyst Control Center Next Localization JA -> C:\WINDOWS\Installer\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}\ARPPRODUCTICON.exe [HKCR\Installer\Products\F34DBF2435EDD4D615433E9CB354BCFE] : Catalyst Control Center Next Localization ES -> C:\Windows\Installer\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FBCFD9CDAD78C298161599CCE94FE6E3] : Catalyst Control Center Next Localization PL -> C:\WINDOWS\Installer\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FF607DF58DA6273E3AA5784990896255] : Catalyst Control Center Next Localization KO -> C:\Windows\Installer\{5FD706FF-6AD8-E372-A35A-879409982655}\ARPPRODUCTICON.exe [HKCR\Installer\Products\FF98B0C16FBB7BD4CB7998ACD8D5F045] : Foxit PhantomPDF Business -> C:\Windows\Installer\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}\IconName.exe ---------- | ADS ---------- | Drives Disk: 0 Size=477G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ---------- | MBR Windows Version: Professional Windows Information: (build 9200), 64-bit Base Board Manufacturer: Gigabyte Technology Co., Ltd. BIOS Manufacturer: American Megatrends Inc. System Manufacturer: Gigabyte Technology Co., Ltd. System Product Name: Z97X-UD5H-BK Logical Drives Mask: 0x0000003c Analysis of file "C:\QuickDiag\MBR.bin": Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . ------------ Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {9c67d02a-d6eb-474f-bf17-5d36fad1c1ef} ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca Exception code: 0xc000041d Fault offset: 0x00003e82 Faulting process id: 0x974 Faulting application start time: 0x01d275c65d1b5e1b Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\System32\GDI32.dll Report Id: b7191ee2-753d-4ae9-b906-2889a7f82097 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95 Exception code: 0xc0000005 Fault offset: 0x00044f9e Faulting process id: 0x974 Faulting application start time: 0x01d275c65d1b5e1b Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ae8566d4-40e7-499e-af31-1b8451c32103 Faulting package full name: Faulting package-relative application ID: ------------ The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. ------------ Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. ------------ The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca Exception code: 0xc000041d Fault offset: 0x00003e82 Faulting process id: 0x1890 Faulting application start time: 0x01d2750ec32f562e Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\System32\GDI32.dll Report Id: c582a33e-6195-4abc-b5df-68da8a8ab8b3 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95 Exception code: 0xc0000005 Fault offset: 0x00044f9e Faulting process id: 0x1890 Faulting application start time: 0x01d2750ec32f562e Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ec5a4010-2e89-46ef-b391-ece291f6d537 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca Exception code: 0xc000041d Fault offset: 0x00003e82 Faulting process id: 0xb28 Faulting application start time: 0x01d27509096f4304 Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\System32\GDI32.dll Report Id: 7b7975c7-18b6-4c29-a667-ffcf0a7d5cd9 Faulting package full name: Faulting package-relative application ID: ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95 Exception code: 0xc0000005 Fault offset: 0x00044f9e Faulting process id: 0xb28 Faulting application start time: 0x01d27509096f4304 Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: bdc0e890-122c-4514-a37d-f0920ba01915 Faulting package full name: Faulting package-relative application ID: ------------ The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. ------------ Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. ------------ The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. ------------ ----------( EOF)---------- - 6521 | 14:13:08
  6. Not seeing any real malware, lets take a deeper look to be sure. Quick Diag Scan. Download Quick Diag to your desktop. Disable your Antivirus/Antispyware prior to scanning. Right Click Run as Administrator. Select the Extended Scan. Post the log that is generated in your next post.
  7. 9-lab Removal Tool 1.0.0.39 BETA 9-lab.com Database version: 153.46440 Windows 8 (Version 6.2, Build 0, 64-bit Edition) Internet Explorer 9.11.14393.0 John :: OFFICE6410 24-Jan-17 1:19:55 PM 9lab-log-2017-01-24 (13-19-55).txt Scan type: Full Objects scanned: 55571 Time Elapsed: 19 m 47 s Files detected: 370 [3688374325B992DEF12793500307566D] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\Quarantine\hosts] [331A6A98909A0706A560D1C64183BE98] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\Quarantine\SM-G900F_UM_EU_Lollipop_Eng_Rev.1.1_151014.pdf] [4C8DF943DDE58FC7F5B4026B959DF0DB] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\Tempo.txt] [43FF2B773C0CF1EEF4C657CFF4653BC1] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\Trace.txt] [A1E47BF9D81307CC5012620FF9F2A934] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner-[R]-23102016-09_35_32.txt] [635916A2FDC1CFB4A88413A31A9D2F08] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--06102016-14_35_56.txt] [AAA6EF6085EFCB163F6C3A684532A962] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--23102016-09_29_31.txt] [6E9ED079BA9BDB290586C0EC7BA2B483] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--23102016-09_39_51.txt] [90184AD93C841DA4C17FABE1D4ADD575] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--23102016-09_41_02.txt] [EDD8C41BB2A565D671CB852CBDBE30D3] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--23102016-09_41_14.txt] [DC625D44CEC9711A7BB3D2F398B67D40] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner--23102016-09_44_03.txt] [992E899FF611CC2C8721D299C224070C] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner.exe] [233B11E49A6869F9E175AE75D55A5037] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner.txt] [7B5E1D30E89E0EF1C86FECB977131673] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPCleaner_Quarantine.txt] [1297343C23665EBC14A95508EF352005] Trojan.FPL.Rotbrow.vl [c:\users\john\appdata\roaming\ZHP\ZHPQ_Files.txt] [3C48ADFD5AF8CF530401A5ED8DC4651D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\A52Decode.dll] [A4A9D40C1BF79A474E43BDEFE4932B4F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\AACAudioDecoder.dll] [B36FCDF688748C258A41CE9F7AFE1211] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\AACEncoderModule.dll] [9DF43492DE6C41A3B39B00F22B949E2A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\AdScan.vbs] [CD4E46D4E41E4E1908F570AB9E7D3760] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ASFMuxerModule.dll] [0C1C81F0206BDA97C4F1FDBF4A3DFA2F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Audio\FanFare3.wav] [DE210AAA2624EC4B0D73C23C123E7864] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\AudioPostProcessing.dll] [D3BF593FD925A1C7C1B795A4371AB4BB] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\avcodec-52.dll] [915C0A34C6CD0CB9AD9A317E55783F4C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\avdevice-52.dll] [CC1E62F285A2AC0C6BC1587E6FA773A6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\avformat-52.dll] [0182B025CF9897ADE981F3F8EC11F447] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\avutil-50.dll] [FA9465F9F02325565A04BED718D3502B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DefaultProfiles.xml] [A88A599D04CFBD0DD569F372DBD89714] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DetermineV4UpgradeOptions.dll] [0AAC558E4740ED9F1A904507058FE5C7] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDBackgroundCopy.exe] [CC9F44FCEA921CE459B5602742CCBD0D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDBurner.exe] [70E2E5B426C8C03A088B90437BEE789C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDDialogs.DLL] [A09D94F3202628E290624E835002BDCA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDLib.dll] [77CDFDCDC568690631B52FA43C155B06] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 16x9 BlueBackground 12.DT.xml] [9058484D782368A27D94B016AED2F507] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 16x9 BlueBackground 4.DT.xml] [209A2A113F0FDF0154E4480E4ADFF66F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 16x9 BlueBackground 6.DT.xml] [778A5DE93DDEA1754218306DBF49E747] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 4x3 BlueBackground 12.DT.xml] [972414B530D84D80CC696EDDBE1303F6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 4x3 BlueBackground 4.DT.xml] [419C8A2E2734209ED28F753DD7E550A4] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\NTSC 4x3 BlueBackground 6.DT.xml] [5898C5EC778C0D37F62A74F3CDC05AB4] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 16x9 BlueBackground 12.DT.xml] [8226537BD2F1CC904BF3CFBFE5B2ADC2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 16x9 BlueBackground 4.DT.xml] [5C536BAA3A92A27988E4374A18FA478B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 16x9 BlueBackground 6.DT.xml] [D222B18B51267BF065C93334D2A41267] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 4x3 BlueBackground 12.DT.xml] [1E387EF382D7EFFD765A49381A4DA324] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 4x3 BlueBackground 4.DT.xml] [57D72E45AAF3974AAAD40CDCCBD45844] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVDTemplates\PAL 4x3 BlueBackground 6.DT.xml] [57D358FA7278101AD778CBB4B7136E93] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\DVRMSOutputMuxer.dll] [9C10C91E1F1321D50B5D0AFBF9B2F3C1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ExtendedFileDialog.dll] [E16A3E241BA32676C79FC6CA3E984300] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\FFmpegSupport.dll] [DE3B05385D22E628EF65B6CBD09CB869] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\FileAssociations.exe] [871C903A90C45CA08A9D42803916C3F7] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\gdiplus.dll] [BA03BA2EF5284471B52EFA8AA4C421D0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\H264DecoderModule.dll] [D6CA63F24C50A93753CBF6448BF9174F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\H264EncoderModule.dll] [3CD0D670514D7EC146BCB1DAA7CD5944] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\H264SmartEditModule.dll] [30AA24D20A89578A1A915123F03D2BD1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\autorun.inf] [9EF8D85C9D189A5BEC727E166329D7AB] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\AutoRunNSF.htm] [6D5D8DC31E2B6BBEB6445C44CCF4571D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\AutoRunReleaseNotes.htm] [34778D01F821818B3D67C1C184A9958F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\AutoRunRetail.htm] [C79D6A5D3B893E37F1D65B6AAF745ED3] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\AutoRunSupport.htm] [CF12523C99B1D08F962652AF52A8091A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\htmlauto.cfg] [00AFBABE51FF183D12647367DABEF4F6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\htmlautorun.exe] [C8463E0457784E64219DABCBBFE06B40] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\button_big.gif] [04BEF08B237260CB639EFF19519BD159] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\button_small.gif] [DD4C8236D5AB45CDAFC8F66E22E8482B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\GreenArrow.gif] [7FA7049B9D211B89218252C673243972] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\IMAGES\NewVersions\MedDownloadNowTransparent.gif] [487B7CC9F2112C286D01246D7A2A31D0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\IMAGES\NewVersions\MedUpgradeNow.gif] [BEAAC83AE3EA1490FA4A27D64C17B0F8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\LogoBanner.gif] [2B7B07F0D1197BD2E1FE5DB03F026181] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\images\NewVersions\Background.gif] [39F493E1FC08C4DF07B56C4F5E61921B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\HTMLPages\RetailHowToTutorials.htm] [D8E8ED1CA05A64C51328C824A9F998B4] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\IFOParser.DLL] [55A436D849B1DC7DB0B92DCBA54AD898] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsCSY.dll] [AD6696054D6F23C1BD24A671345BAFBF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsDEU.dll] [A6C0ED107BC4D3328FC979FB023142E6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsESP.dll] [BEE98A9A8AB20E690FBF77839FA62F6E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsFIN.dll] [85001D0B6BE4B597183B03562C6AD9FF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsFRA.dll] [8A67CD299DE4D28D3F93B1A1B1BC8572] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DetermineV4UpgradeOptionsNLD.dll] [502B2939954893DA1CCCA39C6F8FE6B1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerCSY.dll] [D8F75929A0F04484956DFCD361F22271] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerDEU.dll] [A2BE297B477F406809F80A8BF7506156] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerESP.dll] [DF7A61FE314F796A04595BFEDDEAE377] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerFIN.dll] [AFB75762D82B4B815200777210F12D2A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerFRA.dll] [D1363601028DF9C41DD47C77486AE450] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDBurnerNLD.dll] [2AEA1775D740E265FC6AB05E1769F8A7] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsCSY.dll] [7707A4E3075F820526949804FEEFBFF5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsDEU.dll] [6FEAA1E768652309118318092146C62B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsESP.dll] [5620AAE71839C93D0A823718F2D71D8E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsFIN.dll] [19957ADFB78C0530E0D066230DB7E852] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsFRA.dll] [7F30B4FF4CBA16BAC6CA8B8FFA8760BC] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\DVDDialogsNLD.dll] [04A5DE5CE748909F0178404E7AE0EDC0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogCSY.dll] [3180E0460BD5405C780568E6034473D6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogDEU.dll] [266B195543C7C70768C513C14EDEF9C1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogESP.dll] [CB4925352C1C3A120936FD2A4CBA5ED5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogFIN.dll] [A4991EB8F88B6A9AC4AC03EFA23F0721] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogFRA.dll] [B6521C91C832669CAC0CBA502E11DC34] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\ExtendedFileDialogNLD.dll] [A70463C84848AFB7AC07FF0E9929709E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserCSY.dll] [56C1F2241E1A0294F22E3F3A4A76AE5D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserDEU.dll] [816FA96173D3400BCA9DF9EEC11397CF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserESP.dll] [5F088A4107EF437987B24F931CC08BF5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserFIN.dll] [C93DBD5B60EB9B964B970B77884D75DC] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserFRA.dll] [1B501F06A80C038E5762529A2F762171] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\IFOParserNLD.dll] [188E68005ED62F32248032C65CB4DE96] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\Microsoft.VC80.CRT.manifest] [F79C2E87AEFEDB361FE85B75D147D02F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\Microsoft.VC80.MFC.manifest] [863DD2B69DAC741CE135CB8041449061] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\Microsoft.VC80.MFCLOC.manifest] [BE08773C93D920C733475BF6149E724B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLCSY.dll] [6E01EFAC46C119E22904775C53A0BA95] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLDEU.dll] [E6051712399A280679DC9C4725159171] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLESP.dll] [2735EE2FF5A495D140E37F0BE176D9E0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLFIN.dll] [94B1AFEA6C213647F4250760CBA714BF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLFRA.dll] [B939BE30349988AEE311127E536DB7FA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\MuxerDVDResourcesDLLNLD.dll] [C65437220A8F391C05DBA9DFD9B520C6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgCSY.dll] [E6B2337367546E34CA3CD34BEB5B800D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgDEU.dll] [D64229C59CEFC6BB0AA9C39570CD0E48] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgESP.dll] [DCDBF97544BEC0E69AD3E3236F64C98C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgFIN.dll] [2943424EA14817C9D432707F82DB4ED0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgFRA.dll] [58A5337EEFE34D9F725C7C58DE314356] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputProfilesDlgNLD.dll] [6BDB10A5C78E79F10C7D50DE6152650A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgCSY.dll] [75BE116437D33E4128ABD6262FE9440A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgDEU.dll] [DD1BC150FB1CA9EC0789CC8B95D9342E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgESP.dll] [B7BBAD13DCBF65C747873932481FDB7E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgFIN.dll] [A07466A9E1112766CC90AA0BDF38DB91] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgFRA.dll] [EF0C0081AC38420E9E96269A6700187E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\OutputStatusDlgNLD.dll] [6EB0C9DDEA7AC31AFBB11AA749CC2AFE] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogCSY.dll] [AB9E36B67F9EBAFAABF31F9633AD1777] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogDEU.dll] [C4C27506FEB61F1ECF6205EEA40743D7] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogESP.dll] [A49056FDCD92C2F26D68B1D6957F83FD] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogFIN.dll] [32827235C44DBE205FD9E14A3230AC6D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogFRA.dll] [D4B02E3D59296537CF7B46452EBA42B1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\TitlerDialogNLD.dll] [DCAC79C35F35D165B7E27646B03762F5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4CSY.dll] [950C950EA7A9CB029284DFD3D5A0777B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4DEU.dll] [249D3AC7A3D3453056CFA6007864A88B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4ESP.dll] [CB47AF1DE1FC091B6140F636E70491B1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4FIN.dll] [9074ABD6DDC674BD17DE629CB503A4FE] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4FRA.dll] [07625EEBCD83ED853A2828FE1018A090] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDo4NLD.dll] [2E3B8527F343368513059E4CB8E6267C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchCSY.dll] [D95325F447F4ED8E221BF5971BC0C444] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchDEU.dll] [4AF0A930549C1F530470DFCD875DD787] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchESP.dll] [A47CFECEC4AA812BCFF19AB33EF2FC1E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchFIN.dll] [9FDC1871E2272DEE247F3851B09A5188] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchFRA.dll] [59C30F30EB087A544A85C66C294F516E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchNLD.dll] [6D8D383BE649F125169D1BB7A516681D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileCSY.dll] [18021B6FE15C097F5714728E82D8FF45] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileDEU.dll] [C2C71034DD72686D483C5933DF226D30] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileESP.dll] [6296ABD975460C8F8B497D92712C8C42] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileFIN.dll] [B5E49C36224DB4E4294408E41DDF2C20] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileFRA.dll] [FE3251170E652D26EFEE24B11E833EBF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VideoReDoBatchProfileNLD.dll] [3136D7E6A63659740AF88B98537364CC] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmCSY.dll] [524924AF1AF075794836A8DD019EE646] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmDEU.dll] [CF456E0D7EBE7424444FC7FFECBBC7F2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmESP.dll] [8B7DD7A06A91A7675D59060454008CFA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmFIN.dll] [2EEDE4CF0F2980E9610BD84F98C50E2B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmFRA.dll] [E7131A4103E65743AB88C591EFF2DD25] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDActConfirmNLD.dll] [B9F989A8D73CBDF88C9B064B766A27D6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardCSY.dll] [56E897BD01E8EA7D46555FCC02BA8E1A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardDEU.dll] [75D6991B969CA22C8277D64A95529895] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardESP.dll] [E6C702E3814029263EBB2E5BFC8ACA57] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardFIN.dll] [CDF27792E0D2B71BAF62F047AD219AB5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardFRA.dll] [82843D8E61B462EDFE938FB47D2AABFF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VrdConfigWizardNLD.dll] [FAF971AC0BA65C97E273915B26E929E3] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3CSY.dll] [1C9C03353FEB98C8A2318BBF4E21088D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3DEU.dll] [83378E0895C0478F2E05F7F7F29C6DE2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3ESP.dll] [3178D8799940E1D618F8B7F12F982312] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3FIN.dll] [998734B8EA006F17C8402C2BC5FF672D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3FRA.dll] [37EF28449CA18B1C27B3D43E3E2898E0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradePlusToV3NLD.dll] [A984F27219DEBC597925029561CAAD63] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardCSY.dll] [2637D42F9694FE189F550A2E1966BAEE] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardDEU.dll] [9E679E3DDD65AC5ED39E71B125D67C3C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardESP.dll] [E2855373AFE1233504EC9E8EF2A321D1] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardFIN.dll] [DCEB8E85857B5BD3853133F14B78BF8A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardFRA.dll] [B7B5C30FE06E6CB69DD97D6B7CC02754] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\VRDUpgradeWizardNLD.dll] [1C602FAB10BEEC19766075D7F23704DE] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgCSY.dll] [76B9F61156B6691B44AA9F27C446C55E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgDEU.dll] [5663C508C655B3588CA81FEE8C2086D8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgESP.dll] [AD1121AF6C6350A7900E13E0C81FEDBD] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgFIN.dll] [80267D109B1DFD0544C790136542A4E7] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgFRA.dll] [3146BB2C703EA600CE76649952BC8D85] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Languages\XTaskDlgNLD.dll] [BE35344D14093B50F25DE9E5FB8BDB80] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\LocalizedGraphics.dll] [8A8243592946F55682FD6FDEC0961A4E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Logger.dll] [A27231B29167A5739E685834BA972662] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_config_avc.dll] [04F0104088ECCDC28A2C5C4E49F0A3F8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_dec_aac.dll] [5CD97CA832FE21DEE5A7A1EF40BAC145] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_dec_avc.dll] [143792AF094FAF279274B4F763955D06] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_dec_mp4v.dll] [C94FA32FAAEBEE4D43A6B6EA3D25CCAA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_demux_mp4.dll] [B6C8C37220C29FFF710D5569496A594A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_enc_aac.dll] [F53920DFEB16F2F8986FB16AD5117FE2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_enc_mp4v.dll] [30A9B3F026528088B2711884F00BD5B2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_mux_mp4.dll] [90B73FA715B02C5644AD2856A2DAB190] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mc_std_enc_avc.dll] [1F5AFD468EB5E09E9ED75A087529EAB5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mfc80.dll] [4A3ACBDE55EB9BB30895B06F21650614] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80CHS.dll] [DC4091EA96CE9E94F291AA7FFF7F2DB6] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80CHT.dll] [4E8B1E9567B3CD76CA628C9026AE1125] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80DEU.dll] [28A09777D2D952122567A8A82F1A2C7B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80ENU.dll] [D07AAC2BC04602D886C3A925EB209D15] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80ESP.dll] [6A8E515791ACB27F18D08A895974E953] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80FRA.dll] [5225673E3F28A251CC8449EFA7C82F03] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80ITA.dll] [194D495897DD9D46A3C9BEFEF6CF863D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80JPN.dll] [ADC1E6A231011CB4A4322061F2B13800] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MFC80KOR.dll] [83362EE950AD18ADB85B54409155C378] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\mfcm80.dll] [188E68005ED62F32248032C65CB4DE96] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Microsoft.VC80.CRT.manifest] [F79C2E87AEFEDB361FE85B75D147D02F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Microsoft.VC80.MFC.manifest] [863DD2B69DAC741CE135CB8041449061] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\Microsoft.VC80.MFCLOC.manifest] [0F8FE83047346510309A6CB09E273FA8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ModuleCollection1.dll] [5A9F6157AC8850D1403FC73128FC2501] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MP2EncoderModule.dll] [32761605E134127D0EFEAE6251A0AA1D] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MP4Muxer.dll] [2E09B4E78DC38892B9C32CAA52FAEAC2] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MPEG2FastDecoder.dll] [A0D9503B5441FAD7BE31CA4A50F87DF8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MPEG2FastEncoder_V3.dll] [D1601C3AD37C8BB2E63E931AF0B5553B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MPEG4EncoderModule.dll] [AE5CDE1EA8F8F93B6DCE4C871F7C23AF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MPEGAudioEncoder.dll] [5B3A66434230230B36D18D1E7CD56050] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MPEGEncoderDLL.dll] [1D109ED0D660654EA7FF1574558031C4] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\msvcm80.dll] [0B3595A4FF0B36D68E5FC67FD7D70FDC] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\msvcp80.dll] [C9564CF4976E7E96B4052737AA2492B4] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\msvcr80.dll] [8EC0E5F45A7A717EA1B852A8518BF2D0] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\MuxerDVDResourcesDLL.dll] [926A8D2711190510C1B9654949AE6F55] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\NavSliderBar.dll] [36CA7543A79B285BDAB11E56AC6BAD4B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\OutputProfilesDlg.dll] [56EC5A7421BF83DACC836B3BAC5B5622] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\OutputStatusDlg.dll] [3EFDC009ED8326BD460F74648A01038C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ProfileSample.vbs] [EBF67BCF64B6924BD4D81E8C69E0D2B8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ScanAndSplit.vbs] [33C1ABECC05BF6C1AC2A2E795359F7CD] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\ScanSplitFolder.cmd] [C4D7E8F8802727CCF30F3C2A897B8067] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\StarBurn.dll] [6E2C967184233D4874D425742FE8597B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\StreamProcessingGraphs.dll] [2CE2E6825952A3C5205CD8AC56B829BA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\SupportLib.dll] [FF0AC9AAB35D640181E8524A067D9527] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\TitlerDialog.DLL] [E0590782B09D2501AF7800075EB46901] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\TrialKey.vurl] [F1E55BF8F362F532E4F1E47FFB365B6A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\UIControls.dll] [809352B475E55BEE935D0B69F7982933] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\unins000.dat] [B8B57626E4A42B9A551914B3A99C9A92] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\unins000.exe] [A0E4A677A5EED822A89CC33C115AB839] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoAlloc.dll] [55F0A3CA18C1675156AC96DB8D535E3B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo.Log] [A88AE4F8DF3234B69358B38D2BB83311] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo.tlb] [E377B2DCD70F511714B283AAECA0C4B5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe] [3723EFF9E2D547864943C16B05F2E1E5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDoBatch.exe] [F89774500EE3ABBD731B21AF79974789] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDoBatchProfile.exe] [B35018D81A8C9FAC3F612747DF85CADA] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\vp.vbs] [1BAF82614D9F44A6FFDE733C1EA4F63A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRD-TVS.chm] [CFAEEE6D97DA4384470C1ADEB48D593B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDActConfirm.exe] [51B56B2F9069B0754D68940427056E3F] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDCheckPriorVersionsPlus2.dll] [DC2E777B6005FB8067FDA1871180ACC9] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDCheckPriorVersionsTVS3.dll] [FDDA8BCB11A7A5DD94803C8F2878AD67] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDCheckPriorVersionsTVS4.dll] [3289156E0193A45677FB26B438C1CF3C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VrdConfigWizard.exe] [D02E2C46ABA7FDD15093A55D0254555E] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDSplit.vbs] [B64EC0B96F4F8829C4BCB1508460D701] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTitler.ocx] [91C0EA571710F5A21EE52AB8112618C3] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateCSY.apt] [0F522AD9B7326029949BA020DB654893] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateDEU.apt] [50C9A324BDF5243C3DE16C8F784D8DB8] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateESP.apt] [82E764F12F0CF0FE58DCCCE6ACBF7124] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateFIN.apt] [F22F3ED0C901553EB750269D31FC265B] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateFRA.apt] [59F9871AE6E658BBB0EAFAF4FD78720C] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslateNLD.apt] [ABA827DB5984EB5EAF9DBA8222C0D7CF] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDTranslatePLK.apt] [9298D4ED2B78F747A80320416A48FAE5] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\VRDUpgradeWizard.exe] [509C453E5C6469AD23A1A7D10E103423] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\WnASPI32.dll] [F7194964466D272C1A65A2250F4CB315] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\WTVOutputMuxer.dll] [0510BE5DD480E9D43CD00841F30AC5B3] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\XMLParserLib.dll] [1981073744C6D5E30FEDA21CDA04C21A] Adware.FMPL.Gen.vl [C:\Program Files (x86)\VideoReDoTVSuite4\XTaskDlg.dll] [8AD0873A4224736277FED9AD5AF9E1A4] PUP.MPL.Gen.vl [c:\users\john\desktop\Should I Remove It.URL] [111194B339BCBA6ADC34BAA1C4858600] Adware.Win32.DownWare.vb [D:\Desktop\Universal.Extractor.Unofficial.v1.9.21\bin\b1.exe] [3503E3D6E42BD9D7CEA7CFC3C9C29E43] Malware.Win32.Gen.sm [D:\Desktop\Universal.Extractor.Unofficial.v1.9.21\bin\UpxUnpacker.exe] [914A2F5452233E35BFDD0E2891CB1681] Malware.Win32.Gen.sm [D:\Desktop\ZHPCleaner.exe] [7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.cc [D:\Desktop\zoek\zoek.exe] [208AAD6F830DC1C4FE4D7AA465028412] Malware.Win32.Gen.cs0 [C:\$Recycle.Bin\S-1-5-21-3754235531-495330377-4189813319-1001\$RB97VRY.FR\Main\PteViewer5.exe] [8B968045D75783A09592C3105F2865DA] Malware.Win32.Gen.cs1 [D:\Desktop\dds.com] [C6F59FC55741F711AA461FDCD1CE87E0] Malware.Win32.Gen.sm!s1 [D:\portable apps\Ashampoo.Snap.v8.0.7\App\local\stubexe\0x39BA4D46B4C10137\ashsnap.exe] [0B603CC1F6C84AAA79B6544616308775] Malware.Win32.Pack.1786!se [D:\portable apps\Ashampoo.Snap.v8.0.7\AppNee.com.Ashampoo.Snap.exe] [0F91F3F632B28FCB270B4150BEAE6FDE] Malware.Win32.Gen.FE11.sm!ff [C:\portable apps\Bandicam.v3.3.0.Portable\BandicamPortable.exe] [C5E042F2E2152BFE408FCAE738866400] Malware.Win32.Gen.sm [D:\portable apps\FastCopy211\FastCopy.exe] [C5E042F2E2152BFE408FCAE738866400] Malware.Win32.Gen.sm [C:\portable apps\FastCopy211\FastCopy.exe] [6F6FF59AC06202BE3B56016D1FC20E1D] Malware.Win32.Gen.vb [D:\portable apps\FastCopy211\setup.exe] [6F6FF59AC06202BE3B56016D1FC20E1D] Malware.Win32.Gen.vb [C:\portable apps\FastCopy211\setup.exe] [A4DCDB5BF2BC90D4F8F8CEF32AE07390] Malware.Win32.Gen.cld [D:\portable apps\FileZillaPortable\FileZillaPortable.exe] [A4DCDB5BF2BC90D4F8F8CEF32AE07390] Malware.Win32.Gen.cld [C:\portable apps\FileZillaPortable\FileZillaPortable.exe] [52CD982062D9C58D754ECBEC27B95027] Trojan.Win32.Gen.bot [D:\portable apps\FSCapture80\FSCapture keygen\keygen.exe] [52CD982062D9C58D754ECBEC27B95027] Trojan.Win32.Gen.bot [C:\portable apps\FSCapture80\FSCapture keygen\keygen.exe] [52CD982062D9C58D754ECBEC27B95027] Trojan.Win32.Gen.bot [D:\portable apps\FSCapture84\keygen.exe] [52CD982062D9C58D754ECBEC27B95027] Trojan.Win32.Gen.bot [C:\portable apps\FSCapture84\keygen.exe] [566B6B92CE9E102C22411F04938F696B] Malware.Win32.Gen.cs1 [D:\portable apps\MP3_Inventory.exe] [733D1949DAE8C2AE9E5517419823CD6B] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\bulkfilechanger.exe] [E40C9293EA0B6D62A0F62F40212DF07B] Virtool.Win32.Passview.E40C.vb!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\bulletspassview.exe] [A126AE6A80B62A4F6B6C7B59D5F8774F] Malware.Win32.Gen.A126.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\chromecacheview.exe] [6FBFE1800065CE4A3D5BD3F5473B649C] PUP.Win32.ChromePass.ad!i [D:\portable apps\nirsoft_package_1.19.29\NirSoft\chromepass.exe] [E40C9293EA0B6D62A0F62F40212DF07B] Virtool.Win32.Passview.E40C.vb!ff [C:\portable apps\nirsoft_package_1.19.94\NirSoft\bulletspassview.exe] [002FA2CFB94B292A55D246AA4377C789] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\cports.exe] [FF508940B5A93D6C7DE5B53A4C71716D] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\chromecookiesview.exe] [78ADCC8F06120929AA773E25B4A526C3] Malware.Win32.Gen.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\chromehistoryview.exe] [6F6C80EB5C28527D1439B5D5A23C6D9C] PUP.Win32.ChromePass.ad [C:\portable apps\nirsoft_package_1.19.94\NirSoft\chromepass.exe] [6BD3D386B20E38860FD40AF2645B4C50] Malware.Win32.Gen.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\cports.exe] [853C0C0FDAC269FE61C4BCB837B1D9AF] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\dialupass.exe] [853C0C0FDAC269FE61C4BCB837B1D9AF] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\dialupass.exe] [445709476A2EE8B070A7A23AE4E470FD] Malware.Win32.Gen.4457.cc!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\driverview.exe] [69CF6A533A140F868971CA2FD546E418] Malware.Win32.Gen.69CF.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\executedprogramslist.exe] [4BF78929727348777AAFB75C6C294B6E] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\hashmyfiles.exe] [A20C1C3DD1F2228ED05FFCF73F245B59] Malware.Win32.Gen.A20C.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\iecacheview.exe] [0F289098CC579D3CF22FF6368ED72C37] Virtool.Win32.IEPassview.vb [D:\portable apps\nirsoft_package_1.19.29\NirSoft\iepv.exe] [57BFA0C7FA2394D106915AF7C9A4A0A7] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\iepv.exe] [2C90CFBF4DC621E5098B7626F0E6CC3A] Malware.Win32.Gen.2C90.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\ipnetinfo.exe] [47AC4697C6D587AE9D319CF32C68174C] Malware.Win32.Gen.47AC.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\lsasecretsdump.exe] [0CE35200497FE26091D73043E33B3954] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\lsasecretsview.exe] [47AC4697C6D587AE9D319CF32C68174C] Malware.Win32.Gen.47AC.sm!ff [C:\portable apps\nirsoft_package_1.19.94\NirSoft\lsasecretsdump.exe] [D6FB7F3EFA3C2206B407454B2CFC1E5C] Hack.Win32.Mailpassview.D6FB.cc!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\mailpv.exe] [DF218168BF83D26386DFD4ECE7AEF2D0] Virtool.Win32.Passview.vb [D:\portable apps\nirsoft_package_1.19.29\NirSoft\mspass.exe] [DF218168BF83D26386DFD4ECE7AEF2D0] Virtool.Win32.Passview.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\mspass.exe] [C4929FA4DEB778B3FEFB79D2BFCB00D6] Hack.Win32.Netpass.C492.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\netpass.exe] [7A0C1017E6B5BB5DC776B3B883A1D0E0] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\netresview.exe] [B24AF675F5F9CA9DAA154B8A537A695F] Hack.Win32.Netpass.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\netpass.exe] [7A0C1017E6B5BB5DC776B3B883A1D0E0] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\netresview.exe] [1065C28A42EB55924CC6F54DE682EA71] Malware.Win32.Gen.1065.cc!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\ntfslinksview.exe] [84D499F558570C32F4CB100A9124890B] Malware.Win32.Gen.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\nircmd.exe] [1065C28A42EB55924CC6F54DE682EA71] Malware.Win32.Gen.1065.cc!ff [C:\portable apps\nirsoft_package_1.19.94\NirSoft\ntfslinksview.exe] [0E47188B23D897EDE0FE8FAC05CB3263] Virtool.Win32.Netpass.vb [D:\portable apps\nirsoft_package_1.19.29\NirSoft\operapassview.exe] [EF4B628369985A3913C1AFA0FB2468D0] Risk.Win32.Gen.dd!n [D:\portable apps\nirsoft_package_1.19.29\NirSoft\passwordfox.exe] [0E47188B23D897EDE0FE8FAC05CB3263] Virtool.Win32.Netpass.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\operapassview.exe] [3CCA495B43EFBA0546D543B9D362C4F7] Malware.Win32.Gen.3CCA.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\pinginfoview.exe] [EF4B628369985A3913C1AFA0FB2468D0] Risk.Win32.Gen.dd!n [C:\portable apps\nirsoft_package_1.19.94\NirSoft\passwordfox.exe] [9EF17D7760D75A12E90C46F809F35B1C] Malware.Win32.Gen.cc [D:\portable apps\nirsoft_package_1.19.29\NirSoft\produkey.exe] [886526E9C5C2DC7287D7F169D8C1A243] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\pstpassword.exe] [44BD492DFB54107EBFE063FCBFBDDFF5] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\rdpv.exe] [E212FF165C23FBA12389838933E47A2C] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\regdllview.exe] [572C3A9213B1716851E7E3C971106B01] PUP.Win32.Gen.vb [C:\portable apps\nirsoft_package_1.19.94\NirSoft\produkey.exe] [886526E9C5C2DC7287D7F169D8C1A243] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\pstpassword.exe] [44BD492DFB54107EBFE063FCBFBDDFF5] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\rdpv.exe] [E851824DF0A95BFB306DAB73BA881EA4] Malware.Win32.Gen.E851.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\routerpassview.exe] [C3D0058FBB421280832A0A97D5C9DD84] Hack.Win32.Gen.bot [C:\portable apps\nirsoft_package_1.19.94\NirSoft\routerpassview.exe] [DE7C261A604274634025AA5C2A22F8A1] Malware.Win32.Gen.DE7C.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\searchmyfiles.exe] [7F672C9AB708931A8EBB0BCB1B34B3AC] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\smsniff.exe] [001DEB2E5567CE7B887BBB83323D8857] Virtool.Win32.Gen.001D.vb!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\sniffpass.exe] [BF9C104D983DF94819164BBB41D05465] Malware.Win32.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\sysexp.exe] [004389BCB0A717BF44CE1A3A2A058647] Malware.Win32.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\smsniff.exe] [001DEB2E5567CE7B887BBB83323D8857] Virtool.Win32.Gen.001D.vb!ff [C:\portable apps\nirsoft_package_1.19.94\NirSoft\sniffpass.exe] [D6A7759B0B5522400BD9EBA42B850B42] Malware.Win32.Gen.D6A7.cc!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\videocacheview.exe] [D28F0CFAE377553FCB85918C29F4889B] Hack.Win32.Gen.bot [D:\portable apps\nirsoft_package_1.19.29\NirSoft\vncpassview.exe] [F5E10085F53B6C562228907512E25402] Hack.Win32.BrowserPassview.F5E1.sm!ff [D:\portable apps\nirsoft_package_1.19.29\NirSoft\webbrowserpassview.exe] [D28F0CFAE377553FCB85918C29F4889B] Hack.Win32.Gen.bot [C:\portable apps\nirsoft_package_1.19.94\NirSoft\vncpassview.exe] [92C283F52E6EC1774A9EF114BB0AB058] Hack.Win32.Gen.bot [D:\portable apps\nirsoft_package_1.19.29\NirSoft\wirelesskeyview.exe] [FE81E169FDD36B6FB391E1B9D84C2D24] Malware.Win32.Gen.cld [D:\portable apps\netscan\32-bit\netscan.exe] [FE81E169FDD36B6FB391E1B9D84C2D24] Malware.Win32.Gen.cld [C:\portable apps\netscan\32-bit\netscan.exe] [6B0A115C2DA455622EBE78BD02EF59C5] Malware.Win32.Gen.cld [D:\portable apps\nirsoft_package_1.19.29\NirSoft\fastresolver.exe] [6B0A115C2DA455622EBE78BD02EF59C5] Malware.Win32.Gen.cld [C:\portable apps\nirsoft_package_1.19.94\NirSoft\fastresolver.exe] [48208ECA102628D76CE7C394AC8A7EE2] Malware.Win32.Gen.cld [D:\portable apps\nirsoft_package_1.19.29\NirSoft\userprofilesview.exe] [7F31636F9B74AB93A268F5A473066053] Malware.Win64.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\x64\bulletspassview.exe] [AD398E0EF8FA5E122B8589CCCAE90DF2] Malware.Win32.Gen.cs1 [D:\portable apps\nirsoft_package_1.19.29\NirSoft\shmnview.exe] [AD9BE2664C80EA4D21B72A5C1EFC6BC1] Malware.Win32.Gen.cs1 [D:\portable apps\nirsoft_package_1.19.29\NirSoft\skypelogview.exe] [AD9BE2664C80EA4D21B72A5C1EFC6BC1] Malware.Win32.Gen.cs1 [C:\portable apps\nirsoft_package_1.19.94\NirSoft\skypelogview.exe] [FD91B1EF68DA0B0CC61ED0E409EAAF11] Hack.Win32.Wirekeyview.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\wirelesskeyview.exe] [7F31636F9B74AB93A268F5A473066053] Malware.Win64.Gen.sm [C:\portable apps\nirsoft_package_1.19.94\NirSoft\x64\bulletspassview.exe] [10C2200AE7801A15A9571F3F58089AEA] Malware.Win64.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\x64\lsasecretsview.exe] [D14420566335ED9AEF8728AEC2211F25] Risk.Win64.Gen.dd!n [D:\portable apps\nirsoft_package_1.19.29\NirSoft\x64\passwordfox.exe] [6335F23B6A8439ECE9FB5D7054DE1089] Virtool.Win64.Gen.vb [D:\portable apps\nirsoft_package_1.19.29\NirSoft\x64\produkey.exe] [D14420566335ED9AEF8728AEC2211F25] Risk.Win64.Gen.dd!n [C:\portable apps\nirsoft_package_1.19.94\NirSoft\x64\passwordfox.exe] [F146C8091199FD033BAB355515DD91A6] Malware.Win64.Gen.sm [D:\portable apps\nirsoft_package_1.19.29\NirSoft\x64\wirelesskeyview.exe] [9FC1B27649D789AD04E0D07B40724F46] Virtool.Win64.Wirekeyview.vb!n [C:\portable apps\nirsoft_package_1.19.94\NirSoft\x64\wirelesskeyview.exe] [4F4D6C4E6A714EA1475AA6AAB821BC59] Malware.Win32.Gen.cld [D:\portable apps\nirsoft_package_1.19.29\NirSoft\wul.exe] [4F4D6C4E6A714EA1475AA6AAB821BC59] Malware.Win32.Gen.cld [C:\portable apps\nirsoft_package_1.19.94\NirSoft\wul.exe] [CE3179F3F1A94EFCF028A0D37E253AA1] Malware.Win64.Gen.BCC4.sm!ff [D:\portable apps\tweaking.com_technicians_toolbox_portable\files\tweaking_ofp_x64.exe] [CE3179F3F1A94EFCF028A0D37E253AA1] Malware.Win64.Gen.BCC4.sm!ff [C:\portable apps\tweaking.com_technicians_toolbox_portable\files\tweaking_ofp_x64.exe] [3C69ED0E82CE3088DA8648399ABE8DE7] Malware.Win32.Gen.sm [D:\Temp\Foxit PhantomPDF Business 7.3.0.118works\foxit.phantompdf.biz.7.3.0.118-patch.exe] [4D61864408B7634804CE35CBE8951DBC] Malware.Win32.Gen.99A8.sm!ff [D:\Temp\VueScan Pro v9.5.50 Setup + Crack & Keygen\VueScan Pro v9.5.50 Setup + Crack & Keygen\Crack\Keygen.exe] [7A62F75A58C094DF761419B7CB761946] Trojan.Win32.Agent.bot [D:\Temp\VueScan Pro v9.5.50 Setup + Crack & Keygen\VueScan Pro v9.5.50 Setup + Crack & Keygen\Crack\Patch.exe] [AE622401187EB0E0B90E925962B5CEDF] Trojan.Win32.Injector.bot!i [D:\Temp\XYplorer 16.10.300 Multilingual Keys + Keygen + Portable [4realtorrentz]\Keygen\keygen.exe] [6D131DB772FD041C4BE8B0B05EB7A3B5] Malware.Win32.Gen.sm [D:\Temp\XYplorer Pro v16.60 + Serial\Setup\XYplorer_16.60_Install.exe] [FCDCDED2F2E337C944D1CEBDDD4EFACD] Malware.Win32.Gen.sm [D:\TempD\Corel PaintShop Pro X5 SP2 15.2.0.12 Multilingual [ChingLiu]\Keygen - CORE\keygen.exe] [FE4D754268AC866E1BA54A2EBE8D8F0A] Trojan.Win32.Gen.bot [D:\TempD\Stardock Fences v2.01 Keymaker-Patch - RNDD - DeGun TPB\NFO RNDD\Cracktro.exe] [BB24D48D09106D85C4A039E2C0836774] Malware.Win32.Gen.BB24.sm!ff [D:\TempD\Stardock Fences v2.01 Keymaker-Patch - RNDD - DeGun TPB\NFO RNDD\NFOVIEW.exe] [4D61864408B7634804CE35CBE8951DBC] Malware.Win32.Gen.99A8.sm!ff [C:\Program Files\VueScan\Keygen.exe] [7A62F75A58C094DF761419B7CB761946] Trojan.Win32.Agent.bot [C:\Program Files\VueScan\Patch.exe] [6CCEED89CD1E0352DFE824F894939A32] Malware.Win32.Gen.sm [C:\Program Files (x86)\4KDownload\4kvideodownloader\Patch.exe] [6CCEED89CD1E0352DFE824F894939A32] Malware.Win32.Gen.sm [C:\Temp\4K Video Downloader 4.1.2.2075 + Patch - Crackingpatching.com\4K Video Downloader 4.1.2.2075 + Patch - Crackingpatching.com\Patch.exe] [A8AC487F897A523EB35C7049B75C3086] Malware.Win32.Gen.sm [C:\Temp\Foxit PhantomPDF Business 8.1.1.1115 Multilingual + Reg Key [SadeemPC]\Foxit PhantomPDF Business 8.1.1.1115 Multilingual + Reg Key [SadeemPC]\Patch.REPT\Patch-REPT.exe] [7EA0260488F304D68067A50B33A23AC2] Malware.Win32.Gen.cc [C:\Users\John\Desktop\zoek.exe] [757DC5782089A8B6405FC81E1C18A0A1] Malware.Win32.Gen.757D.sm!ff [G:\LiberKey\Apps\FileTypesMan\App\FileTypesMan\x64\FileTypesMan.exe] [757DC5782089A8B6405FC81E1C18A0A1] Malware.Win32.Gen.757D.sm!ff [G:\LiberKey\Apps\FileTypesMan\App\FileTypesMan\x86\FileTypesMan.exe] [C6A87C7104220AEBF435019C780B51F9] Malware.Win32.Gen.CCC5.vb!ff [G:\LiberKey\Apps\Clipboardic\ClipboardicLKL.exe] [8C4C6A3AA58B7D1AAB211C978A55517F] Malware.Win32.Gen.EF67.cc!ff [G:\LiberKey\Apps\Anim8or\Anim8orLKL.exe] [B7F7EF0FC163AAD526700654940FC61F] Malware.Win32.Gen.CCC5.vb!ff [G:\LiberKey\Apps\mp3DirectCut\mp3DirectCutLKL.exe] [A366CF7EB1CFA8BA682E979808F094F3] Pack.Win32.Gen.bot!ep-229 [G:\LiberKey\Apps\AnyToISOConverter\App\AnyToISOConverter\anytoiso.exe]
  8. 9-Lab Scan. Download 9-Lab Removal Tool. CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows. Install the program onto your computer, then right click the icon run as administrator. Update the program and then run a full scan! Make sure the program updates, might be better to install it update reboot and check for updates again. You need to make sure the database updates!!! Upon Scan Completion Click on Show Results. Then Click On Clean Then Click on Save Log. Save it to your desktop, copy and paste the contents of the log here in your next reply.
  9. Hi, Im having a little difficulty with my firefox browser not being able to download. Wonder if the experts could please take a look. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by John (administrator) on OFFICE6410 (24-01-2017 12:21:53) Running from C:\Users\John\Desktop Loaded Profiles: John (Available Profiles: John) Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1") Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe (Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe () C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe () C:\Windows\SysWOW64\HsMgr.exe () C:\Windows\System\HsMgr64.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Cyber Power Systems, Inc.) C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (8pecxstudios) C:\Program Files\Cyberfox\Cyberfox.exe (Cologne Code Company) C:\portable apps\xyplorer 17.5_full_noinstall\XYplorer.exe (PortableApps.com) G:\portablesuite\PortableApps\PortableApps.com\PortableAppsPlatform.exe (PortableApps.com) G:\portablesuite\PortableApps\OperaPortable\OperaPortable.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera_crashreporter.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Opera Software) G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.) HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-12] () HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-12] () HKLM\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-17] (Stardock Corporation) HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14122736 2017-01-18] (Zemana Ltd.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [9080768 2017-01-20] (AVAST Software) HKLM-x32\...\Run: [PowerPanel Personal Edition User Interaction] => C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe [378904 2015-12-22] (Cyber Power Systems, Inc.) HKU\S-1-5-21-3754235531-495330377-4189813319-1001\...\Run: [Fences] => C:\Program Files (x86)\Stardock\Fences\Fences.exe [3934168 2016-09-17] (Stardock Corporation) HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE [298560 2013-09-12] (SEIKO EPSON CORPORATION) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-08-30] (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\..\Interfaces\{7173e2d8-f7f2-4250-b930-9c99644fecc5}: [NameServer] 8.8.8.8,8.8.4.4 Internet Explorer: ================== HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/ BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: a05kdwfn.default FF ProfilePath: C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default [2017-01-24] FF NewTab: 8pecxstudios\Cyberfox\Profiles\a05kdwfn.default -> hxxps://www.google.com.au/ FF Homepage: 8pecxstudios\Cyberfox\Profiles\a05kdwfn.default -> hxxps://www.google.com.au/ FF Extension: (Add to Search Bar) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2016-07-15] FF Extension: (Classic Theme Restorer) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2017-01-01] FF Extension: (Translate This!) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi [2016-12-20] FF Extension: (LastPass) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\support@lastpass.com [2016-12-20] FF Extension: (uBlock Origin) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\uBlock0@raymondhill.net.xpi [2016-12-20] FF Extension: (Malware Search) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi [2016-07-15] FF Extension: (Download Status Bar) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2016-09-27] FF Extension: (WOT) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2016-07-15] FF Extension: (Download YouTube Videos as MP4) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2017-01-19] FF Extension: (Tab Mix Plus) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-12-20] FF Extension: (CoLT) - C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\Extensions\{e6c4c3ef-3d4d-42d6-8283-8da73c53a283}.xpi [2016-07-15] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll [2017-01-21] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll [2017-01-21] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2015-12-29] (Foxit Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [155016 2016-09-16] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128 2016-08-30] (AVAST Software) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION) R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-11-29] (Malwarebytes) S3 PAExec; C:\Windows\PAExec.exe [189112 2016-09-23] (Power Admin LLC) R2 ppped; C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe [1083416 2015-12-22] (Cyber Power Systems, Inc.) R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-08] (Paramount Software UK Ltd) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-11-11] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14122736 2017-01-18] (Zemana Ltd.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys [26568856 2016-10-26] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys [536592 2016-10-26] (Advanced Micro Devices, Inc.) S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [37656 2016-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [108816 2016-08-30] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [103064 2016-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-08-30] (AVAST Software) R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [969184 2017-01-20] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [513632 2017-01-20] (AVAST Software) R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [163416 2016-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [293352 2017-01-20] (AVAST Software) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-02-12] (Advanced Micro Devices) R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-06-03] (C-Media Inc) S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-23] (Malwarebytes) R2 mi2c; C:\Windows\system32\drivers\mi2c.sys [20784 2016-07-17] (Nicomsoft Ltd.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [168968 2015-10-12] (Windows (R) Win 7 DDK provider) R3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd) S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [203680 2016-08-31] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [203680 2016-08-31] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-24 12:21 - 2017-01-24 12:22 - 00014040 _____ C:\Users\John\Desktop\FRST.txt 2017-01-24 12:20 - 2017-01-24 12:20 - 00000000 ____D C:\Users\John\Desktop\FRST-OlderVersion 2017-01-24 10:50 - 2017-01-24 10:53 - 225889388 _____ C:\Users\John\Desktop\PERCY FAITH - MORE THEMES FOR YOUNG LOVERS (full album).mp4 2017-01-24 10:16 - 2017-01-24 10:16 - 00001440 _____ C:\Users\John\Desktop\XYplorer.lnk 2017-01-22 11:40 - 2017-01-22 11:40 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore 2017-01-21 16:36 - 2017-01-21 16:36 - 00000000 ____D C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 2017-01-21 09:34 - 2017-01-21 09:34 - 00000236 _____ C:\Users\John\Desktop\Farbar (frst), OTL, HijackThis log analyzing.URL 2017-01-21 09:26 - 2017-01-21 09:26 - 00358035 _____ C:\Users\John\Desktop\ALA-FAHai.exe 2017-01-20 16:27 - 2017-01-24 12:21 - 00000000 ____D C:\FRST 2017-01-20 13:06 - 2017-01-20 13:06 - 00001145 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2017-01-20 13:06 - 2017-01-20 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2017-01-20 12:09 - 2016-08-30 15:05 - 00391496 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2017-01-20 10:30 - 2017-01-20 10:31 - 00000000 ____D C:\AdwCleaner 2017-01-20 10:30 - 2017-01-20 10:30 - 03988944 _____ C:\Users\John\Desktop\adwcleaner_6.042.exe 2017-01-19 15:41 - 2017-01-19 15:41 - 00000000 ____D C:\Users\John\Documents\Freemake 2017-01-18 16:45 - 2017-01-18 16:46 - 362525863 _____ C:\Users\John\Desktop\Elvis' BMW 507 Restoration.mp4 2017-01-18 10:52 - 2017-01-18 10:52 - 00000000 ____D C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 2017-01-18 10:52 - 2017-01-18 10:52 - 00000000 ____D C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb 2017-01-18 10:52 - 2017-01-18 10:52 - 00000000 ____D C:\ProgramData\Adobe 2017-01-16 11:20 - 2017-01-16 11:20 - 00000266 _____ C:\Users\John\Desktop\WinToUSB - What is an EFI system partition (ESP).URL 2017-01-15 15:33 - 2017-01-15 15:33 - 04038849 _____ C:\Users\John\Desktop\This Ole House by Bette Midler.mp4 2017-01-13 14:42 - 2017-01-13 14:42 - 00000234 _____ C:\Users\John\Desktop\Windows startup programs - Database search.URL 2017-01-12 15:32 - 2017-01-12 15:32 - 06811660 _____ C:\Users\John\Desktop\Willie Nelson ~Can I Sleep in Your Arms~~with Lukas Nelson.wmv.mp4 2017-01-07 14:04 - 2017-01-07 14:04 - 00000000 ____D C:\Users\John\Desktop\VLCPortable 2017-01-03 14:10 - 2017-01-03 14:10 - 00000000 ____D C:\Users\John\Desktop\system-ninja-portable-3.1 2017-01-01 11:21 - 2017-01-01 11:21 - 00032387 _____ C:\Users\John\Desktop\MTB.txt 2016-12-31 13:07 - 2016-12-31 13:07 - 00156992 _____ C:\Users\John\Desktop\mac1.jpg 2016-12-30 16:28 - 2016-12-30 16:28 - 00765662 _____ C:\Users\John\Desktop\test2.mp4 2016-12-30 16:22 - 2016-12-30 16:23 - 01405442 _____ C:\Users\John\Desktop\test.avi 2016-12-29 12:03 - 2016-12-29 12:03 - 00044880 _____ C:\Users\John\Desktop\OFFICE6410.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-24 12:21 - 2016-07-16 12:45 - 00398728 _____ C:\WINDOWS\ZAM.krnl.trace 2017-01-24 12:21 - 2016-07-16 12:45 - 00381223 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-01-24 12:20 - 2016-08-12 15:12 - 02420736 _____ (Farbar) C:\Users\John\Desktop\FRST64.exe 2017-01-24 11:56 - 2016-07-15 17:19 - 00000000 ____D C:\Users\John\AppData\Roaming\Skype 2017-01-24 11:08 - 2016-10-24 11:58 - 00001333 _____ C:\Users\John\Desktop\4K Video Downloader.lnk 2017-01-24 11:08 - 2016-08-31 13:04 - 00001118 _____ C:\Users\John\Desktop\Cyberfox.lnk 2017-01-24 11:08 - 2016-08-15 17:01 - 00002144 _____ C:\Users\John\Desktop\VirusTotal Uploader 2.2.lnk 2017-01-24 11:08 - 2016-07-16 16:59 - 00001199 _____ C:\Users\John\Desktop\PotPlayer.lnk 2017-01-24 10:56 - 2016-11-10 16:12 - 00000000 ____D C:\Users\John 2017-01-24 10:17 - 2016-07-15 15:43 - 00000000 ____D C:\Users\John\AppData\Roaming\XYplorer 2017-01-24 10:16 - 2016-07-15 15:27 - 00000000 ____D C:\portable apps 2017-01-24 09:27 - 2016-07-17 12:54 - 00000000 ____D C:\Users\John\AppData\Local\ClassicShell 2017-01-24 09:16 - 2016-07-16 13:59 - 00000000 ____D C:\Users\John\AppData\Roaming\uTorrent 2017-01-24 08:11 - 2016-11-26 09:17 - 00000000 ____D C:\Users\John\AppData\LocalLow\Mozilla 2017-01-24 08:11 - 2016-07-15 15:24 - 00000000 ____D C:\Users\John\AppData\LocalLow\LastPass 2017-01-24 08:10 - 2016-07-16 17:57 - 00000000 ____D C:\Program Files (x86)\CyberPower PowerPanel Personal Edition 2017-01-23 15:41 - 2016-11-10 16:11 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-01-23 11:27 - 2016-07-15 15:31 - 00000000 ____D C:\Temp 2017-01-23 11:24 - 2016-12-18 10:09 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-01-22 11:49 - 2016-11-13 13:50 - 00000000 ____D C:\Users\John\AppData\Local\Google 2017-01-21 14:38 - 2016-11-18 12:12 - 00003818 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-01-21 14:38 - 2016-11-18 12:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2017-01-21 14:38 - 2016-07-17 14:26 - 00000000 ____D C:\Users\John\AppData\Local\Adobe 2017-01-21 14:38 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-01-21 14:38 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-01-21 09:54 - 2016-09-10 13:52 - 00000000 _____ C:\Users\John\Desktop\LogAnalyZer.ini 2017-01-20 13:43 - 2016-07-15 14:07 - 01169502 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-01-20 13:37 - 2016-11-10 16:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-01-20 13:37 - 2016-07-17 10:59 - 00000008 __RSH C:\ProgramData\ntuser.pol 2017-01-20 13:36 - 2016-11-10 16:11 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-01-20 13:36 - 2016-07-16 17:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI 2017-01-20 13:36 - 2015-10-30 18:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-01-20 13:35 - 2016-12-12 12:50 - 00000000 ____D C:\Program Files (x86)\ALA 2017-01-20 13:06 - 2016-11-19 13:04 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2017-01-20 12:09 - 2016-11-10 16:15 - 00004004 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2017-01-20 12:09 - 2016-07-15 16:05 - 00969560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys.148487457440607 2017-01-20 12:09 - 2016-07-15 16:05 - 00969184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys 2017-01-20 12:09 - 2016-07-15 16:05 - 00513632 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys 2017-01-20 12:09 - 2016-07-15 16:05 - 00513496 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.148487457462510 2017-01-20 12:09 - 2016-07-15 16:05 - 00293352 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys 2017-01-20 12:09 - 2016-07-15 16:05 - 00292704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys.148487457573412 2017-01-20 12:09 - 2016-07-15 16:05 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk 2017-01-20 12:09 - 2016-07-15 16:05 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk 2017-01-19 16:48 - 2016-11-12 17:29 - 00000000 ____D C:\Users\John\AppData\Roaming\Mozilla 2017-01-19 15:58 - 2016-07-15 16:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2017-01-19 15:55 - 2016-07-17 11:34 - 00000000 ____D C:\Users\John\AppData\Roaming\VideoReDo-TVSuite4 2017-01-19 15:55 - 2016-07-17 11:34 - 00000000 ____D C:\ProgramData\TEMP 2017-01-18 13:13 - 2016-07-17 12:40 - 00000000 ____D C:\Users\John\Desktop\forum pics3 2017-01-18 11:05 - 2016-07-15 14:02 - 00000000 ____D C:\Users\John\AppData\Roaming\Adobe 2017-01-18 10:51 - 2016-11-10 16:12 - 00000000 ____D C:\ProgramData\Package Cache 2017-01-17 16:44 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-01-15 10:15 - 2016-09-01 14:02 - 00000000 ____D C:\Program Files\FreeFileSync 2017-01-14 13:24 - 2016-07-16 12:36 - 00041602 _____ C:\Users\John\Documents\netscan.xml 2017-01-12 15:48 - 2016-07-19 12:41 - 00000000 ____D C:\Users\John\Desktop\pics 2017-01-12 15:22 - 2016-08-16 13:27 - 00000000 ____D C:\Users\John\Desktop\guide pics 2017-01-11 10:27 - 2016-07-15 17:19 - 00000000 ___RD C:\Program Files (x86)\Skype 2017-01-11 10:27 - 2016-07-15 17:19 - 00000000 ____D C:\ProgramData\Skype 2017-01-10 11:25 - 2016-11-05 15:37 - 00035720 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-01-05 14:01 - 2016-07-16 22:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-01-05 14:01 - 2016-07-16 22:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-01-05 14:01 - 2016-07-15 14:02 - 00000000 ____D C:\Users\John\AppData\Local\Packages 2017-01-04 13:04 - 2016-07-16 16:18 - 00000000 ____D C:\Users\John\AppData\Roaming\MediaMonkey 2017-01-01 15:04 - 2016-09-02 15:25 - 00000000 ____D C:\Users\John\AppData\Roaming\Audacity 2016-12-30 14:02 - 2016-07-19 10:13 - 00000000 ____D C:\Users\John\Desktop\gifs 2016-12-29 12:01 - 2016-07-16 22:47 - 00000000 ___SD C:\ProgramData\Microsoft 2016-12-29 10:45 - 2016-11-10 16:12 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TMContainer00000000000000000001.regtrans-ms 2016-12-29 10:45 - 2016-11-10 16:12 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{b794f0c9-4b5d-11e6-80e4-e41d2d719790}.TM.blf 2016-12-28 12:32 - 2016-11-10 16:12 - 00000000 ____D C:\Users\John\AppData\Local\Microsoft 2016-12-26 13:19 - 2016-11-10 16:11 - 00028492 _____ C:\WINDOWS\setupact.log ==================== Files in the root of some directories ======= 2016-07-16 10:39 - 2016-07-16 10:39 - 0000000 _____ () C:\Users\John\AppData\Roaming\Stardockfences_debug_snapshot.dat 2016-07-17 12:16 - 2016-07-17 12:16 - 0003584 _____ () C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-08-31 13:41 - 2016-08-31 13:41 - 0000117 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-01-18 16:25 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017 Ran by John (24-01-2017 12:22:11) Running from C:\Users\John\Desktop Windows 10 Pro Version 1607 (X64) (2016-11-10 05:16:41) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3754235531-495330377-4189813319-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3754235531-495330377-4189813319-503 - Limited - Disabled) Guest (S-1-5-21-3754235531-495330377-4189813319-501 - Limited - Enabled) John (S-1-5-21-3754235531-495330377-4189813319-1001 - Administrator - Enabled) => C:\Users\John ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Avast Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.0 - ) 4K Video Downloader 4.1 (HKLM-x32\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.194 - Adobe Systems Incorporated) ALA (Ache Logfile Analyzer) (HKLM-x32\...\ALA) (Version: - ) AMD Settings (HKLM\...\WUCCCApp) (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Ashampoo Burning Studio 16 (HKLM-x32\...\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1) (Version: 16.0.2 - Ashampoo GmbH & Co. KG) Ashampoo Photo Commander 14 (HKLM-x32\...\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1) (Version: 14.0.4 - Ashampoo GmbH & Co. KG) ASUS Xonar Essence STX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version: - ASUSTeK Computer Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 12.3.2280 - AVAST Software) Catalyst Control Center Next Localization BR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization BR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CHT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization CS (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization DE (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization EL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization ES (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FI (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization FR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization HU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization IT (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization JA (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization KO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization NO (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization PL (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization RU (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization SV (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TH (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2015.1129.2307.41591 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Next Localization TR (Version: 2016.0916.1515.27418 - Advanced Micro Devices, Inc.) Hidden Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft) Cyberfox Web Browser (HKLM\...\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1) (Version: 50.0.2.0 - 8pecxstudios) CyberPower PowerPanel Personal Edition 1.6.1 (HKLM-x32\...\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}) (Version: 1.6.1 - Cyber Power Systems, Inc.) EPSON WF-3640 Series Printer Uninstall (HKLM\...\EPSON WF-3640 Series) (Version: - SEIKO EPSON Corporation) Foxit PhantomPDF Business (HKLM-x32\...\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}) (Version: 7.3.0.118 - Foxit Software Inc.) FreeFileSync 8.8 (HKLM-x32\...\FreeFileSync_is1) (Version: 8.8 - www.FreeFileSync.org) Hekasoft Backup & Restore 0.53 (HKLM\...\{PBR27112011-M1447-7KS6-C3E2-1X8374W715U4}_is1) (Version: 0.53 - Hekasoft) i-Menu version 4.3.1 (HKLM-x32\...\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1) (Version: 4.3.1 - AOC) Inpaint 6.2 (HKLM\...\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1) (Version: - Teorex) Intel(R) Chipset Device Software (x32 Version: 10.1.1.8 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation) Intel(R) Network Connections 20.2.4001.0 (HKLM\...\PROSetDX) (Version: 20.2.4001.0 - Intel) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 6.1.1366 - Paramount Software (UK) Ltd.) Hidden MailWasherPro (HKLM-x32\...\{6657DA03-A39B-472C-8458-6292E128A3D9}) (Version: 7.2.0 - Firetrust) Malwarebytes version 3.0.4.1269 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.4.1269 - Malwarebytes) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mozilla Thunderbird 45.6.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.6.0 (x86 en-US)) (Version: 45.6.0 - Mozilla) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Potplayer-64 bit (HKLM\...\PotPlayer64) (Version: - Kakao Corp.) PowerISO (HKLM-x32\...\PowerISO) (Version: 6.6 - Power Software Ltd) Revo Uninstaller Pro 3.1.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.7 - VS Revo Group, Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden Skype™ 7.30 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.30.105 - Skype Technologies S.A.) Stardock Fences 3 (HKLM-x32\...\Stardock Fences 3) (Version: 3.03 - Stardock Software, Inc.) VideoReDo TVSuite Version 4.20.7.629 (HKLM-x32\...\VideoReDo4_is1) (Version: - DRD Systems, Inc.) VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - ) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.576 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03E92A8D-C733-4DC1-9AFE-FBA20CC80B84} - System32\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {97DB64DA-797E-46DD-9AE1-DF2818507211} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-01-21] (Adobe Systems Incorporated) Task: {DC98AAC8-7652-4614-BC5B-DB5EA59068E8} - System32\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002} => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE [2013-02-28] (SEIKO EPSON CORPORATION) Task: {EF1FBFE0-1F58-481E-8139-D67BE269E480} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-08-30] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE Task: C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE :/EXE:{FAEDF3DB-11CF-420C-8314-1B3775AEC002} /F:Update MSHOME\OFFICE6410$ ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-09-16 15:38 - 2016-09-16 15:38 - 00155016 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe 2016-12-18 10:09 - 2016-11-29 06:27 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll 2016-07-16 22:42 - 2016-07-16 22:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-11-11 11:04 - 2016-11-11 11:04 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-11-11 11:04 - 2016-11-11 11:04 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-11-11 11:04 - 2016-11-11 11:04 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-11-10 16:18 - 2016-11-10 16:18 - 00959168 _____ () C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2016-11-19 13:04 - 2016-11-19 13:04 - 00152944 _____ () C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll 2016-11-11 11:04 - 2016-11-11 11:04 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-11 11:09 - 2016-11-11 11:09 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll 2016-09-13 02:01 - 2016-09-13 02:01 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2016-07-15 14:53 - 2008-07-12 09:04 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe 2016-07-15 14:53 - 2008-07-12 09:03 - 00282112 _____ () C:\Windows\System\HsMgr64.exe 2016-12-20 13:52 - 2016-12-20 13:52 - 01232408 _____ () C:\Users\John\AppData\Roaming\8pecxstudios\Cyberfox\Profiles\a05kdwfn.default\extensions\support@lastpass.com\platform\WINNT_x86_64-msvc\components\lpxpcom_x86_64.dll 2016-07-17 01:34 - 2016-07-17 01:34 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2016-07-17 01:34 - 2016-07-17 01:34 - 00157184 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-07-17 01:34 - 2016-07-17 01:34 - 29443072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2016-08-30 15:05 - 2016-08-30 15:05 - 00169064 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll 2016-08-30 15:05 - 2016-08-30 15:05 - 00482928 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2017-01-23 09:13 - 2017-01-23 09:13 - 04376576 _____ () C:\Program Files\AVAST Software\Avast\defs\17012200\algo.dll 2017-01-24 08:10 - 2017-01-24 08:10 - 04458584 _____ () C:\Program Files\AVAST Software\Avast\defs\17012300\algo.dll 2016-07-15 14:53 - 2012-06-07 03:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll 2016-07-15 16:05 - 2016-07-15 16:05 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2016-11-10 16:18 - 2016-11-10 16:18 - 00679624 _____ () C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll 2017-01-24 10:41 - 2017-01-24 10:41 - 00011264 _____ () C:\Users\John\AppData\Local\Temp\nsj47A9.tmp\System.dll 2017-01-24 10:41 - 2017-01-24 10:41 - 00029696 _____ () C:\Users\John\AppData\Local\Temp\nsj47A9.tmp\registry.dll 2016-12-19 18:20 - 2016-12-19 18:20 - 68763736 _____ () G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\opera.dll 2016-12-19 18:20 - 2016-12-19 18:20 - 01893976 _____ () G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\libglesv2.dll 2016-12-19 18:20 - 2016-12-19 18:20 - 00086616 _____ () G:\portablesuite\PortableApps\OperaPortable\App\Opera\42.0.2393.94\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-30 18:24 - 2016-12-21 16:33 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\fb\394818_o.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\Run: => "Logitech Download Assistant" HKU\S-1-5-21-3754235531-495330377-4189813319-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000001" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [{6E02EDC5-5B51-4FBF-9A42-6C549FE2F8E1}] => C:\Program Files\VueScan\vuescan.exe FirewallRules: [{BD4885C8-3297-4CAF-955D-C4798CA65EEA}] => C:\Program Files\VueScan\vuescan.exe FirewallRules: [{00FF91AC-7766-460C-85DF-7DA7366849E8}] => C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe FirewallRules: [{2BBF161C-9403-493C-B659-F591ED39EDD8}] => C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{97D71CC0-B247-4ADE-B9CA-B8D46510D6E2}] => C:\Program Files (x86)\uTorrent\uTorrent.exe FirewallRules: [{EF71B855-1CE4-4569-9CE9-AC990983B87D}] => C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{B6DB908B-542B-4D2D-A820-7C9B18C7E83D}] => C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe FirewallRules: [{00C9823B-D7C8-4442-8B04-E4A9CB6BC77F}] => C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe ==================== Restore Points ========================= 05-01-2017 12:16:21 Scheduled Checkpoint 14-01-2017 12:28:54 Scheduled Checkpoint 18-01-2017 10:51:13 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 19-01-2017 15:56:32 Revo Uninstaller Pro's restore point - Freemake Video Downloader 20-01-2017 10:32:21 JRT Pre-Junkware Removal 20-01-2017 12:26:24 Revo Uninstaller Pro's restore point - WinPcap 4.1.2 20-01-2017 12:31:55 Revo Uninstaller Pro's restore point - Mozilla Maintenance Service ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Logitech HD Webcam C270 Description: Logitech HD Webcam C270 Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Manufacturer: Logitech Service: LVUVC64 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (01/24/2017 09:16:49 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca Exception code: 0xc000041d Fault offset: 0x00003e82 Faulting process id: 0x974 Faulting application start time: 0x01d275c65d1b5e1b Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\System32\GDI32.dll Report Id: b7191ee2-753d-4ae9-b906-2889a7f82097 Faulting package full name: Faulting package-relative application ID: Error: (01/24/2017 09:16:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95 Exception code: 0xc0000005 Fault offset: 0x00044f9e Faulting process id: 0x974 Faulting application start time: 0x01d275c65d1b5e1b Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: ae8566d4-40e7-499e-af31-1b8451c32103 Faulting package full name: Faulting package-relative application ID: Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1023) (User: ) Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code. Error: (01/24/2017 08:10:51 AM) (Source: PerfNet) (EventID: 2004) (User: ) Description: Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code. Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/24/2017 08:10:51 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (01/23/2017 11:23:23 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618 Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca Exception code: 0xc000041d Fault offset: 0x00003e82 Faulting process id: 0x1890 Faulting application start time: 0x01d2750ec32f562e Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe Faulting module path: C:\WINDOWS\System32\GDI32.dll Report Id: c582a33e-6195-4abc-b5df-68da8a8ab8b3 Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (01/24/2017 08:10:14 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/23/2017 11:25:05 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: NT AUTHORITY) Description: 0x8000002a118\??\C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\S-1-5-21-3754235531-495330377-4189813319-1001-01232017112505756-ntuser.dat Error: (01/23/2017 11:23:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/23/2017 09:12:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9A4948D9-13FC-4FAC-B60A-FBA6EE0FB11C} and APPID {50E1C3FD-EC35-490E-9CCF-C68F9AE91919} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/23/2017 09:12:43 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/22/2017 11:40:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/20/2017 01:37:11 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (01/20/2017 01:36:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The ZAM Controller Service service terminated unexpectedly. It has done this 1 time(s). Error: (01/20/2017 01:36:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AdaptiveSleepService service terminated unexpectedly. It has done this 1 time(s). Error: (01/20/2017 01:36:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz Percentage of memory in use: 21% Total physical RAM: 16295.48 MB Available physical RAM: 12870.89 MB Total Virtual: 17319.48 MB Available Virtual: 13328.72 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.21 GB) (Free:334.35 GB) NTFS Drive d: (D Drive) (Fixed) (Total:1863.01 GB) (Free:1194.18 GB) NTFS Drive g: (PORT APPS) (Removable) (Total:14.64 GB) (Free:3.7 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 638DBDB3) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 66014E78) Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 14.6 GB) (Disk ID: 6E41B4CD) Partition 1: (Active) - (Size=14.6 GB) - (Type=0C) ==================== End of Addition.txt ============================
  10. Alright, I'd like you to run a check disk from the recovery console command prompt. run the following.. chkdsk /f /r After the checkdisk completes then see if you can boot into normal mode. If not then try a startup repair from the recovery console. If you are unable to boot after this, then please post a new FRST log. I will then write you a script to see if we can get this machine booting again.
  11. Nope, same problem
  12. Are you able to boot into normal mode now?
  13. Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017 Ran by SYSTEM (23-01-2017 18:46:12) Run:1 Running from L:\ Boot Mode: Recovery ============================================== fixlist content: ***************** LastRegBack: 2017-01-12 22:31 ***************** DEFAULT => copied successfully to System32\config\HiveBackup DEFAULT => restored successfully from registry back up SAM => copied successfully to System32\config\HiveBackup SAM => restored successfully from registry back up SECURITY => copied successfully to System32\config\HiveBackup SECURITY => restored successfully from registry back up SOFTWARE => copied successfully to System32\config\HiveBackup SOFTWARE => restored successfully from registry back up SYSTEM => copied successfully to System32\config\HiveBackup SYSTEM => restored successfully from registry back up ==== End of Fixlog 18:46:22 ==== Fix result of Farbar Recovery Scan Tool (x64) Version: 22-01-2017 Ran by SYSTEM (23-01-2017 18:46:12) Run:1 Running from L:\ Boot Mode: Recovery ============================================== fixlist content: ***************** LastRegBack: 2017-01-12 22:31 ***************** DEFAULT => copied successfully to System32\config\HiveBackup DEFAULT => restored successfully from registry back up SAM => copied successfully to System32\config\HiveBackup SAM => restored successfully from registry back up SECURITY => copied successfully to System32\config\HiveBackup SECURITY => restored successfully from registry back up SOFTWARE => copied successfully to System32\config\HiveBackup SOFTWARE => restored successfully from registry back up SYSTEM => copied successfully to System32\config\HiveBackup SYSTEM => restored successfully from registry back up ==== End of Fixlog 18:46:22 ====
  14. Yesterday
  15. Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt LastRegBack: 2017-01-12 22:31 NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait. The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.
  16. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017 Ran by SYSTEM on MININT-VQOFO8I (22-01-2017 16:06:53) Running from L:\ Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001 ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor) HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] () HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1934744 2015-01-30] (APN) HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-10-11] (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2015-01-30] (APN LLC.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3040496 2016-10-04] (Microsoft Corporation) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-03] (WildTangent) S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company) S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.469\McCHSvc.exe [329480 2016-12-02] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2014-08-11] (Sage) S2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24880 2014-08-11] (Sage) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:06 - 2017-01-22 16:06 - 00000000 ____D C:\FRST 2017-01-20 13:56 - 2017-01-20 13:56 - 00578862 _____ C:\Users\Roger\Documents\GST form.pdf 2017-01-20 13:56 - 2017-01-20 13:56 - 00006954 _____ C:\Users\Roger\Documents\Request for a Business Number.pdf 2017-01-18 21:03 - 2017-01-18 21:03 - 00126417 _____ C:\Users\Roger\Desktop\Roxie Jan Visa.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-22 16:03 - 2012-11-07 17:30 - 00000000 ____D C:\Windows\System32\Macromed 2017-01-22 16:03 - 2012-11-01 18:53 - 00000000 ____D C:\users\Roger 2017-01-22 16:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2017-01-22 16:02 - 2015-11-19 08:36 - 00000000 ____D C:\Program Files\McAfee Security Scan 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2017-01-22 16:02 - 2015-04-05 13:25 - 00000000 ____D C:\Program Files (x86)\AskPartnerNetwork 2017-01-22 16:02 - 2012-12-04 15:17 - 00000000 ____D C:\Users\Roger\AppData\Local\Simply 2017-01-22 16:02 - 2012-11-07 17:30 - 00000000 ____D C:\ProgramData\McAfee Security Scan 2017-01-22 16:02 - 2012-11-01 19:07 - 00000000 ____D C:\ProgramData\clear.fi 2017-01-22 16:02 - 2012-11-01 18:53 - 00000000 ____D C:\Users\Roger\AppData\Local\PowerCinema 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf 2017-01-22 16:02 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2017-01-22 16:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2017-01-22 16:00 - 2011-08-02 22:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2017-01-22 15:55 - 2013-02-16 12:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2017-01-21 10:02 - 2013-10-03 14:45 - 00000000 ____D C:\L&DCABLE 2017-01-20 13:59 - 2015-07-01 19:14 - 00000000 ____D C:\Users\Roger\AppData\Local\CutePDF Writer 2017-01-20 13:56 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp 2017-01-13 06:32 - 2013-01-17 15:36 - 00000000 ____D C:\Users\Roger\AppData\Local\Deployment 2017-01-10 06:13 - 2016-06-16 06:30 - 00013519 _____ C:\Users\Roger\Desktop\Splash Park.xlsx 2016-12-23 03:22 - 2013-02-16 12:44 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft Some files in TEMP: ==================== 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd. ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2016-10-13 06:35] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe [2016-10-13 06:35] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [2016-12-13 13:45] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll [2016-12-13 13:45] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2016-12-29 22:00 Restore point date: 2017-01-05 22:00 Restore point date: 2017-01-11 01:00 Restore point date: 2017-01-18 22:00 Restore point date: 2017-01-21 09:47 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 7892.94 MB Available physical RAM: 6942.49 MB Total Virtual: 7891.14 MB Available Virtual: 6928.98 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1382.17 GB) (Free:1181.84 GB) NTFS Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS Drive l: (KINGSTON) (Removable) (Total:3.65 GB) (Free:3.22 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C3548EA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS) ======================================================== Disk: 6 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18) Partition 1: (Active) - (Size=3.7 GB) - (Type=0C) LastRegBack: 2017-01-12 22:31 ==================== End of FRST.txt ============================
  17. Today
  18. I have a Windows 7 Home Premium Acer computer that won't boot after a power outage. It starts to load Windows and then just reboots, even when attempting to boot into Safe Mode. I can get into the recovery console and have run a FRST
  19. Last week
  20. You need to download it to a Disk.
  21. Why is my lenovo ideapad z510 i5 wont turn into login screen it keep stuck at loading screen and said scanning and repairing drive (D:): 100% completed
  22. I'm changing a folder's icon to look like the default downloads icon, and I don't know where it is. Picture related
  23. Earlier
  24. Hello hawkeye882, Is all 16GB recognised in the BIOS. By the above do you mean that you cleared the Maximum memory check box in the Advanced options.
  25. I have windows 10 pro, 64 bit. I have installed 16gb of memory and only 6.94gb of usable memory. I have done the msconfig and it did not work. Can anyone help?
  26. what happen if it is different computer? what if the computer that needed to transfer the data does not have Puppy software?
  27. Run chkdsk /f /r from recovery console.
  28. Run chkdsk /f /r from recovery console.
  29. Load more activity

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!