Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

Windows 7

Sign in to follow this  
Followers 0

Got a problem with Windows 7 not working like it should? Ask your questions here.

27 topics in this forum

    • 0 replies
    • 702 views
    • 0 replies
    • 695 views
    • 8 replies
    • 53 views
    • 1 reply
    • 36 views
    • 1 reply
    • 36 views
    • 11 replies
    • 252 views
    • 2 replies
    • 96 views
    • 3 replies
    • 106 views
    • 1 reply
    • 110 views
    • 2 replies
    • 129 views
    • 51 replies
    • 667 views
    • 5 replies
    • 485 views
    • 2 replies
    • 193 views
    • 19 replies
    • 477 views
    • 2 replies
    • 668 views
    • 10 replies
    • 234 views
    • 1 reply
    • 221 views
    • 4 replies
    • 556 views
    • 3 replies
    • 551 views
    • 4 replies
    • 314 views
    • 4 replies
    • 329 views
    • 2 replies
    • 268 views
    • 1 reply
    • 474 views
    • 1 reply
    • 1,400 views
    • 5 replies
    • 452 views
Sign in to follow this  
Followers 0
  • Topics

  • Posts

    • Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it on the flash drive as fixlist.txt           HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.) HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.) HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage) HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24] ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) C:\Program Files\McAfee.com C:\Program Files\Common Files\McAfee C:\Program Files\McAfee Security Scan C:\Windows\system32\mfevtps.exe S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.) S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 mfeaack01; \Device\mfeaack01.sys [X] S2 McAfee SiteAdvisor Service; C:\Program Files\McAfee Security Scan\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.) S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.) S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.) S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.) S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.) S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.) S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.) S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.) S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.) S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.) C:\ProgramData\McAfee Security Scan C:\Windows\Tasks\Adobe Flash Player Updater.job C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll 2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe 2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe 2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe 2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd.                                      ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe 2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe 2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe 2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE 2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe 2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe 2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll 2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe 2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe 2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe 2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe 2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe 2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe 2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe 2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe 2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe 2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe 2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe 2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe     NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system On Vista or Windows 7: Now please enter System Recovery Options. On Windows XP: Now please boot into the PE (Preinstallation Environment) disk. Run FRST/FRST64 and press the Fix button just once and wait.
      The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.  
    • Check Disk completed.  Still wouldn't boot.  Tried a startup repair and it failed on doing a system restore due to file integrity from the looks of it.  Log from Startup repair below followed by Farbar log.   Startup Repair diagnosis and repair log
      ---------------------------
      Last successful boot time: ?1/?13/?2017 2:30:45 PM (GMT)
      Number of repair attempts: 2 Session details
      ---------------------------
      System Disk = \Device\Harddisk0
      Windows directory = D:\Windows
      AutoChk Run = 0
      Number of root causes = 1 Test Performed: 
      ---------------------------
      Name: Check for updates
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: System disk test
      Result: Completed successfully. Error code =  0x0
      Time taken = 15 ms Test Performed: 
      ---------------------------
      Name: Disk failure diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 78 ms Test Performed: 
      ---------------------------
      Name: Disk metadata test
      Result: Completed successfully. Error code =  0x0
      Time taken = 63 ms Test Performed: 
      ---------------------------
      Name: Target OS test
      Result: Completed successfully. Error code =  0x0
      Time taken = 156 ms Test Performed: 
      ---------------------------
      Name: Volume content check
      Result: Completed successfully. Error code =  0x0
      Time taken = 171 ms Test Performed: 
      ---------------------------
      Name: Boot manager diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: System boot log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Event log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 733 ms Test Performed: 
      ---------------------------
      Name: Internal state check
      Result: Completed successfully. Error code =  0x0
      Time taken = 47 ms Test Performed: 
      ---------------------------
      Name: Boot status test
      Result: Completed successfully. Error code =  0x0
      Time taken = 94 ms Test Performed: 
      ---------------------------
      Name: Setup state check
      Result: Completed successfully. Error code =  0x0
      Time taken = 905 ms Test Performed: 
      ---------------------------
      Name: Registry hives test
      Result: Completed successfully. Error code =  0x0
      Time taken = 7503 ms Test Performed: 
      ---------------------------
      Name: Windows boot log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Bugcheck analysis
      Result: Completed successfully. Error code =  0x0
      Time taken = 4540 ms Test Performed: 
      ---------------------------
      Name: Access control test
      Result: Completed successfully. Error code =  0x0
      Time taken = 23306 ms Test Performed: 
      ---------------------------
      Name: File system test (chkdsk)
      Result: Completed successfully. Error code =  0x0
      Time taken = 129419 ms Test Performed: 
      ---------------------------
      Name: Software installation log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Fallback diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Root cause found: 
      ---------------------------
      Unspecified changes to system configuration might have caused the problem. Repair action: System Restore
      Result: Failed. Error code =  0x1f
      Time taken = 681397 ms Repair action: System files integrity check and repair
      Result: Failed. Error code =  0x490
      Time taken = 929376 ms ---------------------------
      ---------------------------
      Session details
      ---------------------------
      System Disk = \Device\Harddisk0
      Windows directory = D:\Windows
      AutoChk Run = 0
      Number of root causes = 0 Test Performed: 
      ---------------------------
      Name: Check for updates
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: System disk test
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Disk failure diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 78 ms Test Performed: 
      ---------------------------
      Name: Disk metadata test
      Result: Completed successfully. Error code =  0x0
      Time taken = 16 ms Test Performed: 
      ---------------------------
      Name: Target OS test
      Result: Completed successfully. Error code =  0x0
      Time taken = 171 ms Test Performed: 
      ---------------------------
      Name: Volume content check
      Result: Completed successfully. Error code =  0x0
      Time taken = 156 ms Test Performed: 
      ---------------------------
      Name: Boot manager diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: System boot log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Event log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 390 ms Test Performed: 
      ---------------------------
      Name: Internal state check
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Boot status test
      Result: Completed successfully. Error code =  0x0
      Time taken = 78 ms Test Performed: 
      ---------------------------
      Name: Setup state check
      Result: Completed successfully. Error code =  0x0
      Time taken = 749 ms Test Performed: 
      ---------------------------
      Name: Registry hives test
      Result: Completed successfully. Error code =  0x0
      Time taken = 4665 ms Test Performed: 
      ---------------------------
      Name: Windows boot log diagnosis
      Result: Completed successfully. Error code =  0x0
      Time taken = 0 ms Test Performed: 
      ---------------------------
      Name: Bugcheck analysis
      Result: Completed successfully. Error code =  0x0
      Time taken = 2808 ms ---------------------------
      ---------------------------
        #####################################################FARBAR#################   Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
      Ran by SYSTEM on MININT-L62M27S (24-01-2017 12:06:27)
      Running from L:\
      Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
      Internet Explorer Version 11
      Boot Mode: Recovery
      Default: ControlSet001
      ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-08] (Realtek Semiconductor)
      HKLM\...\Run: [BoxSync] => C:\Program Files\Box\Box Sync\BoxSync.exe [6450920 2016-09-15] (Box, Inc.)
      HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
      HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [852720 2016-09-23] (McAfee, Inc.)
      HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-06-21] (Egis Technology Inc.)
      HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
      HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-29] (Advanced Micro Devices, Inc.)
      HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
      HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
      HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [164656 2014-08-11] (Sage)
      HKLM-x32\...\Run: [JFaxMailNTHelper] => C:\Windows\JFaxMailNTHelper.exe [45056 1999-03-05] ()
      HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
      HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-11-16] (Apple Inc.)
      HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
      HKLM-x32\...\Run: [] => [X]
      HKLM-x32\...\Run: [doubleTwist] => C:\Program Files (x86)\doubleTwist\doubleTwist.Light.exe
      HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-03-31] (Oracle Corporation)
      Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2013-04-21]
      ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
      Startup: C:\Users\Roger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SlingplayerForWebShortcut.lnk [2016-07-24]
      ShortcutTarget: SlingplayerForWebShortcut.lnk -> C:\Program Files (x86)\Sling Media\SlingplayerForWeb\SlingplayerForWeb.exe (Sling Media Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
      S3 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [37264 2016-07-29] (Box, Inc.)
      S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3042032 2016-11-01] (Microsoft Corporation)
      S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [350064 2016-03-03] (WildTangent)
      S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-07-23] (Garmin Ltd or its subsidiaries)
      S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [78088 2014-08-26] (Hewlett-Packard Company)
      S2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-08-04] (McAfee, Inc.)
      S2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
      S3 McAWFwk; c:\Program Files\mcafee\msc\McAWFwk.exe [224704 2011-03-08] (McAfee, Inc.)
      S2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.474\McCHSvc.exe [329480 2016-12-14] (McAfee, Inc.)
      S2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
      S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
      S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
      S2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
      S2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
      S2 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
      S2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
      S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
      S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
      S2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
      S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [36144 2014-08-11] (Sage)
      S2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [24880 2014-08-11] (Sage)
      S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
      S2 WlanWpsSvc; C:\Program Files (x86)\D-Link\DWA-130 revE\WlanWpsSvc.exe [167936 2008-06-26] () ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
      S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [216704 2016-08-01] (McAfee, Inc.)
      S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
      S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
      S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
      S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
      S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
      S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
      S3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-08-04] (McAfee, Inc.)
      S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
      S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)
      S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)
      S3 mfeaack01; \Device\mfeaack01.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
      ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-23 18:46 - 2017-01-23 18:46 - 00000000 ____D C:\Windows\System32\config\HiveBackup
      2017-01-22 16:06 - 2017-01-24 12:06 - 00000000 ____D C:\FRST
      2017-01-20 13:56 - 2017-01-20 13:56 - 00578862 _____ C:\Users\Roger\Documents\GST form.pdf
      2017-01-20 13:56 - 2017-01-20 13:56 - 00006954 _____ C:\Users\Roger\Documents\Request for a Business Number.pdf
      2017-01-18 21:03 - 2017-01-18 21:03 - 00126417 _____ C:\Users\Roger\Desktop\Roxie Jan Visa.pdf
      2017-01-10 11:46 - 2017-01-10 11:46 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-01-24 10:18 - 2015-11-19 08:36 - 00000000 ____D C:\Program Files\McAfee Security Scan
      2017-01-24 10:18 - 2012-12-04 15:17 - 00000000 ____D C:\Users\Roger\AppData\Local\Simply
      2017-01-24 10:18 - 2012-11-07 17:30 - 00000000 ____D C:\Windows\System32\Macromed
      2017-01-24 10:18 - 2012-11-07 17:30 - 00000000 ____D C:\ProgramData\McAfee Security Scan
      2017-01-24 10:18 - 2012-11-01 19:07 - 00000000 ____D C:\ProgramData\clear.fi
      2017-01-24 10:18 - 2012-11-01 18:53 - 00000000 ____D C:\Users\Roger\AppData\Local\PowerCinema
      2017-01-24 10:18 - 2012-11-01 18:53 - 00000000 ____D C:\users\Roger
      2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
      2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
      2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\inf
      2017-01-24 10:18 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat
      2017-01-24 10:17 - 2011-08-02 22:31 - 00000000 ____D C:\Windows\SysWOW64\Macromed
      2017-01-24 10:11 - 2013-02-16 12:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
      2017-01-21 10:02 - 2013-10-03 14:45 - 00000000 ____D C:\L&DCABLE
      2017-01-20 13:59 - 2015-07-01 19:14 - 00000000 ____D C:\Users\Roger\AppData\Local\CutePDF Writer
      2017-01-20 13:56 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
      2017-01-13 06:32 - 2013-01-17 15:36 - 00000000 ____D C:\Users\Roger\AppData\Local\Deployment
      2017-01-11 00:56 - 2012-11-07 17:30 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
      2017-01-10 23:56 - 2012-11-07 17:30 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
      2017-01-10 23:56 - 2012-11-07 17:30 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
      2017-01-10 23:56 - 2011-08-02 22:31 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
      2017-01-10 19:26 - 2016-11-20 22:05 - 00003846 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
      2017-01-10 06:13 - 2016-06-16 06:30 - 00013519 _____ C:\Users\Roger\Desktop\Splash Park.xlsx
      2017-01-10 01:25 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
      2017-01-10 01:25 - 2009-07-13 20:45 - 00024608 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
      2017-01-06 05:00 - 2012-12-04 15:24 - 00004614 _____ C:\Windows\ODBC.INI
      2016-12-28 17:30 - 2016-06-30 07:32 - 00001968 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
      2016-12-28 17:30 - 2009-07-13 18:34 - 00000875 _____ C:\Windows\System32\Drivers\etc\hosts Some files in TEMP:
      ====================
      2013-01-02 17:20 - 2013-01-02 17:20 - 0726016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.dll
      2013-01-02 17:20 - 2013-01-02 17:20 - 0150016 _____ (Igor Pavlov) C:\Users\Roger\AppData\Local\Temp\7z.exe
      2013-03-17 15:15 - 2013-03-17 15:16 - 35447368 _____ () C:\Users\Roger\AppData\Local\Temp\8673.exe
      2015-04-05 13:23 - 2015-04-05 13:23 - 0663448 _____ (Ask Partner Network) C:\Users\Roger\AppData\Local\Temp\APNSetup.exe
      2015-11-16 11:04 - 2015-11-16 11:04 - 0144008 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BingSvc.exe
      2012-03-13 05:47 - 2012-03-13 05:47 - 35084352 ____R (Research In Motion Ltd.                                      ) C:\Users\Roger\AppData\Local\Temp\BlackBerryDeviceManager.exe
      2015-11-16 11:04 - 2015-11-16 11:04 - 1118360 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcProcessor.exe
      2015-11-16 11:04 - 2015-11-16 11:04 - 0170128 _____ (© 2015 Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\BSvcUpdater.exe
      2015-07-01 19:10 - 2015-07-01 19:11 - 8104768 _____ () C:\Users\Roger\AppData\Local\Temp\converter.exe
      2015-11-16 10:53 - 2015-11-16 10:57 - 2612880 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\DefaultPack.EXE
      2013-01-02 17:20 - 2013-01-02 17:20 - 0023477 _____ () C:\Users\Roger\AppData\Local\Temp\dtkill.exe
      2013-01-02 17:20 - 2013-01-02 17:20 - 0006656 _____ (doubleTwist Corperation) C:\Users\Roger\AppData\Local\Temp\Executor.exe
      2014-08-29 09:10 - 2014-08-29 09:21 - 118744568 _____ () C:\Users\Roger\AppData\Local\Temp\HPInstaller.exe
      2014-12-14 15:38 - 2014-12-14 15:38 - 0000000 _____ () C:\Users\Roger\AppData\Local\Temp\hukc9z10.dll
      2014-01-19 14:45 - 2014-01-19 14:45 - 1070088 _____ (Solid State Networks) C:\Users\Roger\AppData\Local\Temp\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe
      2013-02-15 21:00 - 2013-02-15 21:00 - 0897448 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
      2013-10-08 10:27 - 2013-10-08 10:27 - 0915368 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
      2013-12-19 09:06 - 2013-12-19 09:06 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
      2014-07-02 08:08 - 2014-07-02 08:08 - 0921512 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
      2015-10-24 19:24 - 2015-10-24 19:24 - 0585824 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u65-windows-au.exe
      2016-02-06 08:14 - 2016-02-06 08:14 - 0736352 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u73-windows-au.exe
      2016-04-22 05:58 - 2016-04-22 05:58 - 0739904 _____ (Oracle Corporation) C:\Users\Roger\AppData\Local\Temp\jre-8u91-windows-au.exe
      2013-02-16 12:38 - 2013-02-16 12:37 - 0558680 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\OfficeSetup.exe
      2013-04-23 14:15 - 2013-04-23 14:15 - 4995416 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2010.exe
      2013-01-02 17:20 - 2013-01-02 17:20 - 6560088 _____ (Microsoft Corporation) C:\Users\Roger\AppData\Local\Temp\vcredist_x86-2012.exe
      2013-02-15 14:36 - 2013-02-15 14:36 - 0444056 _____ () C:\Users\Roger\AppData\Local\Temp\wajam_install.exe
      2015-10-25 06:23 - 2015-10-25 06:23 - 0833864 _____ (Yahoo! Inc.) C:\Users\Roger\AppData\Local\Temp\ytb.exe ==================== Known DLLs (Whitelisted) =========================
      ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit
      C:\Windows\System32\wininit.exe => MD5 is legit
      C:\Windows\SysWOW64\wininit.exe => MD5 is legit
      C:\Windows\explorer.exe
      [2016-10-13 06:35] - [2016-08-29 07:04] - 3229696 ____A (Microsoft Corporation) 38AE1B3C38FAEF56FE4907922F0385BA C:\Windows\SysWOW64\explorer.exe
      [2016-10-13 06:35] - [2016-08-29 06:55] - 2972672 ____A (Microsoft Corporation) 6DDCA324434FFA506CF7DC4E51DB7935 C:\Windows\System32\svchost.exe => MD5 is legit
      C:\Windows\SysWOW64\svchost.exe => MD5 is legit
      C:\Windows\System32\services.exe => MD5 is legit
      C:\Windows\System32\User32.dll
      [2016-12-13 13:45] - [2016-11-10 08:32] - 1009152 ____A (Microsoft Corporation) 34BA256FBF83457F9D5E51A56DB54542 C:\Windows\SysWOW64\User32.dll
      [2016-12-13 13:45] - [2016-11-10 08:19] - 0833024 ____A (Microsoft Corporation) 3CB074875AC88A7C1010A2A7F9881A8C C:\Windows\System32\userinit.exe => MD5 is legit
      C:\Windows\SysWOW64\userinit.exe => MD5 is legit
      C:\Windows\System32\rpcss.dll => MD5 is legit
      C:\Windows\System32\dnsapi.dll => MD5 is legit
      C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
      C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) =============
      ==================== Restore Points ========================= Restore point date: 2016-12-29 22:00
      Restore point date: 2017-01-05 22:00
      Restore point date: 2017-01-11 01:00
      Restore point date: 2017-01-18 22:00
      Restore point date: 2017-01-21 09:47 ==================== Memory info ===========================  Percentage of memory in use: 10%
      Total physical RAM: 7892.94 MB
      Available physical RAM: 7045.37 MB
      Total Virtual: 7891.14 MB
      Available Virtual: 7048.97 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:1382.17 GB) (Free:1181.85 GB) NTFS
      Drive e: (PQSERVICE) (Fixed) (Total:15 GB) (Free:4.3 GB) NTFS
      Drive l: (KEIBER) (Removable) (Total:7.45 GB) (Free:1.17 GB) FAT32
      Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
      Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ========================================================
      Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: C3548EA8)
      Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
      Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
      Partition 3: (Not Active) - (Size=1382.2 GB) - (Type=07 NTFS) ========================================================
      Disk: 6 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
      Partition 1: (Active) - (Size=7.5 GB) - (Type=0B) LastRegBack: 2017-01-12 22:31 ==================== End of FRST.txt ============================
    • Quick Diag Fix.   First please create a restore point! Right click in Quick Diag Run as Admin. Copy the content of the code box below to your clipboard. Click on the S within the User Interface of the program. Then click on Script. Allow completion. Post the log created in your next reply.     Key::   [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}]   [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}]   [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}]    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] [HKLM\Software\WOW6432Node\Google] File::   C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8 C:\WINDOWS\System32\gatherNetworkInfo.vbs C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523 C:\Users\John\AppData\Roaming\Wise Uninstaller C:\WINDOWS\Tasks\Adobe Flash Player Updater.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job C:\WINDOWS\System32\Tasks\2BrightSparks C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater C:\Users\John\Documents\Freemake C:\Program Files\UVK - Ultra Virus Killer CMD::   sc delete DiagTrack sc config DeviceAssociationService start= disabled sc config diagnosticshub.standardcollector.service start= disabled sc config DoSvc start= disabled sc config HomeGroupListener start= disabled sc config HomeGroupProvider start= disabled sc config icssvc start= disabled sc config lfsvc start= disabled sc config MapsBroker start= disabled sc config MpsSvc start= disabled sc config PcaSvc start= disabled sc config TabletInputService start= disabled sc config wcncsvc start= disabled sc config WMPNetworkSvc start= disabled sc config XblAuthManager start= disabled sc config XblGameSave start= disabled sc config XboxNetApiSvc start= disabled SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn setowner -ownr "n:Administrators" SetACL -silent -ot "reg" -on "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" -actn ace -ace "n:Administrators;p:full" REG ADD                      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SpyNetReporting"      /t REG_DWORD /d 0 >nul REG ADD                      "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Spynet" /f /v "SubmitSamplesConsent" /t REG_DWORD /d 0 >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppID\SmartScreenSpecific" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\ProgramDataUpdater" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Application Experience\StartupAppTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\CleanupTemporaryState" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ApplicationData\DsSvcCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Autochk\Proxy" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\CloudExperienceHost\CreateObjectTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\Consolidator" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Customer Experience Improvement Program\UsbCeip" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskCleanup\SilentCleanup" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\DUSM\dusmtask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\ErrorDetails\EnableErrorDetailsUpdate" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Feedback\Siuf\DmClient" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\FileHistory\File History (maintenance mode)" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Installation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\License Manager\TempSignedLicenseExchange" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\Notifications" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Location\WindowsActionDialog" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Management\Provisioning\Logon" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsToastTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Maps\MapsUpdateTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NetTrace\GatherNetworkInfo" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\NlaSvc\WiFiTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Secure-Boot-Update" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\PI\Sqm-Tasks" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\Ras\MobilityManager" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask" >nul SCHTASKS /CHANGE /DISABLE /TN "\Microsoft\Windows\RetailDemo\CleanupOfflineContent" >nul     ADS:: C:\ProgramData\Temp Clean:: yes  
    • Guest Kanga
      --------------- QuickDiag | g3n-h@ckm@n | V3_22.01.17.4 --------------- ----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 24/01/2017 14:08:46 Updated 22/01/2017 | 22.30 by g3n-h@ckm@n
      Contact : http://www.sosvirus.net/ Time Zone : (UTC+10:00) Canberra, Melbourne, Sydney
      [John (Administrator)] - [OFFICE6410] (S-1-5-21-3754235531-495330377-4189813319-1001) System: Microsoft Windows 10 Pro - - (10.0.14393) -  BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
      System: AutoReboot: True - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
      Boot : Microsoft Windows 10 Pro|C:\WINDOWS|\Device\Harddisk0\Partition4
      Boot : Normal boot
      PC: Z97X-UD5H-BK - Gigabyte Technology Co., Ltd. - IdNumber: To be filled by O.E.M. - UUID: 03AA02FC-0414-0520-3C06-6D0700080009
      Processor : X64 - 3991 Mhz - Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
      F6 - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - F6 - ALASKA - 1072009
      CoreTemp : 29.8 Celsius ----------| Extended
      ---------- | SoundDevice HD Webcam C270 - Status: OK - Manufacturer: Logitech - PNPDeviceID: USB\VID_046D&PID_0825&MI_02\7&312FE03E&0&0002
      AMD High Definition Audio Device - Status: OK - Manufacturer: Advanced Micro Devices - PNPDeviceID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&CA7EFD&0&0001
      ASUS Xonar Essence STX Audio Device - Status: OK - Manufacturer: ASUSTeK - PNPDeviceID: PCI\VEN_13F6&DEV_8788&SUBSYS_835C1043&REV_00\5&1223E646&0&20000A ---------- | Video AMD Radeon (TM) R9 200 Series - Resolution: 2560x1440 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: aticfx64.dll,aticfx64.dll,aticfx64.dll,amdxc64,aticfx32,aticfx32,aticfx32,amdxc32,atiumd64,atidxx64.dll,atidxx64.dll,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a.cap,atitmm64 - PNPDeviceID: PCI\VEN_1002&DEV_6811&SUBSYS_048D1043&REV_00\4&1286464&0&0008 - AdapterCompatibility: Advanced Micro Devices, Inc. - RAM: -2147483648
      Inegrated Video Chipset DeviceName: AMD Radeon (TM) R9 200 Series - DriverVersion: 8.14.1.6525 - SpecificationVersion: 1025 ---------- | Codecs c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25352 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 17920 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\lvcod64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 175392 -  Manufacturer: Logitech Inc. - Status: OK
      c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 87040 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
      c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 35696 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 34640 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 27648 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16896 -  Manufacturer: Microsoft Corporation - Status: OK
      c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 42936 -  Manufacturer: Microsoft Corporation - Status: OK ---------- | CPU CPU #1 value:16 %
      CPU #2 value:16 %
      CPU #3 value:34 %
      CPU #4 value:0 %
      CPU #5 value:10 %
      CPU #6 value:4 %
      CPU #7 value:0 %
      CPU #8 value:0 %
      Total Overall CPU Usage value:9 % ---------- | Network Intel[R] Ethernet Connection I217-V : SENT:0 bytes/sec / RECVD:0 bytes/sec
      isatap.{7173E2D8-F7F2-4250-B930-9C99644FECC5} : SENT:0 bytes/sec / RECVD:0 bytes/sec
      Teredo Tunneling Pseudo-Interface : SENT:0 bytes/sec / RECVD:0 bytes/sec Overall -> SEND Maxium:9 bytes/sec,  /  RECEIVE Maximum:0 bytes/sec Microsoft Kernel Debug Network Adapter - - Microsoft - Status: - PnPID : ROOT\KDNIC\0000
      Intel(R) Ethernet Connection I217-V - Ethernet 802.3 - Intel Corporation - Status: - PnPID : PCI\VEN_8086&DEV_153B&SUBSYS_E0001458&REV_00\3&11583659&0&C8
      Microsoft ISATAP Adapter - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\ISATAP_0
      Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status: - PnPID : SWD\IP_TUNNEL_VBUS\TEREDO_TUNNEL_DEVICE ---------- | Memory RAM = Total (MB) : 16687 | Free (MB) : 13555
      Pagefile = Total (MB) : 17735 | Free (MB) : 14253
      Virtual = Total (MB) : 4194 | Free (MB) : 3966 Physical Memory 1 : Capacity: 8589934592 - ChannelA-DIMM1 - Posit.: - Manufacturer: Kingston - PartNumber: 9905471-079.A00LF - S/N: 6936420D
      Physical Memory 3 : Capacity: 8589934592 - ChannelB-DIMM1 - Posit.: 1 - Manufacturer: Kingston - PartNumber: 9905471-079.A00LF - S/N: 6A367A0D ---------- | SID Users Administrator : [S-1-5-21-3754235531-495330377-4189813319-500]
      DefaultAccount : [S-1-5-21-3754235531-495330377-4189813319-503]
      Guest : [S-1-5-21-3754235531-495330377-4189813319-501]
      John : [S-1-5-21-3754235531-495330377-4189813319-1001]
      Access Control Assistance Operators : [S-1-5-32-579]
      Administrators : [S-1-5-32-544]
      Backup Operators : [S-1-5-32-551]
      Cryptographic Operators : [S-1-5-32-569]
      Distributed COM Users : [S-1-5-32-562]
      Event Log Readers : [S-1-5-32-573]
      Guests : [S-1-5-32-546]
      Hyper-V Administrators : [S-1-5-32-578]
      IIS_IUSRS : [S-1-5-32-568]
      Network Configuration Operators : [S-1-5-32-556]
      Performance Log Users : [S-1-5-32-559]
      Performance Monitor Users : [S-1-5-32-558]
      Power Users : [S-1-5-32-547]
      Remote Desktop Users : [S-1-5-32-555]
      Remote Management Users : [S-1-5-32-580]
      Replicator : [S-1-5-32-552]
      System Managed Accounts Group : [S-1-5-32-581]
      Users : [S-1-5-32-545] ---------- | SystemAccounts Name: Everyone - SID: S-1-1-0 - SIDType: 5 - Status: OK
      Name: LOCAL - SID: S-1-2-0 - SIDType: 5 - Status: OK
      Name: CREATOR OWNER - SID: S-1-3-0 - SIDType: 5 - Status: OK
      Name: CREATOR GROUP - SID: S-1-3-1 - SIDType: 5 - Status: OK
      Name: CREATOR OWNER SERVER - SID: S-1-3-2 - SIDType: 5 - Status: OK
      Name: CREATOR GROUP SERVER - SID: S-1-3-3 - SIDType: 5 - Status: OK
      Name: OWNER RIGHTS - SID: S-1-3-4 - SIDType: 5 - Status: OK
      Name: DIALUP - SID: S-1-5-1 - SIDType: 5 - Status: OK
      Name: NETWORK - SID: S-1-5-2 - SIDType: 5 - Status: OK
      Name: BATCH - SID: S-1-5-3 - SIDType: 5 - Status: OK
      Name: INTERACTIVE - SID: S-1-5-4 - SIDType: 5 - Status: OK
      Name: SERVICE - SID: S-1-5-6 - SIDType: 5 - Status: OK
      Name: ANONYMOUS LOGON - SID: S-1-5-7 - SIDType: 5 - Status: OK
      Name: PROXY - SID: S-1-5-8 - SIDType: 5 - Status: OK
      Name: SYSTEM - SID: S-1-5-18 - SIDType: 5 - Status: OK
      Name: ENTERPRISE DOMAIN CONTROLLERS - SID: S-1-5-9 - SIDType: 5 - Status: OK
      Name: SELF - SID: S-1-5-10 - SIDType: 5 - Status: OK
      Name: Authenticated Users - SID: S-1-5-11 - SIDType: 5 - Status: OK
      Name: RESTRICTED - SID: S-1-5-12 - SIDType: 5 - Status: OK
      Name: TERMINAL SERVER USER - SID: S-1-5-13 - SIDType: 5 - Status: OK
      Name: REMOTE INTERACTIVE LOGON - SID: S-1-5-14 - SIDType: 5 - Status: OK
      Name: IUSR - SID: S-1-5-17 - SIDType: 5 - Status: OK
      Name: LOCAL SERVICE - SID: S-1-5-19 - SIDType: 5 - Status: OK
      Name: NETWORK SERVICE - SID: S-1-5-20 - SIDType: 5 - Status: OK
      Name: BUILTIN - SID: S-1-5-32 - SIDType: 3 - Status: OK ---------- | Drives C:\ -> [Fixed] | [] | Total : 465.21 Go | Free : 334.18 Go -> NTFS (SSD) [SATA]
      D:\ -> [Fixed] | [D Drive] | Total : 1863.01 Go | Free : 1194.18 Go -> NTFS [SATA] Disk Usage Information [2 total Physical Disks] Physical Drive #0 [C:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec
      Physical Drive #1 [D:] : Read:0 bytes/sec, Written:0 bytes/sec Max Read:0 bytes/sec, Max Write:0 bytes/sec Overall - Read Maximum:0 bytes/sec, Write Maximum:0 bytes/sec DeviceID: \\.\PHYSICALDRIVE1 - Status: OK - IDE - Fixed hard disk media - 4 Part. - PnPID : SCSI\DISK&VEN_TOSHIBA&PROD_DT01ACA200\4&2A148996&0&010000
      DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : SCSI\DISK&VEN_SAMSUNG&PROD_SSD_840_EVO_500G\4&2A148996&0&000000 ---------- | Windows updates No detected update !!! Windows Is Activated ---------- | Browsers IE : 11.0.14393.0     (© Microsoft Corporation.) Default : "C:\Program Files\Cyberfox\Cyberfox.exe" -osint -url "%1" ---------- | FlashPlayer FlashPlayer ActiveX : 22.0.0.209
      FlashPlayer Plugin : 24.0.0.194 ---------- | Security AV : Avast Antivirus Enabled
      AS : Avast Antivirus Enabled
      FW : WINDOWS Firewall
      WMI : OK
      WU: Windows Update Service [Disabled(4)] = stopped
      AS: Windows Defender [Manual(3)] = stopped
      WMI: Windows Management Instrumentation [Auto(2)] = Running   ---------- | Running processes 624 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (10.0.14393.0) = C:\Windows\System32\smss.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      860 | [Owner :  | Parent : 720() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (10.0.14393.0) = C:\Windows\System32\wininit.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      936 | [Owner :  | Parent : 860(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (10.0.14393.0) = C:\Windows\System32\services.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      944 | [Owner :  | Parent : 860(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (10.0.14393.187) = C:\Windows\System32\lsass.exe     [11/11/2016 11:05:00]    CPU Usage:0 %
      352 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      684 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      872 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1124 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1156 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1264 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1384 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1456 | [Owner :  | Parent : 936(services.exe) | ?????] - (.AMD - AMD External Events Service Module.) - (21.19.137.1) = C:\Windows\System32\atiesrxx.exe     [26/10/2016 01:04:40]    CPU Usage:0 %
      1532 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1884 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      1960 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      2020 | [Owner :  | Parent : 936(services.exe) | ?????] - (.AVAST Software - avast! Service.) - (12.3.3154.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe     [30/08/2016 15:05:07]    CPU Usage:0 %
      2156 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe     [11/11/2016 11:04:57]    CPU Usage:0 %
      2408 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      2452 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      2472 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Cyber Power Systems, Inc. - PowerPanel Personal Edition Service.) - (1.6.1.0) = C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\ppped.exe     [22/12/2015 11:10:32]    CPU Usage:0 %
      2504 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Paramount Software UK Ltd - Macrium Reflect Utility Service.) - (6.2.1549.0) = C:\Program Files\Macrium\Reflect\ReflectService.exe     [08/09/2016 06:20:57]    CPU Usage:0 %
      2516 | [Owner :  | Parent : 936(services.exe) | ?????] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (8.0.0.0) = C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE     [17/07/2016 11:26:10]    CPU Usage:0 %
      2532 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      2812 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe     [19/11/2016 13:04:04]    CPU Usage:0 %
      3164 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      5696 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe     [11/11/2016 11:04:54]    CPU Usage:0 %
      3636 | [Owner :  | Parent : 936(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe     [16/09/2016 15:38:00]    CPU Usage:0 %
      5632 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Malwarebytes - Malwarebytes Service.) - (3.1.0.388) = C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe     [18/12/2016 10:09:51]    CPU Usage:0 %
      6332 | [Owner :  | Parent : 1884(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (10.0.14393.0) = C:\Windows\System32\audiodg.exe     [16/07/2016 22:42:22]    CPU Usage:0 %
      7296 | [Owner :  | Parent : 2896() | ?????] - (.Microsoft Corporation - Windows Logon Application.) - (10.0.14393.351) = C:\Windows\System32\winlogon.exe     [11/11/2016 11:04:56]    CPU Usage:0 %
      4928 | [Owner :  | Parent : 1456(atiesrxx.exe) | ?????] - (.AMD - AMD External Events Client Module.) - (21.19.137.1) = C:\Windows\System32\atieclxx.exe     [26/10/2016 01:04:40]    CPU Usage:0 %
      5688 | [Owner : John | Parent : 872(svchost.exe) | 22.32 Mo] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe     [16/07/2016 22:42:09]    CPU Usage:0 %
      4212 | [Owner : John | Parent : 936(services.exe) | 19.88 Mo] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe     [16/07/2016 22:42:27]    CPU Usage:0 %
      3444 | [Owner : John | Parent : 872(svchost.exe) | 18.7 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe     [16/07/2016 22:42:36]    CPU Usage:0 %
      3924 | [Owner : John | Parent : 352(svchost.exe) | 23.77 Mo] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe     [16/07/2016 22:42:05]    CPU Usage:0 %
      4240 | [Owner : John | Parent : 7596() | 146.18 Mo] - (.Microsoft Corporation - Windows Explorer.) - (10.0.14393.447) = C:\Windows\explorer.exe     [11/11/2016 11:09:05]    CPU Usage:0 %
      6672 | [Owner : John | Parent : 4240(explorer.exe) | 11.77 Mo] - (.IvoSoft - Classic Start Menu.) - (4.3.0.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe     [30/07/2016 09:05:16]    CPU Usage:0 %
      7880 | [Owner : John | Parent : 352(svchost.exe) | 51.95 Mo] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe     [11/11/2016 11:09:06]    CPU Usage:0 %
      6224 | [Owner : John | Parent : 352(svchost.exe) | 86.14 Mo] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.447) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe     [11/11/2016 11:09:06]    CPU Usage:0 %
      5320 | [Owner : John | Parent : 4240(explorer.exe) | 30.77 Mo] - (.Advanced Micro Devices, Inc. - Radeon Settings: Host Application.) - (10.1.1.1648) = C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe     [16/09/2016 15:38:36]    CPU Usage:0 %
      4748 | [Owner : John | Parent : 5568() | 16.68 Mo] - (.CMedia - AsusAudioCenter.) - (0.3.0.68) = C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe     [15/07/2016 14:53:55]    CPU Usage:0 %
      2488 | [Owner : John | Parent : 4240(explorer.exe) | 7.56 Mo] - (.- HsMgr Application.) - (1.0.0.2) = C:\Windows\SysWOW64\HsMgr.exe     [15/07/2016 14:53:56]    CPU Usage:0 %
      6364 | [Owner : John | Parent : 4240(explorer.exe) | 8.12 Mo] - (.- HsMgr Application.) - (1.0.0.2) = C:\Windows\System\HsMgr64.exe     [15/07/2016 14:53:56]    CPU Usage:0 %
      3412 | [Owner : John | Parent : 7432() | 21.39 Mo] - (.AVAST Software - avast! Antivirus.) - (12.3.3154.23) = C:\Program Files\AVAST Software\Avast\AvastUI.exe     [20/01/2017 12:09:27]    CPU Usage:0 %
      3264 | [Owner : John | Parent : 7432() | 9.05 Mo] - (.Cyber Power Systems, Inc. - PowerPanel Personal Edition User Interaction.) - (1.6.1.0) = C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe     [22/12/2015 11:10:32]    CPU Usage:0 %
      8120 | [Owner : John | Parent : 5436() | 1.3 Mo] - (.Microsoft Corporation - Windows host process (Rundll32).) - (10.0.14393.0) = C:\Windows\System32\rundll32.exe     [16/07/2016 22:42:42]    CPU Usage:0 %
      7940 | [Owner : John | Parent : 4240(explorer.exe) | 952.64 Mo] - (.8pecxstudios - Cyberfox.) - (50.0.2.6178) = C:\Program Files\Cyberfox\Cyberfox.exe     [15/07/2016 14:17:49]    CPU Usage:7 %
      1864 | [Owner : John | Parent : 4240(explorer.exe) | 162.02 Mo] - (.Skype Technologies S.A. - Skype.) - (7.30.0.105) = C:\Program Files (x86)\Skype\Phone\Skype.exe     [15/11/2016 16:33:56]    CPU Usage:0 %
      5500 | [Owner : John | Parent : 352(svchost.exe) | 0.88 Mo] - (.-.) - (11.4.86.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c\SkypeHost.exe     [17/07/2016 01:34:50]    CPU Usage:0 %
      4972 | [Owner : John | Parent : 4240(explorer.exe) | 31.7 Mo] - (.Cologne Code Company - XYplorer.) - (17.50.0.100) = C:\portable apps\xyplorer 17.5_full_noinstall\XYplorer.exe     [31/01/2014 01:10:47]    CPU Usage:0 %
      7192 | [Owner : John | Parent : 4972(XYplorer.exe) | 14.41 Mo] - (.Microsoft Corporation - Notepad.) - (10.0.14393.0) = C:\Windows\SysWOW64\notepad.exe     [16/07/2016 22:43:04]    CPU Usage:0 %
      7532 | [Owner : John | Parent : 4240(explorer.exe) | 32.16 Mo] - (.SosVirus - QuickDiag.) - (22.1.17.4) = C:\Users\John\Desktop\quickdiag_3_23.01.17.4.exe     [24/01/2017 14:07:31]    CPU Usage:0 %
      5112 | [Owner :  | Parent : 5696(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.206) = C:\Windows\System32\SearchProtocolHost.exe     [11/11/2016 11:04:54]    CPU Usage:0 %
      2124 | [Owner : SYSTEM | Parent : 5696(SearchIndexer.exe) | 6.21 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.206) = C:\Windows\System32\SearchFilterHost.exe     [11/11/2016 11:04:54]    CPU Usage:0 %
      4004 | [Owner :  | Parent : 936(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (10.0.14393.351) = C:\Windows\System32\sppsvc.exe     [11/11/2016 11:04:56]    CPU Usage:0 % ---------- | MD5 [MD5.43BF96FCF50945BE35C22206980C9068] - [11/11/2016 11:09:05] - (.© Microsoft Corporation. - Windows Explorer.) - [4563.77 Ko] - (10.0.14393.447) : C:\WINDOWS\Explorer.exe
      [MD5.F4F684066175B77E0C3A000549D2922C] - [16/07/2016 22:42:36] - (.© Microsoft Corporation. - Windows Command Processor.) - [227.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\cmd.exe
      [MD5.77DBC745D957B4F0404ABABC10696784] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [17.72 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\csrss.exe
      [MD5.DA63852A2B0340E94D74EAF0CD444979] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - COM Surrogate.) - [20.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\dllhost.exe
      [MD5.6955067712F2F4752CA12192B08EF860] - [16/07/2016 22:42:16] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [683.48 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Kernel32.dll
      [MD5.6F8E95716C1A27FF2FE96D30B147F1C1] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Local Security Authority Process.) - [56.05 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\lsass.exe
      [MD5.7BD259FC59CF9C2AE1B979564B374CC6] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Distributed COM Services.) - [867.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rpcss.dll
      [MD5.C7645D43451C6D94D87F4D07BDE59C89] - [16/07/2016 22:42:42] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [68 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\rundll32.exe
      [MD5.133390D061D94917125DC666DA67ECD0] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Services and Controller app.) - [443.95 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\services.exe
      [MD5.36F670D89040709013F6A460176767EC] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [43.45 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\svchost.exe
      [MD5.5757459686554B784F3CCE8C3BAF6D8B] - [11/11/2016 11:04:54] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [1426.95 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\user32.dll
      [MD5.C1B1FFC800BE2F31EB2CF8CB40629C69] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Userinit Logon Application.) - [32.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\userinit.exe
      [MD5.99A19C9A74E2F9820E501DCE77F84F70] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [297.11 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Wininit.exe
      [MD5.D243745884BCBC21E91AB569A0AD514E] - [11/11/2016 11:04:56] - (.© Microsoft Corporation. - Windows Logon Application.) - [658 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Winlogon.exe
      [MD5.323AA1953ED9C01E23F740FA891FE064] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [570.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\afd.sys
      [MD5.A10F989A812B57B9695F6C305907C9C6] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [27.84 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\atapi.sys
      [MD5.65DEB05FC234BFF207379F06F0754402] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [187.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ataport.sys
      [MD5.F8FB51B9EF6372610E9B31A1D86B62FC] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdfs.sys
      [MD5.613D0137C269187FA298A157E3D14A18] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [169 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\cdrom.sys
      [MD5.0D1D392ED2597F295956D058D33BD7C3] - [11/11/2016 11:04:59] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [141.5 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\dfsc.sys
      [MD5.10E3515FE5DBA6656FA62C29342EC4A1] - [16/07/2016 22:41:52] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [81.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\hdaudbus.sys
      [MD5.B54B30992620C97230013A74461C8517] - [16/07/2016 22:41:54] - (.© Microsoft Corporation. - i8042 Port Driver.) - [111.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\i8042prt.sys
      [MD5.F1DAECC3B3D6399875D4F10529D6A77C] - [16/07/2016 22:42:39] - (.© Microsoft Corporation. - IP Network Address Translator.) - [207.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\ipnat.sys
      [MD5.E671EDAB0726E05ECEF4058B4CD73C4D] - [11/11/2016 11:04:59] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [439.84 Ko] - (10.0.14393.187) : C:\WINDOWS\System32\Drivers\mrxsmb.sys
      [MD5.D5564FC81350458ED570528C4E3B1CCF] - [11/11/2016 11:05:00] - (.© Microsoft Corporation. - Network Driver Interface Specification (NDIS).) - [1153.84 Ko] - (10.0.14393.321) : C:\WINDOWS\System32\Drivers\ndis.sys
      [MD5.6FEBB0A847FFD5F057B9AC8889F1B9A7] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - MBT Transport driver.) - [272.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\netbt.sys
      [MD5.DB69C6DA8B3DDFDC547D455CA23A8250] - [11/11/2016 11:09:06] - (.© Microsoft Corporation. - NT File System Driver.) - [2202.84 Ko] - (10.0.14393.447) : C:\WINDOWS\System32\Drivers\ntfs.sys
      [MD5.6B81BF7853D161DB8AC62CD8B9C2DE6B] - [16/07/2016 22:41:53] - (.© Microsoft Corporation. - Parallel Port Driver.) - [94.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\parport.sys
      [MD5.17E565710172ED71B8531D8822E1C5D1] - [16/07/2016 22:42:39] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [102.5 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rasl2tp.sys
      [MD5.7135785C21CA79D270D11037C43D3F19] - [16/07/2016 22:44:03] - (.© Microsoft Corporation. - Microsoft RDP Device redirector.) - [173 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\rdpdr.sys
      [MD5.4F25E481124059CC593B4C68BC485640] - [11/11/2016 11:05:02] - (.© Microsoft Corporation. - TCP/IP Driver.) - [2478.34 Ko] - (10.0.14393.351) : C:\WINDOWS\System32\Drivers\tcpip.sys
      [MD5.9D2DD64A0B51C56285512DC9454340F6] - [16/07/2016 22:42:27] - (.© Microsoft Corporation. - TDI Translation Driver.) - [115.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\tdx.sys
      [MD5.BF2546583BB75F01DDA60A7921DFB230] - [16/07/2016 22:42:35] - (.© Microsoft Corporation. - Volume Shadow Copy driver.) - [382.34 Ko] - (10.0.14393.0) : C:\WINDOWS\System32\Drivers\volsnap.sys ---------- | Locked Applications
      ---------- | Explorer.exe component call (Microsoft Files Whitelisted) (..-..) - (0.0.0.0) -- C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
      (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll
      (.Advanced Micro Devices, Inc. .-.aticfx64.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\aticfx64.dll
      (.Advanced Micro Devices, Inc. .-.atiuxpag.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atiuxp64.dll
      (.Advanced Micro Devices, Inc. .-.atidxx64.dll.) - (21.19.137.1) -- C:\WINDOWS\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atidxx64.dll
      (.IvoSoft.-.Classic Start Menu.) - (4.3.0.0) -- C:\Program Files\Classic Shell\ClassicStartMenuDLL.dll
      (.Stardock.-.Stardock Fences Shell Extension.) - (3.0.3.0) -- C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
      (..-..) - (0.0.0.0) -- :\program files (x86)\stardock\fences\DesktopDock64.dll
      (..-..) - (0.0.0.0) -- :\program files (x86)\stardock\fences\SdAppServices_x64.dll
      (..-..) - (1.2.502.0) -- C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
      (.AVAST Software.-.avast! Shell Extension.) - (12.3.3154.0) -- C:\Program Files\AVAST Software\Avast\ashShA64.dll
      (.Malwarebytes.-.Malwarebytes.) - (3.0.0.16) -- C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll
      (.Foxit Software Inc..-.ConvertToPDFShellExtension.) - (7.3.0.1225) -- C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll
      (.Igor Pavlov.-.7-Zip Shell Extension.) - (15.14.0.0) -- C:\portable apps\7-ZipPortable 15\App\7-Zip64\7-zip.dll
      (..-..) - (1.0.0.0) -- C:\Program Files (x86)\Zemana AntiMalware\ZAMShellExt64.dll
      (.IvoSoft.-.Start Menu Helper Extension.) - (4.3.0.0) -- C:\WINDOWS\System32\StartMenuHelper64.dll
      (.Advanced Micro Devices, Inc..-.AMD Radeon Settings: Desktop Control Panel.) - (10.1.1.1605) -- C:\Program Files\AMD\CNext\CNext\atiamenu.dll
      (.9-lab LLC.-.9-lab Malware Removal Tool.) - (1.0.0.39) -- C:\PROGRA~1\9-lab\REMOVA~1\shellext.dll ---------- | Svchost.exe component call (Microsoft Files Whitelisted) (.SQLite Development Team.-.SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine..) - (3.12.2.0) -- C:\WINDOWS\System32\winsqlite3.dll ---------- | ZeroAccess Check [HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
      [HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
      [HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
      [HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
      [HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
      [HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
      [HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\windows.storage.dll
      [HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
      [HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll ---------- | Startings up EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3640 Series" [HKU\S-1-5-18\SOFTWARE\...\Run]) - User: NT AUTHORITY\SYSTEM
      OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-19\SOFTWARE\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
      OneDriveSetup - (C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup [HKU\S-1-5-20\SOFTWARE\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
      Fences - ("C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\...\Run]) - User: OFFICE6410\John
      EPLTarget\P0000000000000000 - (C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIKDE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3640 Series" [HKU\.DEFAULT\SOFTWARE\...\Run]) - User: .DEFAULT
      StartCN - ("C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon [HKLM\SOFTWARE\...\Run]) - User: Public
      Cmaudio8788 - (C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [HKLM\SOFTWARE\...\Run]) - User: Public
      Cmaudio8788GX - (C:\Windows\syswow64\HsMgr.exe Envoke [HKLM\SOFTWARE\...\Run]) - User: Public
      Cmaudio8788GX64 - (C:\Windows\system\HsMgr64.exe Envoke [HKLM\SOFTWARE\...\Run]) - User: Public
      Fences - ("C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup [HKLM\SOFTWARE\...\Run]) - User: Public
      Classic Start Menu - ("C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun [HKLM\SOFTWARE\...\Run]) - User: Public
      ZAM - ("C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized [HKLM\SOFTWARE\...\Run]) - User: Public [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Command Processor]
      "CompletionChar"=9   
      "DefaultColor"=0   
      "EnableExtensions"=1   
      "PathCompletionChar"=9    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Run]
      "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
      "EPLTarget\P0000000000000001"=0x03000000E6F397C2831BD201   
      "Fences"=0x020000000000000000000000    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
      "a"=gpedit.msc\1   
      "MRUList"=adcb   
      "b"=cmd\1   
      "c"=thunderbird.exe -p\1   
      "d"=winver\1    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
      "!Do not use this registry key"=Use the SHGetFolderPath or SHGetKnownFolderPath function instead   
      "AppData"=C:\Users\John\AppData\Roaming   [10/11/2016 16:12:49]
      "Local AppData"=C:\Users\John\AppData\Local   [10/11/2016 16:12:49]
      "{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE}"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Libraries   [15/07/2016 14:02:39]
      "My Video"=C:\Users\John\Videos   [15/07/2016 14:02:32]
      "My Pictures"=C:\Users\John\Pictures   [15/07/2016 14:02:32]
      "Desktop"=C:\Users\John\Desktop   [15/07/2016 14:02:32]
      "History"=C:\Users\John\AppData\Local\Microsoft\Windows\History   [15/07/2016 14:02:32]
      "NetHood"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Network Shortcuts   [10/11/2016 16:12:49]
      "{56784854-C6CB-462B-8169-88E350ACB882}"=C:\Users\John\Contacts   [15/07/2016 14:02:39]
      "{00BCFC5A-ED94-4E48-96A1-3F6217F21990}"=C:\Users\John\AppData\Local\Microsoft\Windows\RoamingTiles   [15/07/2016 14:02:39]
      "Cookies"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCookies   [15/07/2016 14:02:32]
      "Favorites"=C:\Users\John\Favorites   [15/07/2016 14:02:32]
      "SendTo"=C:\Users\John\AppData\Roaming\Microsoft\Windows\SendTo   [10/11/2016 16:12:49]
      "Start Menu"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu   [10/11/2016 16:12:49]
      "My Music"=C:\Users\John\Music   [15/07/2016 14:02:32]
      "Programs"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   [10/11/2016 16:12:49]
      "Recent"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Recent   [15/07/2016 14:02:32]
      "CD Burning"=C:\Users\John\AppData\Local\Microsoft\Windows\Burn\Burn   [10/11/2016 16:17:58]
      "PrintHood"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   [10/11/2016 16:12:49]
      "{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA}"=C:\Users\John\Searches   [15/07/2016 14:02:39]
      "{374DE290-123F-4565-9164-39C4925E467B}"=C:\Users\John\Downloads   [15/07/2016 14:02:32]
      "{A520A1A4-1780-4FF6-BD18-167343C5AF16}"=C:\Users\John\AppData\LocalLow   [15/07/2016 14:02:32]
      "Startup"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   [15/07/2016 14:02:39]
      "Administrative Tools"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [15/07/2016 14:02:39]
      "Personal"=C:\Users\John\Documents   [15/07/2016 14:02:32]
      "{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968}"=C:\Users\John\Links   [15/07/2016 14:02:32]
      "Cache"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCache   [10/11/2016 16:12:49]
      "Templates"=C:\Users\John\AppData\Roaming\Microsoft\Windows\Templates   [10/11/2016 16:12:49]
      "{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4}"=C:\Users\John\Saved Games   [15/07/2016 14:02:32]
      "Fonts"=C:\WINDOWS\Fonts   [16/07/2016 22:47:48] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
      "AppData"=%USERPROFILE%\AppData\Roaming   
      "Desktop"=%USERPROFILE%\Desktop   
      "Favorites"=%USERPROFILE%\Favorites   
      "History"=%USERPROFILE%\AppData\Local\Microsoft\Windows\History   
      "Local AppData"=%USERPROFILE%\AppData\Local   
      "My Music"=%USERPROFILE%\Music   
      "My Pictures"=%USERPROFILE%\Pictures   
      "My Video"=%USERPROFILE%\Videos   
      "NetHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts   
      "Personal"=%USERPROFILE%\Documents   
      "PrintHood"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts   
      "Programs"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs   
      "Recent"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent   
      "SendTo"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo   
      "Start Menu"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu   
      "Startup"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup   
      "Templates"=%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates   
      "{374DE290-123F-4565-9164-39C4925E467B}"=%USERPROFILE%\Downloads   
      "Cache"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCache   [10/11/2016 16:12:49]
      "Cookies"=C:\Users\John\AppData\Local\Microsoft\Windows\INetCookies   [15/07/2016 14:02:32] [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      "Device"=HP Officejet 7400 series,winspool,Ne02:   
      "IsMRUEstablished"=1   
      "LegacyDefaultPrinterMode"=1    [HKLM\Software\Microsoft\Command Processor]
      "CompletionChar"=64   
      "DefaultColor"=0   
      "EnableExtensions"=1   
      "PathCompletionChar"=64    [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
      "StartCN"="C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe" atlogon   
      "Cmaudio8788"=C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd   
      "Cmaudio8788GX"=C:\Windows\syswow64\HsMgr.exe Envoke   
      "Cmaudio8788GX64"=C:\Windows\system\HsMgr64.exe Envoke   
      "Fences"="C:\Program Files (x86)\Stardock\Fences\Fences.exe" /startup   
      "Classic Start Menu"="C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun   
      "ZAM"="C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /minimized    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run]
      "Fences"=0x020000000000000000000000   
      "Cmaudio8788GX64"=0x020000000000000000000000   
      "Cmaudio8788GX"=0x020000000000000000000000   
      "Logitech Download Assistant"=0x030000001F02D3221DDFD101   
      "StartCN"=0x020000000000000000000000   
      "Cmaudio8788"=0x020000000000000000000000   
      "Classic Start Menu"=0x020000000000000000000000    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32]
      "AvastUI.exe"=0x020000000000000000000000   
      "PowerPanel Personal Edition User Interaction"=0x020000000000000000000000    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
      "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [16/07/2016 22:47:48]
      "Common AppData"=C:\ProgramData   [16/07/2016 22:47:48]
      "Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 18:24:24]
      "Common Documents"=C:\Users\Public\Documents   [30/10/2015 18:24:24]
      "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [16/07/2016 22:47:48]
      "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [16/07/2016 22:47:48]
      "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [16/07/2016 22:47:48]
      "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 18:24:24]
      "CommonMusic"=C:\Users\Public\Music   [30/10/2015 18:24:24]
      "CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 18:24:24]
      "CommonVideo"=C:\Users\Public\Videos   [30/10/2015 18:24:24]
      "OEM Links"=C:\ProgramData\OEM\Links    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
      "Common AppData"=%ProgramData%   
      "Common Desktop"=%PUBLIC%\Desktop   
      "Common Documents"=%PUBLIC%\Documents   
      "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
      "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
      "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
      "Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
      "CommonMusic"=%PUBLIC%\Music   
      "CommonPictures"=%PUBLIC%\Pictures   
      "CommonVideo"=%PUBLIC%\Videos   
      "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
      "{1984DD45-52CF-49cd-AB77-18F378FEA264}"=FencesShellExt    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
      ""=mnmsrvc   
      "AppInit_DLLs"=   
      "DdeSendTimeout"=0   
      "DesktopHeapLogging"=1   
      "DeviceNotSelectedTimeout"=15   
      "DwmInputUsesIoCompletionPort"=1   
      "EnableDwmInputProcessing"=7   
      "GDIProcessHandleQuota"=10000   
      "IconServiceLib"=IconCodecService.dll   
      "LoadAppInit_DLLs"=0   
      "NaturalInputHandler"=Ninput.dll   
      "ShutdownWarningDialogTimeout"=4294967295   
      "Spooler"=yes   
      "ThreadUnresponsiveLogTimeout"=500   
      "TransmissionRetryTimeout"=90   
      "USERNestedWindowLimit"=50   
      "USERPostMessageLimit"=10000   
      "USERProcessHandleQuota"=10000   
      "Win32kLastWriteTime"=1D23BAFCFEB96DF    [HKLM\Software\WOW6432Node\Microsoft\Command Processor]
      "CompletionChar"=64   
      "DefaultColor"=0   
      "EnableExtensions"=1   
      "PathCompletionChar"=64    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
      "AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui   
      "PowerPanel Personal Edition User Interaction"=C:\Program Files (x86)\CyberPower PowerPanel Personal Edition\pppeuser.exe   [22/12/2015 11:10:32] [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
      "Common Administrative Tools"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools   [16/07/2016 22:47:48]
      "Common AppData"=C:\ProgramData   [16/07/2016 22:47:48]
      "Common Desktop"=C:\Users\Public\Desktop   [30/10/2015 18:24:24]
      "Common Documents"=C:\Users\Public\Documents   [30/10/2015 18:24:24]
      "Common Programs"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs   [16/07/2016 22:47:48]
      "Common Start Menu"=C:\ProgramData\Microsoft\Windows\Start Menu   [16/07/2016 22:47:48]
      "Common Startup"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup   [16/07/2016 22:47:48]
      "Common Templates"=C:\ProgramData\Microsoft\Windows\Templates   [30/10/2015 18:24:24]
      "CommonMusic"=C:\Users\Public\Music   [30/10/2015 18:24:24]
      "CommonPictures"=C:\Users\Public\Pictures   [30/10/2015 18:24:24]
      "CommonVideo"=C:\Users\Public\Videos   [30/10/2015 18:24:24]
      "OEM Links"=C:\ProgramData\OEM\Links    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
      "Common AppData"=%ProgramData%   
      "Common Desktop"=%PUBLIC%\Desktop   
      "Common Documents"=%PUBLIC%\Documents   
      "Common Programs"=%ProgramData%\Microsoft\Windows\Start Menu\Programs   
      "Common Start Menu"=%ProgramData%\Microsoft\Windows\Start Menu   
      "Common Startup"=%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup   
      "Common Templates"=%ProgramData%\Microsoft\Windows\Templates   
      "CommonMusic"=%PUBLIC%\Music   
      "CommonPictures"=%PUBLIC%\Pictures   
      "CommonVideo"=%PUBLIC%\Videos   
      "{3D644C9B-1FB8-4f30-9B45-F670235F79C0}"=%PUBLIC%\Downloads    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
      ""=mnmsrvc   
      "AppInit_DLLs"=   
      "DdeSendTimeout"=0   
      "DesktopHeapLogging"=1   
      "DeviceNotSelectedTimeout"=15   
      "DwmInputUsesIoCompletionPort"=1   
      "EnableDwmInputProcessing"=7   
      "GDIProcessHandleQuota"=10000   
      "IconServiceLib"=IconCodecService.dll   
      "LoadAppInit_DLLs"=0   
      "NaturalInputHandler"=Ninput.dll   
      "ShutdownWarningDialogTimeout"=4294967295   
      "Spooler"=yes   
      "ThreadUnresponsiveLogTimeout"=500   
      "TransmissionRetryTimeout"=90   
      "USERNestedWindowLimit"=50   
      "USERPostMessageLimit"=10000   
      "USERProcessHandleQuota"=10000    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
      "WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED}   
      ---------- | Win.ini :   ---------- | System.ini :   ---------- | Startings up registry ¦ Folder
      ---------- | Other keys
      [HKLM\System\CurrentControlSet\Control\SecurityProviders]
      "SecurityProviders"=credssp.dll    [HKLM\System\CurrentControlSet\Control\Terminal Server]
      "AllowRemoteRPC"=0   
      "DelayConMgrTimeout"=0   
      "DeleteTempDirsOnExit"=1   
      "fDenyTSConnections"=1   
      "fSingleSessionPerUser"=1   
      "NotificationTimeOut"=0   
      "PerSessionTempDir"=0   
      "ProductVersion"=5.1   
      "RCDependentServices"=CertPropSvc
      SessionEnv   
      "SnapshotMonitors"=1   
      "StartRCM"=0   
      "TSUserEnabled"=0   
      "RailShowallNotifyIcons"=1   
      "RDPVGCInstalled"=1   
      "InstanceID"=e59d56ce-8012-4f46-a45b-60f03d2   
      "GlassSessionId"=4    [HKLM\System\CurrentControlSet\Control\Session Manager]
      "AutoChkTimeout"=8   
      "BootExecute"=autocheck autochk *   
      "BootShell"=%SystemRoot%\system32\bootim.exe   
      "CriticalSectionTimeout"=2592000   
      "ExcludeFromKnownDlls"=   
      "GlobalFlag"=0   
      "HeapDeCommitFreeBlockThreshold"=0   
      "HeapDeCommitTotalFreeThreshold"=0   
      "HeapSegmentCommit"=0   
      "HeapSegmentReserve"=0   
      "InitConsoleFlags"=0   
      "NumberOfInitialSessions"=2   
      "ObjectDirectories"=\Windows
      \RPC Control   
      "ProcessorControl"=2   
      "ProtectionMode"=1   
      "ResourceTimeoutCount"=648000   
      "RunLevelExecute"=WinInit
      ServiceControlManager   
      "RunLevelValidate"=ServiceControlManager   
      "SETUPEXECUTE"=   
      "PendingFileRenameOperations"=\??\C:\Users\John\AppData\Local\Temp\~nsu.tmp\Au_.exe \??\C:\Users\John\AppData\Local\Temp\~nsu.tmp \??\C:\Program Files\9-lab\Removal Tool\core.dll \??\C:\Program Files\9-lab\Removal Tool\shellext.dll \??\C:\Program Files\9-lab \??\C:\Program Files\9-lab\Removal Tool
          [HKLM\System\CurrentControlSet\Control]
      "BootDriverFlags"=28   
      "CurrentUser"=USERNAME   
      "EarlyStartServices"=RpcSs
      Power
      BrokerInfrastructure
      SystemEventsBroker
      DcomLaunch
      RpcEpMapper
      LSM
      AppIdSvc   
      "PreshutdownOrder"=UsoSvc
      gpsvc
      trustedinstaller   
      "WaitToKillServiceTimeout"=200   
      "SystemStartOptions"= NOEXECUTE=OPTIN   
      "SystemBootDevice"=multi(0)disk(0)rdisk(1)partition(4)   
      "FirmwareBootDevice"=multi(0)disk(0)rdisk(1)partition(2)   
      "LastBootSucceeded"=1   
      "LastBootShutdown"=1   
      "DirtyShutdownCount"=2    [HKLM\System\CurrentControlSet\Control\lsa]
      "auditbasedirectories"=0   
      "auditbaseobjects"=0   
      "Bounds"=0x0030000000200000   
      "crashonauditfail"=0   
      "LimitBlankPasswordUse"=1   
      "NoLmHash"=1   
      "Security Packages"=""   [15/07/2016 14:02:32]
      "Notification Packages"=scecli   
      "Authentication Packages"=msv1_0   
      "disabledomaincreds"=0   
      "everyoneincludesanonymous"=0   
      "forceguest"=0   
      "fullprivilegeauditing"=0x80   
      "LsaPid"=944   
      "ProductType"=6   
      "restrictanonymous"=0   
      "restrictanonymoussam"=1   
      "SecureBoot"=1   
      ---------- | .LNK
      ---------- | AppCertDlls
      ---------- | Dnsapi.dll C:\WINDOWS\System32\dnsapi.dll -> OK : \drivers\etc\hosts
      C:\WINDOWS\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts ---------- | Policies | Registry [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Control Panel\Desktop]
      "ActiveWndTrackTimeout"=0   
      "BlockSendInputResets"=0   
      "CaretWidth"=1   
      "ClickLockTime"=1200   
      "CoolSwitchColumns"=7   
      "CoolSwitchRows"=3   
      "CursorBlinkRate"=530   
      "DockMoving"=1   
      "DragFromMaximize"=1   
      "DragFullWindows"=1   
      "DragHeight"=4   
      "DragWidth"=4   
      "FocusBorderHeight"=1   
      "FocusBorderWidth"=1   
      "FontSmoothing"=2   
      "FontSmoothingGamma"=0   
      "FontSmoothingOrientation"=1   
      "FontSmoothingType"=2   
      "ForegroundFlashCount"=7   
      "ForegroundLockTimeout"=200000   
      "LeftOverlapChars"=3   
      "MenuShowDelay"=400   
      "MouseWheelRouting"=2   
      "PaintDesktopVersion"=0   
      "Pattern"=0   
      "RightOverlapChars"=3   
      "SnapSizing"=1   
      "TileWallpaper"=0   
      "WallPaper"=C:\Windows\Web\Wallpaper\fb\394818_o.jpg   [01/08/2016 13:41:45]
      "WallpaperOriginX"=0   
      "WallpaperOriginY"=0   
      "WallpaperStyle"=10   
      "WheelScrollChars"=3   
      "WheelScrollLines"=3   
      "WindowArrangementActive"=1   
      "ScreenSaveActive"=1   
      "Win8DpiScaling"=0   
      "DpiScalingVer"=4096   
      "UserPreferencesMask"=0x9E1E078012000000   
      "MaxVirtualDesktopDimension"=2560   
      "MaxMonitorDimension"=2560   
      "TranscodedImageCount"=1   
      "LastUpdated"=4294967295   
      "TranscodedImageCache"=0x7AC30100C8B2080000080000550500001534C998E7D4D10143003A005C00570069006E0064006F00770073005C005700650062005C00570061006C006C00700061007000650072005C00660062005C003300390034003800310038005F006F002E006A0070006700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
      "Pattern Upgrade"=TRUE   
      "WaitToKillAppTimeout"=200    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
      "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
      "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer]
      "ShowDriveLettersFirst"=0   
      "ShellState"=0x2400000037A8000000000000000000000000000001000000130000000000000062000000   
      "ExplorerStartupTraceRecorded"=1   
      "UserSignedIn"=1   
      "SIDUpdatedOnLibraries"=1   
      "LocalKnownFoldersMigrated"=1   
      "TelemetrySalt"=1   
      "GlobalAssocChangedCounter"=136   
      "FirstRunTelemetryComplete"=1   
      "AppReadinessLogonComplete"=1   
      "SlowContextMenuEntries"=0x6024B221EA3A6910A2DC08002B30309D290100000114020000000000C000000000000046B60100005D54A9A2C2A0B4429708A0B2BADD77C88D000000119826C5294A1848A4BB111F9FC63A5F6D0000000000000000000000000000000000000000000000   
      "Browse For Folder Width"=434   
      "Browse For Folder Height"=480   
      "link"=0x17000000    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
      "Start_SearchFiles"=2   
      "ServerAdminUI"=0   
      "Hidden"=1   
      "ShowCompColor"=1   
      "HideFileExt"=0   
      "DontPrettyPath"=0   
      "ShowInfoTip"=1   
      "HideIcons"=0   
      "MapNetDrvBtn"=0   
      "WebView"=1   
      "Filter"=0   
      "ShowSuperHidden"=1   
      "SeparateProcess"=0   
      "AutoCheckSelect"=0   
      "IconsOnly"=0   
      "ShowTypeOverlay"=1   
      "ShowStatusBar"=1   
      "ListviewAlphaSelect"=1   
      "ListviewShadow"=1   
      "TaskbarAnimations"=1   
      "StoreAppsOnTaskbar"=1   
      "EnableStartMenu"=1   
      "StartMenuInit"=13   
      "ReindexedProfile"=1   
      "TaskbarSizeMove"=0   
      "HideDrivesWithNoMedia"=0   
      "ShowTaskViewButton"=0   
      "AlwaysShowMenus"=1   
      "SharingWizardOn"=1   
      "TaskbarStateLastRun"=0xCB64815800000000   
      "NavPaneExpandToCurrentFolder"=1    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
      "ConsentPromptBehaviorUser"=3   
      "DSCAutomationHostEnabled"=2   
      "EnableCursorSuppression"=1   
      "EnableInstallerDetection"=1   
      "EnableLUA"=1   
      "EnableSecureUIAPaths"=1   
      "EnableUIADesktopToggle"=0   
      "EnableVirtualization"=1   
      "ValidateAdminCodeSignatures"=0   
      "undockwithoutlogon"=1   
      "dontdisplaylastusername"=0   
      "legalnoticecaption"=   
      "legalnoticetext"=   
      "scforceoption"=0   
      "shutdownwithoutlogon"=1   
      "ConsentPromptBehaviorAdmin"=0   
      "PromptOnSecureDesktop"=0    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "ForceActiveDesktopOn"=0   
      "NoActiveDesktop"=1   
      "NoActiveDesktopChanges"=1   
      "NoRecentDocsHistory"=0    [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
      "NoAddingComponents"=1   
      "NoComponents"=1    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
      "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
      "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
      "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
      "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
      "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
      "{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
      "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
      "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
      "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
      "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
      "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
      "CheckedValue"=1   
      "DefaultValue"=2   
      "HKeyRoot"=2147483649   
      "Id"=2   
      "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
      "Text"=@shell32.dll,-30500   
      "Type"=radio   
      "ValueName"=Hidden    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
      "ActiveSetupDisabled"=0   
      "ActiveSetupTaskOverride"=1   
      "AsyncRunOnce"=1   
      "AsyncUpdatePCSettings"=1   
      "DisableAppInstallsOnFirstLogon"=1   
      "DisableResolveStoreCategories"=1   
      "DisableUpgradeCleanup"=1   
      "EarlyAppResolverStart"=1   
      "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
      "FSIASleepTimeInMs"=60000   
      "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
      "IconUnderline"=2   
      "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
      "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
      "MachineOobeUpdates"=1   
      "NoWaitOnRoamingPayloads"=1   
      "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
      "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
      "SmartScreenEnabled"=Off   
      "GlobalAssocChangedCounter"=21   
      "MultipleInvokePromptMinimum"=10000    [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
      "Start_TrackDocs"=1   
      "TaskbarSizeMove"=0    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
      "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
      "ConsentPromptBehaviorUser"=3   
      "DSCAutomationHostEnabled"=2   
      "EnableCursorSuppression"=1   
      "EnableInstallerDetection"=1   
      "EnableLUA"=1   
      "EnableSecureUIAPaths"=1   
      "EnableUIADesktopToggle"=0   
      "EnableVirtualization"=1   
      "ValidateAdminCodeSignatures"=0   
      "undockwithoutlogon"=1   
      "dontdisplaylastusername"=0   
      "legalnoticecaption"=   
      "legalnoticetext"=   
      "scforceoption"=0   
      "shutdownwithoutlogon"=1   
      "ConsentPromptBehaviorAdmin"=0   
      "PromptOnSecureDesktop"=0    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
      "ForceActiveDesktopOn"=0   
      "NoActiveDesktop"=1   
      "NoActiveDesktopChanges"=1   
      "NoRecentDocsHistory"=0    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
      "NoAddingComponents"=1   
      "NoComponents"=1    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
      "{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
      "{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
      "{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
      "{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
      "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
      "{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
      "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   
      "{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
      "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
      "{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
      "{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
      "CheckedValue"=1   
      "DefaultValue"=2   
      "HKeyRoot"=2147483649   
      "Id"=2   
      "RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
      "Text"=@shell32.dll,-30500   
      "Type"=radio   
      "ValueName"=Hidden    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
      "ActiveSetupDisabled"=0   
      "ActiveSetupTaskOverride"=1   
      "AsyncRunOnce"=1   
      "AsyncUpdatePCSettings"=1   
      "DisableAppInstallsOnFirstLogon"=1   
      "DisableResolveStoreCategories"=1   
      "DisableUpgradeCleanup"=1   
      "EarlyAppResolverStart"=1   
      "FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
      "FSIASleepTimeInMs"=60000   
      "GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
      "IconUnderline"=2   
      "ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
      "LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
      "MachineOobeUpdates"=1   
      "NoWaitOnRoamingPayloads"=1   
      "TaskScheduler"={0f87369f-a4e5-4cfc-bd3e-73e6154572dd}   
      "AccessDeniedDialog"={100B4FC8-74C1-470F-B1B7-DD7B6BAE79BD}   
      "GlobalAssocChangedCounter"=20    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
      "Start_TrackDocs"=1   
      "TaskbarSizeMove"=0    [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
      "Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   
      ---------- | Winlogon [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin;OneDrive;Work Folders   
      "BuildNumber"=14393   
      "FirstLogon"=0   
      "PUUActive"=0x0840B93E010002006A00DC01A04616007112170098F45A00D100000002001200751E36BE0CC45E0096201D00B7CE0E00661D0D0044B70100000000005E4E1900A85D0000AE050000B1630646EA75D201A0461600000000000100000000000000   
      "ParseAutoexec"=1    [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "AutoRestartShell"=1   
      "Background"=0 0 0   
      "CachedLogonsCount"=10   
      "DebugServerCommand"=no   
      "DefaultDomainName"=   
      "DisableBackButton"=1   
      "EnableSIHostIntegration"=1   
      "ForceUnlockLogon"=0   
      "LegalNoticeCaption"=   
      "LegalNoticeText"=   
      "PasswordExpiryWarning"=5   
      "PowerdownAfterShutdown"=0   
      "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
      "ReportBootOk"=1   
      "Shell"=explorer.exe   
      "ShellCritical"=0   
      "ShellInfrastructure"=sihost.exe   
      "SiHostCritical"=0   
      "SiHostReadyTimeOut"=0   
      "SiHostRestartCountLimit"=0   
      "SiHostRestartTimeGap"=0   
      "VMApplet"=SystemPropertiesPerformance.exe /pagefile   
      "WinStationsDisabled"=0   
      "LastLogOffEndTimePerfCounter"=1059764830136   
      "ShutdownFlags"=7   
      "Userinit"=C:\Windows\system32\userinit.exe,   
      "DisableCad"=1   
      "DisableLockWorkstation"=0   
      "scremoveoption"=0   
      "AutoAdminLogon"=0   
      "DefaultUserName"=John   
      "EnableFirstLogonAnimation"=1    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
      "DefaultDomainName"=   
      "DefaultUserName"=   
      "EnableSIHostIntegration"=1   
      "PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
      "Shell"=explorer.exe   
      "ShellCritical"=0   
      "SiHostCritical"=0   
      "SiHostReadyTimeOut"=0   
      "SiHostRestartCountLimit"=0   
      "SiHostRestartTimeGap"=0   
      ---------- | Associations [HKLM\Software\Classes\.exe]
      ""=exefile   
      "Content Type"=application/x-msdownload    [HKLM\Software\Classes\exefile\Shell\Open\Command]
      ""="%1" %*   
      "IsolatedCommand"="%1" %*    [HKLM\Software\Classes\.com]
      ""=comfile    [HKLM\Software\Classes\comfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\Classes\.reg]
      ""=regfile    [HKLM\Software\Classes\regfile\Shell\Open\Command]
      ""=regedit.exe "%1"    [HKLM\Software\Classes\.scr]
      ""=scrfile    [HKLM\Software\Classes\scrfile\Shell\Open\Command]
      ""="%1" /S    [HKLM\Software\Classes\.bat]
      ""=batfile    [HKLM\Software\Classes\batfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\Classes\.cmd]
      ""=cmdfile    [HKLM\Software\Classes\cmdfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\Classes\.pif]
      ""=piffile    [HKLM\Software\Classes\piffile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\Classes\.inf]
      ""=inffile    [HKLM\Software\Classes\inffile\Shell\Open\Command]
      ""=%SystemRoot%\system32\NOTEPAD.EXE %1    [HKLM\Software\Classes\.url]
      ""=InternetShortcut    [HKLM\Software\Classes\.lnk]
      ""=lnkfile    [HKLM\Software\Classes\.hta]
      ""=htafile   
      "Content Type"=application/hta   
      "PerceivedType"=text    [HKLM\Software\Classes\htafile\Shell\Open\Command]
      ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*    [HKLM\Software\Classes\InternetShortcut]
      "EditFlags"=2   
      "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
      "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
      "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
      "IsShortcut"=   
      "NeverShowExt"=   
      "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
      ""=Internet Shortcut    [HKLM\Software\Classes\Application.Manifest]
      ""=Application Manifest   
      "BrowserFlags"=4096   
      "EditFlags"=4259840   
      "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200    [HKLM\Software\Classes\Application.Reference]
      ""=Application Reference   
      "EditFlags"=131072   
      "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
      "IsShortcut"=   
      "NeverShowExt"=    [HKLM\Software\Classes\Folder]
      ""=Folder   
      "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
      "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
      "ContentViewModeLayoutPatternForBrowse"=delta   
      "ContentViewModeLayoutPatternForSearch"=alpha   
      "EditFlags"=0xD2030000   
      "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
      "NoRecentDocs"=   
      "ThumbnailCutoff"=0   
      "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus    [HKLM\Software\WOW6432Node\Classes\.exe]
      ""=exefile   
      "Content Type"=application/x-msdownload    [HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
      ""="%1" %*   
      "IsolatedCommand"="%1" %*    [HKLM\Software\WOW6432Node\Classes\.com]
      ""=comfile    [HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\WOW6432Node\Classes\.reg]
      ""=regfile    [HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
      ""=regedit.exe "%1"    [HKLM\Software\WOW6432Node\Classes\.scr]
      ""=scrfile    [HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
      ""="%1" /S    [HKLM\Software\WOW6432Node\Classes\.bat]
      ""=batfile    [HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\WOW6432Node\Classes\.cmd]
      ""=cmdfile    [HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\WOW6432Node\Classes\.pif]
      ""=piffile    [HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
      ""="%1" %*    [HKLM\Software\WOW6432Node\Classes\.inf]
      ""=inffile    [HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
      ""=%SystemRoot%\system32\NOTEPAD.EXE %1    [HKLM\Software\WOW6432Node\Classes\.url]
      ""=InternetShortcut    [HKLM\Software\WOW6432Node\Classes\.lnk]
      ""=lnkfile    [HKLM\Software\WOW6432Node\Classes\.hta]
      ""=htafile   
      "Content Type"=application/hta   
      "PerceivedType"=text    [HKLM\Software\WOW6432Node\Classes\htafile\Shell\Open\Command]
      ""=C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*    [HKLM\Software\WOW6432Node\Classes\InternetShortcut]
      "EditFlags"=2   
      "FriendlyTypeName"=@C:\WINDOWS\system32\ieframe.dll,-10046   
      "FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
      "InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
      "IsShortcut"=   
      "NeverShowExt"=   
      "PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   
      ""=Internet Shortcut    [HKLM\Software\WOW6432Node\Classes\Application.Manifest]
      ""=Application Manifest   
      "BrowserFlags"=4096   
      "EditFlags"=4259840   
      "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-200    [HKLM\Software\WOW6432Node\Classes\Application.Reference]
      ""=Application Reference   
      "EditFlags"=131072   
      "FriendlyTypeName"=@C:\Windows\System32\dfshim.dll,-201   
      "IsShortcut"=   
      "NeverShowExt"=    [HKLM\Software\WOW6432Node\Classes\Folder]
      ""=Folder   
      "ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
      "ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
      "ContentViewModeLayoutPatternForBrowse"=delta   
      "ContentViewModeLayoutPatternForSearch"=alpha   
      "EditFlags"=0xD2030000   
      "FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size;System.HomeGroupSharingStatus   
      "NoRecentDocs"=   
      "ThumbnailCutoff"=0   
      "TileInfo"=prop:System.Title;System.HomeGroupSharingStatus    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command]
      ""="C:\Program Files\Cyberfox\Cyberfox.exe"   
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo]
      "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command]
      ""="C:\Program Files\Cyberfox\Cyberfox.exe"   
      [HKLM\Software\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo]
      "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
      ""=C:\Program Files\Internet Explorer\iexplore.exe   [16/07/2016 22:43:06]
      [HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
      "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\CYBERFOX.EXE\Shell\open\Command]
      ""="C:\Program Files\Cyberfox\Cyberfox.exe"   
      [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\CYBERFOX.EXE\InstallInfo]
      "ReinstallCommand"="C:\Program Files\Cyberfox\uninstall\helper.exe" /SetAsDefaultAppGlobal [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
      ""=C:\Program Files\Internet Explorer\iexplore.exe   [16/07/2016 22:43:06]
      [HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
      "ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall
      ---------- | AppcompatFlags [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
      "C:\Windows\SysWow64\cmicnfgp.dll"=16
      "C:\Users\John\AppData\Roaming\Foxit Software\Addon\Foxit PhantomPDF\FoxitPhantomPDFUpdater.exe"=1
      "C:\Windows\system32\Cmicnfgp.cpl"=16
      "C:\Windows\System32\cmicnfgp.dll"=16 [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store]
      "C:\Users\John\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"=0x5341435001000000000000000700000028000000C8F0890013408A0001000000000000000000000A0021000019B4C529E312D1010000000100000000
      "C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000019B4C529E312D1010000000100000000
      "C:\Program Files\AMD\CNext\CNext\cnext.exe"=0x5341435001000000000000000700000028000000C8424A0013654A0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000002F000000000000000300000003000000
      "C:\Program Files\Hekasoft Backup & Restore\hbr.exe"=0x5341435001000000000000000700000028000000008A0F0000000000010000000000000000000306F502000059193B14E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000077EE2400000000000800000008000000
      "C:\portable apps\xyplorer16.9\XYplorer.exe"=0x5341435001000000000000000700000028000000A0F16A008BC26B0001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000077598E00000000002B0000002B000000
      "C:\Program Files\AVAST Software\Avast\VisthAux.exe"=0x534143500100000000000000070000002800000098DA04004FFC040001000000000000000000000A0021000019B4C529E312D101000000000000000002000000280000000000000000000040000000000000000000000000000000006E000000000000000100000001000000
      "C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\Activation.exe"=0x5341435001000000000000000700000028000000C0327F00D17E7F0001000000000000000000000A0021000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000010000000000000000100000001000000
      "C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe"=0x5341435001000000000000000700000028000000C0721B03E8EC1B030100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000040000000000000000000000000000001B3A4F00000000003600000036000000
      "C:\Program Files\Microsoft Office\Office14\OIS.EXE"=0x534143500100000000000000070000002800000048960400114905000100000000000000000002067322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000096160000000000000100000001000000
      "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\burningstudio16.exe"=0x534143500100000000000000070000002800000070254F01772F4F0101000000000000000000000A7122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000010A94C00000000000600000006000000
      "C:\portable apps\CathyPortable\CathyPortable.exe"=0x5341435001000000000000000700000028000000FA450200000000000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C7E72600000000000E0000000E000000
      "C:\portable apps\Pazera 2.1\AudioExtractor.exe"=0x5341435001000000000000000700000028000000E8331600B9FF16000100000000000000000003067120000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000B6250700000000000400000004000000
      "C:\portable apps\Beyond Compare Pro.v4.1.5.Portablex64\BCompare.exe"=0x534143500100000000000000070000002800000010A14B02471B4C0201000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E8C80100000000000700000007000000
      "C:\portable apps\CCleaner.Pro.Plus.v5.16.Portable.FR.7z\CCleaner64.exe"=0x5341435001000000000000000700000028000000D88A84004DE4840001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000CE7C0400000000000D0000000D000000
      "C:\portable apps\Everything-1.3.4.686.x64\Everything.exe"=0x5341435001000000000000000700000028000000000016001741160001000000000000000000030673020000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000BD612D00000000000C0000000C000000
      "C:\portable apps\netscan\64-bit\netscan.exe"=0x5341435001000000000000000700000028000000181219002CB5190001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B8E80700000000000600000006000000
      "C:\Program Files (x86)\Stardock\Fences\Fences.exe"=0x5341435001000000000000000700000028000000D8013C0019F03C0001000000000000000000000A8021000059193B14E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000A0800200000000000500000005000000
      "C:\portable apps\7-ZipPortable 15\7-ZipPortable.exe"=0x5341435001000000000000000700000028000000A08603006DFB03000100000000000000000001060001000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000000000002000000000000000000000000000416010000000000040000000300000000000000000000400000000000000000000000000000000075F60000000000000200000000000000
      "C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe"=0x534143500100000000000000070000002800000048D1570040495800010000000000000000000206F122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F4C5FD0100000000FA000000FA000000
      "C:\Program Files (x86)\Firetrust\MailWasher\Keygen\Firetrust.MailWasherPRO.2013.Keygen.exe"=0x5341435001000000000000000700000028000000AFA0000000000000010000000000000000000106F502000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000063910000000000000100000001000000
      "C:\Program Files (x86)\uTorrent\uTorrent.exe"=0x5341435001000000000000000700000028000000780B0600886706000100000000000000000001067102000033504C2B57DFD1010000000000000000020000005000000000000000002000200000000000000000000000000000000040052100000000000100000001000000000000000000000000000000000000000000000000000000DE380100000000000100000000000000
      "C:\portable apps\FSCapture84\FSCapture.exe"=0x534143500100000000000000070000002800000000284D000000000001000000000000000000000A6120000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008744B301000000006801000068010000
      "C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe"=0x5341435001000000000000000700000028000000D85CAA00AE72AA0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000ACF53100000000001500000015000000
      "C:\Program Files\VueScan\vuescan.exe"=0x5341435001000000000000000700000028000000F03602016078020101000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000006DF50300000000000900000009000000
      "C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe"=0x534143500100000000000000070000002800000000414F0020894F000100000000000000000001067120000033504C2B57DFD101000000000000000002000000280000000000000000000010001000000000000000000000000000009A0F0800000000000700000007000000
      "C:\portable apps\7-ZipPortable 15\App\7-Zip64\7zFM.exe"=0x534143500100000000000000070000002800000000CA0C000000000001000000000000000000000A73200000D5B3B31A57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000003B330200000000000800000008000000
      "C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 14\apc.exe"=0x534143500100000000000000070000002800000060D9740044CB750001000000000000000000000A7122000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004EDB0300000000000300000003000000
      "C:\portable apps\freefilesync8.2\FreeFileSync.exe"=0x5341435001000000000000000700000028000000C80C07002A96070001000000000000000000000A0021000019B4C529E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000069581200000000000200000002000000
      "C:\portable apps\XnView\xnview.exe"=0x5341435001000000000000000700000028000000D8ED4F006450500001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E6AE4A00000000003500000035000000
      "C:\Program Files (x86)\i-Menu\i-Menu.exe"=0x534143500100000000000000070000002800000050974F0078F44F000100000000000000000002067122000019B4C529E312D10100000000000000000200000028000000000000000000004000000000000000000000000000000000A0F52D00000000000300000003000000
      "C:\Program Files\PowerISO\PowerISO.exe"=0x5341435001000000000000000700000028000000883A3C00237F3C0001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000001000000000000000000000000056290900000000000F0000000F000000
      "C:\portable apps\Bulk Rename\Bulk Rename Utility.exe"=0x534143500100000000000000070000002800000058CC110063CA120001000000000000000000030673220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000314F7500000000000400000004000000
      "C:\portable apps\xyplorer17\XYplorer.exe"=0x5341435001000000000000000700000028000000A0316B00CC0E6C0001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000446BEA0300000000C4000000C4000000
      "C:\portable apps\herd\Scanner_Portable\herdProtectScan.exe"=0x5341435001000000000000000700000028000000101510008E741000010000000000000000000306F5020000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000100000000000000000000000000000D9DB0000000000000300000003000000
      "C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE"=0x534143500100000000000000070000002800000050D901007C4202000100000000000000000001067322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000066860000000000000100000001000000
      "C:\portable apps\USBDiskEjector1.3.0.3\USB_Disk_Eject.exe"=0x534143500100000000000000070000002800000000E60E00000000000100000000000000000001067122000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000068291900000000001500000015000000
      "C:\Program Files\Common Files\microsoft shared\OFFICE14\Oarpmany.exe"=0x5341435001000000000000000700000028000000888D0300D13704000300000000000000000001067322000059193B14E312D10100000000000000000100000004000000010000000200000028000000000000000000000000008000000000000000800000000000D5570000000000001B0000001B000000
      "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE"=0x5341435001000000000000000700000028000000C02AA601A460A6010100000000000000000001060001000059193B14E312D1010000000100000000
      "C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE"=0x5341435001000000000000000700000028000000B004210076B221000100000000000000000001060001000059193B14E312D1010000000100000000
      "C:\portable apps\WPU\Wise Program Uninstaller\WiseProgramUninstaller.exe"=0x5341435001000000000000000700000028000000F81C3900E5DA390001000000000000000000000A7122000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000007D5D0100000000000600000006000000
      "C:\Program Files (x86)\VirusTotalUploader2\VirusTotalUploader2.2.exe"=0x534143500100000000000000070000002800000000A20200CEFC02000100000000000000000002067102000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008CFDC500000000000F0000000F000000
      "C:\portable apps\Pazera_Free_Audio_Extractor_PORTABLE\AudioExtractor.exe"=0x5341435001000000000000000700000028000000B8DF1900CE1B1A0001000000000000000000000A7120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000009D81C00000000000900000009000000
      "C:\Program Files\Windows Defender\MSASCui.exe"=0x534143500100000000000000070000002800000000541400449F140001000000010000000000000A0021000059193B14E312D1010000000000000000
      "C:\portable apps\pathsync04BETA2-install\$INSTDIR\pathsync.exe"=0x534143500100000000000000070000002800000000BC01000000000001000000000000000000000A7120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000CA720100000000000600000006000000
      "C:\Users\John\Desktop\rufus-2.6p.exe"=0x5341435001000000000000000700000028000000A83D0D00169D0D0001000000000000000000000A0021000019B4C529E312D10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E9590300000000000200000002000000
      "C:\Users\John\Desktop\Universal-USB-Installer-1.9.5.9.exe"=0x5341435001000000000000000700000028000000899D1000000000000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E9310100000000000200000002000000
      "C:\Users\John\Desktop\YUMI-2.0.2.7.exe"=0x5341435001000000000000000700000028000000A73D1500000000000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DCDA4900000000001100000011000000
      "C:\Users\John\Desktop\XBootv1.0beta14\xbootvs1.0beta14.exe"=0x534143500100000000000000070000002800000000125A0000000000010000000000000000000106F122000019B4C529E312D10100000000000000000200000028000000000000000000000000100000000000000000000000000000A5240200000000000100000001000000
      "C:\Users\John\Desktop\adwcleaner_6.010.exe"=0x534143500100000000000000070000002800000040623A005A663A0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000944D0000000000000200000002000000
      "C:\Program Files\Inpaint\Inpaint.exe"=0x534143500100000000000000070000002800000000EADC000000000001000000000000000000000A73220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C68F0800000000000900000009000000
      "C:\Program Files (x86)\Audacity\audacity.exe"=0x534143500100000000000000070000002800000000B88D000000000001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FC0F1400000000000600000006000000
      "C:\portable apps\Mp3tagPortable\Mp3tag.exe"=0x5341435001000000000000000700000028000000E8AE650079A666000100000000000000000001067122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000AFCF0100000000000100000001000000
      "C:\portable apps\canremember\CanRemember.exe"=0x534143500100000000000000070000002800000000680300000000000100000000000000000001066122000019B4C529E312D10100000000000000000200000028000000000000000000000000000000000000000000000000000000E7011000000000000700000007000000
      "C:\Users\John\Desktop\LogAnalyzer.exe"=0x534143500100000000000000070000002800000048640F00CC6F0F0001000000000000000000000AF5220000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000D63D2700000000000F0000000F000000
      "C:\portable apps\photoline portable\plo\PhotoLine64.exe"=0x5341435001000000000000000700000028000000006E74010F05750101000000000000000000000A7322000059193B14E312D1010000000000000000020000002800000000000000000000000000000000000000000000000000000010470900000000000700000007000000
      "C:\Users\John\AppData\Local\AMD\CN\cimmanifest.exe"=0x534143500100000000000000070000002800000078F2010047DE02000100000000000000000003060001000019B4C529E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000008D000000000000002A0000002A000000
      "C:\Users\John\Desktop\ZHPCleaner.exe"=0x5341435001000000000000000700000028000000001A2500B66725000100000000000000000003060001000019B4C529E312D1010000000000000000020000002800000000000000000000400000000000000000000000000000000049A40B00000000000700000007000000
      "C:\Users\John\AppData\Roaming\ZHP\ZHPCleaner.exe"=0x534143500100000000000000070000002800000000B02500E07826000100000000000000000003060001000019B4C529E312D1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000005A90900000000000500000005000000
      "C:\Users\John\Desktop\webcamonoff\webcam_on_off_v1.2\WebCam.exe"=0x534143500100000000000000070000002800000049540600000000000100000000000000000001060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E0E91B00000000000900000009000000
      "C:\Users\John\Desktop\MiniToolBox.exe"=0x5341435001000000000000000700000028000000009E0D0036680E0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000843A0100000000000500000005000000
      "C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe"=0x53414350010000000000000007000000280000000037E8004F51E80001000000000000000000000A6120000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000035657D01000000000A0000000A000000
      "C:\Program Files\Classic Shell\ClassicShellUpdate.exe"=0x5341435001000000000000000700000028000000D82306009303070001000000000000000000000A0021000033504C2B57DFD10100000080000000000200000028000000000000000000000000000000000000000000000000000000CC1F0000000000000400000004000000
      "C:\Program Files\Classic Shell\ClassicStartMenu.exe"=0x5341435001000000000000000700000028000000D87F02004D9C020001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000050000000000000000000004000000000000000000000000000000000E00700000000000001000000010000000000000000000000000000000000000000000000000000003F000000000000000100000000000000
      "C:\ProgramData\Stardock\Fences3\Update\Fences_3.03_setup_sd.exe"=0x5341435001000000000000000700000028000000680D930003D2930001000000000000000000000A0021000019B4C529E312D1010000000000000000
      "C:\portable apps\xyplorer17.3\XYplorer.exe"=0x5341435001000000000000000700000028000000A0D16C000B366D0001000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000AD7ECB0100000000A5000000A5000000
      "C:\Users\John\Desktop\zoek.exe"=0x534143500100000000000000070000002800000000FA1300000000000100000000000000000001067102000019B4C529E312D101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040001000000000000000000000000000007F0E0500000000000600000006000000
      "C:\Users\John\Desktop\Windows ISO Downloader.exe"=0x534143500100000000000000070000002800000000D40700D848080001000000000000000000000AF5200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000060E52400000000000900000009000000
      "C:\Users\John\Desktop\JRT.exe"=0x5341435001000000000000000700000028000000B8E6180017AD19000100000000000000000001067102000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000F1FE0000000000000500000005000000
      "C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe"=0x5341435001000000000000000700000028000000887B7A00161A7B0001000000000000000000000A0021000059193B14E312D101000000000000000002000000280000000000000000000000000000000000000000000000000000003F000000000000000100000001000000
      "C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileSyncConfig.exe"=0x5341435001000000000000000700000028000000C8BA020001D3020001000000000000000000000A0021000033504C2B57DFD1010000000100000000
      "C:\Program Files\Internet Explorer\iexplore.exe"=0x5341435001000000000000000700000028000000C0960C005DE50C0001000000010000000000000A00210000D5B3B31A57DFD1010000000000000000
      "C:\Users\John\Desktop\affinity-photo-public-beta.exe"=0x534143500100000000000000070000002800000010DB57111148581101000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000AB360100000000000100000001000000
      "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE"=0x5341435001000000000000000700000028000000B8DE15009A4F160001000000000000000000010600010000D5B3B31A57DFD1010000000100000000
      "C:\Users\John\Desktop\ResetBrowser.exe"=0x534143500100000000000000070000002800000000C21800410A19000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000E4F42000000000000200000002000000
      "C:\Users\John\Desktop\DnsJumper\DnsJumper\DnsJumper.exe"=0x5341435001000000000000000700000028000000EDF30900000000000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000001B0C2300000000000200000002000000
      "C:\Program Files\Macrium\Reflect\reflect.exe"=0x5341435001000000000000000700000028000000B8910400DE33050001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000E1200100000000000600000006000000
      "C:\Users\John\Desktop\flashplayer23_xa_install.exe"=0x5341435001000000000000000700000028000000D0481200294B120001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000EB820000000000000400000004000000
      "C:\Users\John\Desktop\Windows_Repair_Toolbox_Portable.exe"=0x5341435001000000000000000700000028000000746F2000439E01000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000008E710500000000000200000002000000
      "C:\portable apps\Zemana\ZAMv2.10.2.18.exe"=0x5341435001000000000000000700000028000000C0114F00020000000100000000000000000003060001000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000AA730D00000000000600000006000000
      "C:\Users\John\Desktop\Zemana.AntiMalware.Setup.exe"=0x5341435001000000000000000700000028000000A8CD52000214F01C01000000000000000000000A0021000033504C2B57DFD1010000000000000000
      "C:\Users\John\Desktop\devicecleanup\x64\DeviceCleanup.exe"=0x5341435001000000000000000700000028000000F08C0000A2EB000001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000042160100000000000100000001000000
      "C:\Users\John\Desktop\Autoruns\Autoruns64.exe"=0x5341435001000000000000000700000028000000B0DE0C003DB40D0001000000000000000000030600010000D5B3B31A57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000005BDA5700000000000A000000070000000000000000000000000000000000000000000000000000003D460400000000000300000000000000
      "C:\Users\John\Desktop\Autoruns\Autoruns.exe"=0x5341435001000000000000000700000028000000A0EA0A00A5BF0B000100000000000000000003060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000500000000000000000000040000000000000000000000000000000009F651400000000000900000008000000000000000000000000000000000000000000000000000000F1A30000000000000400000000000000
      "C:\Program Files (x86)\Windows Media Player\wmplayer.exe"=0x5341435001000000000000000700000028000000008C02001930030001000000010000000000000A7122000033504C2B57DFD1010000000000000000
      "C:\Users\John\Desktop\install_flash_player_23_plugin.exe"=0x5341435001000000000000000700000028000000C0D6330140A7340101000000000000000000000A0021000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000BE240000000000000100000001000000
      "C:\Users\John\AppData\Local\Temp\PotUpdate\PotPlayerSetup64.exe"=0x534143500100000000000000070000002800000058924901AA214A010100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000007B590000000000000100000001000000
      "C:\Users\John\Desktop\Cyberfox-50.0.en-US.win64-x86_64.intel.exe"=0x53414350010000000000000007000000280000004816140396FB140301000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000890D0400000000000200000002000000
      "C:\Users\John\Desktop\freefixer_portable\freefixer_portable\x64\freefixer.exe"=0x5341435001000000000000000700000028000000002843005992430001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000723E0300000000000100000001000000
      "C:\Users\John\Desktop\ispring_free_cam_8_3_0.msi"=0x534143500100000000000000070000002800000000FE00009EC4010001000000000000000000010500100000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000046740000000000000100000001000000
      "C:\Users\John\Desktop\UVKPortable.exe"=0x534143500100000000000000070000002800000020B96100D729620001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000002060200000000000100000001000000
      "C:\Users\John\Desktop\PicturesToExe.v8.0.20.Portable.FR\Main\PicturesToExe.exe"=0x5341435001000000000000000700000028000000F81C510088AE510001000000000000000000000A6120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000C5B40100000000000100000001000000
      "C:\Users\John\Desktop\Snipaste-1.10.4-x64\Snipaste.exe"=0x534143500100000000000000070000002800000000F217000000000001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000
      "C:\Users\John\Desktop\wink20\wink20.exe"=0x5341435001000000000000000700000028000000C3513300000000000100000000000000000001057100000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000800000200000028000000000000000008004000000000000000000000000000000000823B0000000000000100000001000000
      "C:\portable apps\Snagit.v12.4.1.B3036.Portable.FR\SnagitPortable.exe"=0x53414350010000000000000007000000280000006C310100000000000100000000000000000001060001000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040001000000000000000000000000000002C231600000000000100000001000000
      "C:\Users\John\Desktop\Network Test\Network Test.exe"=0x5341435001000000000000000700000028000000001204000000000001000000000000000000000A5120000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E5020200000000000100000001000000
      "C:\Users\John\Desktop\UltraAdwareKiller64.exe"=0x5341435001000000000000000700000028000000E0B20F005B79100001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000DEC30300000000000400000004000000
      "C:\Users\John\Desktop\ALA-FAFag.exe"=0x5341435001000000000000000700000028000000A05E05000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000049A50000000000000100000001000000
      "C:\Program Files (x86)\ALA\ALA.exe"=0x534143500100000000000000070000002800000000F802003365030001000000000000000000000A73200000D5B3B31A57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000079AF0000000000000200000002000000
      "C:\Users\John\Desktop\Cyberfox-50.0.2.en-US.win64-x86_64.intel.exe"=0x534143500100000000000000070000002800000078DC1303D080140301000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000BC94200000000000100000001000000
      "C:\Program Files\Cyberfox\Cyberfox.exe"=0x5341435001000000000000000700000028000000D8AA0D0070920E0001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3D0D20100000000E8000000E8000000
      "C:\Program Files\AVAST Software\Avast\avastui.exe"=0x5341435001000000000000000700000028000000C08F8A00AAD68A0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000020000000000000000600000006000000
      "C:\Users\John\Desktop\usboblivion-1.11.2.0\USBOblivion64.exe"=0x5341435001000000000000000700000028000000006C2E0009CF2E0001000000000000000000000A73220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000016130100000000000100000001000000
      "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe"=0x534143500100000000000000070000002800000028D7FA00B67FFB0001000000000000000000000A73220000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000001C350600000000000500000005000000
      "C:\Users\John\Desktop\mb3-setup-consumer-3.0.4.1269.exe"=0x5341435001000000000000000700000028000000B8FF1803D6E9190301000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000024050900000000000100000001000000
      "C:\Program Files\Malwarebytes\Anti-Malware\assistant.exe"=0x5341435001000000000000000700000028000000D0AF05005F46060001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000FA000000000000000300000003000000
      "C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe"=0x5341435001000000000000000700000028000000D0937C00CB2C7D0001000000000000000000000A7122000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B3290600000000000300000003000000
      "C:\Users\John\Desktop\ccsetup525\CCleaner64.exe"=0x5341435001000000000000000700000028000000D8BA8D000DCD8D0001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000000000000000000000000000000000000000B0030200000000000200000002000000
      "C:\Users\John\Desktop\CCEnhancer-4.4.1.exe"=0x5341435001000000000000000700000028000000004E04000000000001000000000000000000000AF122000033504C2B57DFD10100000000000000000500000010000000000000000000000000000000000000000200000028000000000000000000004000000000000000000000000000000000C9250300000000000100000001000000
      "C:\Users\John\Desktop\avidemux_2.6.15_win64.exe"=0x5341435001000000000000000700000028000000EC9B38018D1801000100000000000000000001060001000033504C2B57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000037930000000000000100000001000000
      "C:\Users\John\Desktop\avidemux_2.6.15_win64\avidemux_portable.exe"=0x534143500100000000000000070000002800000000CE28001C1D290001000000000000000000000A73200000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000F1600900000000000100000001000000
      "C:\Users\John\Desktop\system-ninja-portable-3.1\System Ninja\System Ninja.exe"=0x5341435001000000000000000700000028000000004A0F000000000001000000000000000000000AF5220000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400400000000000000000000000000000021980500000000000400000004000000
      "C:\Users\John\Desktop\VLCPortable_2.2.4.paf.exe"=0x53414350010000000000000007000000280000008038A3012983A30101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000002C8D0000000000000100000001000000
      "C:\Users\John\Desktop\VLCPortable\VLCPortable.exe"=0x5341435001000000000000000700000028000000B8130200963302000100000000000000000001060001000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000FB8D0600000000000200000002000000
      "C:\Users\John\Desktop\Autoruns\autorunsc64.exe"=0x5341435001000000000000000700000028000000B0580B003C080C0001000000000000000000030600010000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000400000000000000000000000000000000097010000000000000100000001000000
      "C:\Users\John\Desktop\jaBuT_12.0.60_Portable_x64\jaBuT.exe"=0x534143500100000000000000070000002800000000A8C3000000000001000000000000000000000A00210000D5B3B31A57DFD1010000000000000000050000001000000000000000000000000000000000000000020000002800000000000000000000000000000000000000000000000000000075470400000000000100000001000000
      "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe"=0x5341435001000000000000000700000028000000C0ED01003ABB020001000000000000000000000A00210000D5B3B31A57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000637C0000000000000200000002000000
      "C:\Users\John\Desktop\TidyTabs\TidyTabs.Daemon.exe"=0x5341435001000000000000000700000028000000B8801600FE02170001000000000000000000000A0021000033504C2B57DFD101000000000000000005000000100000000000000000000000000000000000000002000000280000000000000000000040000000000000000000000000000000004F640500000000000100000001000000
      "C:\Program Files (x86)\Skype\Phone\Skype.exe"=0x5341435001000000000000000700000028000000D8579F011141A00101000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000010000000000000000000000000000000008BE73D01000000001900000019000000
      "C:\Users\John\Desktop\FreeFileSync_8.8_Windows_Setup.exe"=0x534143500100000000000000070000002800000070BBB00061B7B10001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000005A050100000000000100000001000000
      "C:\Program Files\FreeFileSync\FreeFileSync.exe"=0x5341435001000000000000000700000028000000C81A07004DE1070001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000E5F9CF01000000000500000005000000
      "C:\Users\John\Desktop\vc_redist.x86.exe"=0x53414350010000000000000007000000280000006014D2004B2FD20001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000B540000000000000100000001000000
      "C:\Users\John\Desktop\vc_redist.x64.exe"=0x5341435001000000000000000700000028000000E059DE00D594DE0001000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000000000000000000000000000000000000000B2190000000000000100000001000000
      "C:\Users\John\Desktop\FreemakeVideoDownloaderSetup.exe"=0x5341435001000000000000000700000028000000487F1C002FA31C000100000000000000000002060001000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000044980E00000000000100000001000000
      "C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe"=0x5341435001000000000000000200000028000000000000000000000000000000000000000000000000000000324D0E00000000000100000001000000
      "C:\Users\John\Desktop\adwcleaner_6.042.exe"=0x5341435001000000000000000700000028000000D0DD3C00E49E3D0001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000015DF0000000000000100000001000000
      "C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe"=0x5341435001000000000000000700000028000000C87F07008415080001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000001E50000000000000100000001000000
      "C:\Users\John\Desktop\avast_free_antivirus_setup_offline.exe"=0x534143500100000000000000070000002800000040B9C70D6EDEC70D01000000000000000000000A0021000033504C2B57DFD10100000000000000000200000028000000000000000000004000000000000000000000000000000000E4D40000000000000100000001000000
      "C:\Users\John\Desktop\FRST64.exe"=0x534143500100000000000000070000002800000000EC2400CDB1250001000000000000000000000A00210000D5B3B31A57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000008AED2800000000000700000007000000
      "C:\Users\John\Desktop\NoDefender\NoDefender.exe"=0x534143500100000000000000070000002800000000F615000000000001000000000000000000000AF522000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000056DC0000000000000100000001000000
      "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe"=0x5341435001000000000000000700000028000000F07ED700A1E0D7000100000000000000000003060001000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000006E000000000000000100000001000000
      "C:\Users\John\Desktop\ALA-FAHai.exe"=0x5341435001000000000000000700000028000000937605000000000001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000400000000000000000000000000000000020BE0000000000000100000001000000
      "C:\Users\John\Desktop\flashplayer24_xa_install.exe"=0x534143500100000000000000070000002800000068541200695F120001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000000B470000000000000100000001000000
      "C:\Users\John\Desktop\xyplorer 17.5_full_noinstall\XYplorer.exe"=0x5341435001000000000000000700000028000000A0C16F00452E700001000000000000000000000A0021000033504C2B57DFD101000000000000000002000000280000000000000000000000000000000000000000000000000000004DE00000000000000600000006000000
      "C:\portable apps\xyplorer 17.5_full_noinstall\XYplorer.exe"=0x5341435001000000000000000700000028000000A0C16F00452E700001000000000000000000000A0021000033504C2B57DFD1010000000000000000020000002800000000000000000000000000000000000000000000000000000042A6B500000000000100000001000000
      "C:\Users\John\Desktop\rmtool-setup-x64.exe"=0x534143500100000000000000070000002800000060AA620074EC62000100000000000000000001060001000033504C2B57DFD101000000000000000002000000280000000000000000000040000000000000000000000000000000000A742700000000000100000001000000
      "C:\Users\John\Desktop\quickdiag_3_23.01.17.4.exe"=0x5341435001000000000000000700000028000000A81B25007B28250001000000000000000000000A0021000033504C2B57DFD1010000000000000000
      ---------- | IFEO
      ---------- | Mountpoints2
      ---------- | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
      ""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
      "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "Beep"=#USR:Control Panel\Sound   
      "CoolSwitch"=USR:Control Panel\Desktop   
      "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
      "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "DoubleClickHeight"=#USR:Control Panel\Mouse   
      "DoubleClickSpeed"=#USR:Control Panel\Mouse   
      "DoubleClickWidth"=#USR:Control Panel\Mouse   
      "DragFullWindows"=USR:Control Panel\Desktop   
      "InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
      "LowPowerActive"=#USR:Control Panel\Desktop   
      "LowPowerTimeOut"=#USR:Control Panel\Desktop   
      "MouseSpeed"=#USR:Control Panel\Mouse   
      "MouseThreshold1"=#USR:Control Panel\Mouse   
      "MouseThreshold2"=#USR:Control Panel\Mouse   
      "PowerOffActive"=#USR:Control Panel\Desktop   
      "PowerOffTimeOut"=#USR:Control Panel\Desktop   
      "ScreenSaveActive"=#USR:Control Panel\Desktop   
      "ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
      "SnapToDefaultButton"=#USR:Control Panel\Mouse   
      "Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
      "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "SwapMouseButtons"=#USR:Control Panel\Mouse   
      "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS    [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
      ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
      "ScreenSaverActive"=USR:Control Panel\Desktop   
      "ScreenSaverIsSecure"=USR:Control Panel\Desktop   
      "SCRNSAVE.EXE"=USR:Control Panel\Desktop   
      "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
      "APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "Beep"=#USR:Control Panel\Sound   
      "CoolSwitch"=USR:Control Panel\Desktop   
      "DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
      "DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "DoubleClickHeight"=#USR:Control Panel\Mouse   
      "DoubleClickSpeed"=#USR:Control Panel\Mouse   
      "DoubleClickWidth"=#USR:Control Panel\Mouse   
      "DragFullWindows"=USR:Control Panel\Desktop   
      "InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
      "LowPowerActive"=#USR:Control Panel\Desktop   
      "LowPowerTimeOut"=#USR:Control Panel\Desktop   
      "MouseSpeed"=#USR:Control Panel\Mouse   
      "MouseThreshold1"=#USR:Control Panel\Mouse   
      "MouseThreshold2"=#USR:Control Panel\Mouse   
      "PowerOffActive"=#USR:Control Panel\Desktop   
      "PowerOffTimeOut"=#USR:Control Panel\Desktop   
      "ScreenSaveActive"=#USR:Control Panel\Desktop   
      "ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
      "SnapToDefaultButton"=#USR:Control Panel\Mouse   
      "SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
      "SwapMouseButtons"=#USR:Control Panel\Mouse   
      "TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS    [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
      ""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
      "ScreenSaverActive"=USR:Control Panel\Desktop   
      "ScreenSaverIsSecure"=USR:Control Panel\Desktop   
      "SCRNSAVE.EXE"=USR:Control Panel\Desktop   
      "Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon    [HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
      "windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ---------- | Security center [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows Defender]
      "UIFirstRun"=0 [HKLM\SOFTWARE\Microsoft\Security Center]
      "cval"=1 [HKLM\SOFTWARE\Microsoft\Security Center\svc]
      "VistaSp1"=131232285865150640 [HKLM\SOFTWARE\Microsoft\Windows Defender]
      "ProductAppDataPath"=C:\ProgramData\Microsoft\Windows Defender
      "ProductIcon"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-100
      "ProductLocalizedName"=@%ProgramFiles%\Windows Defender\EppManifest.dll,-1000
      "RemediationExe"=%ProgramFiles%\Windows Defender\MSASCui.exe
      "DisableAntiSpyware"=1
      "ProductType"=2
      "ManagedDefenderProductType"=0
      "ProductStatus"=0
      "InstallTime"=0x86F05259D3DED101
      "OOBEInstallTime"=0x3446DD8145DED101
      "DisableAntiVirus"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
      "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
      "EnableFirewall"=1 [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
      "EnableFirewall"=1
      ---------- | Safeboot [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BrokerInfrastructure]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DeviceInstall]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iai2c.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\LSM]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SystemEventsBroker]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uefi.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BrokerInfrastructure]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DeviceInstall]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dxgkrnl.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\FsDepends.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LSM]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmartcardSimulator]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SystemEventsBroker]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\uefi.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wcmsvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{9DA2B80F-F89F-4A49-A5C2-511B085B9E8A}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
      [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{F2E7DD72-6468-4E36-B6F1-6488F42C1B52}] ---------- | Winsock (Whitelist)
      ---------- | Hosts
      ---------- | @ [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Internet Explorer\Main]
      "Anchor Underline"=yes
      "Cache_Update_Frequency"=Once_Per_Session
      "Disable Script Debugger"=yes
      "DisableScriptDebuggerIE"=yes
      "Display Inline Images"=yes
      "Do404Search"=0x01000000
      "Local Page"=C:\WINDOWS\system32\blank.htm
      "Save_Session_History_On_Exit"=no
      "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
      "Show_FullURL"=no
      "Show_StatusBar"=yes
      "Show_ToolBar"=yes
      "Show_URLinStatusBar"=yes
      "Show_URLToolBar"=yes
      "Use_DlgBox_Colors"=yes
      "UseClearType"=no
      "XMLHTTP"=1
      "Enable Browser Extensions"=yes
      "Play_Background_Sounds"=yes
      "Play_Animations"=yes
      "ApplicationTileImmersiveActivation"=1
      "AssociationActivationMode"=0
      "ImageStoreRandomFolder"=knuaetx
      "OperationalData"=13
      "EdgeSwitchingOSBuildNumber"=10586.th2_release_sec.160223-1728
      "CompatibilityFlags"=0
      "FullScreen"=no
      "Window_Placement"=0x2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF66030000BC0000005707000052030000
      "Start Page_TIMESTAMP"=0x02757089923CD201
      "SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy"=
      "IE10RunOnceLastShown"=1
      "IE10RunOnceLastShown_TIMESTAMP"=0x0919577BA36BD201
      "IE10TourShown"=1
      "IE10TourShownTime"=0x3BE275040F3BD201
      "NotifyDownloadComplete"=yes
      "Start Page Redirect Cache_TIMESTAMP"=0x5529FE71923CD201
      "Start Page Redirect Cache AcceptLangs"=en-US
      "ScriptDebugger_EnableHiddenTabs"=0
      "StatusBarWeb"=1
      "ForceGDIPlus"=0
      "AlwaysShowMenus"=0
      "ShutdownWaitForOnUnload"=0
      "DNSPreresolution"=8
      "SpellChecking"=1
      "LangToolsBroker"={5bbd58bb-993e-4c17-8af6-3af8e908fca8}
      "DisablePasswordReveal"=0
      "Check_Associations"=yes
      "DisableRequiresActiveXPrompt"=
      "SuppressScriptDebuggerDialog"=0
      "PredictedViewExpansion"=100
      "PredictedViewChangeThreshold"=10
      "PredictedViewChangeThresholdPaint"=10
      "ContentLayerCacheExpansion"=300
      "RenderingLoopMaxTime"=250
      "NscSingleExpand"=0
      "Error Dlg Displayed On Every Error"=no
      "Friendly http errors"=yes
      "CSS_Compat"=doctype
      "Expand Alt Text"=no
      "Display Inline Videos"=1
      "Use Stylesheets"=1
      "SmoothScroll"=1
      "Show image placeholders"=0
      "Disable Diagnostics Mode"=no
      "Move System Caret"=no
      "Enable AutoImageResize"=yes
      "UseThemes"=1
      "UseHR"=0
      "Q300829"=0
      "Cleanup HTCs"=0
      "XDomainRequest"=1
      "DOMStorage"=1
      "EnableAlternativeCodec"=yes
      "JScriptProfileCacheEventDelay"=5000
      "HideLocalHostIP"=0
      "CrossfadeMinTimeoutInMS"=30000
      "CrossfadeMaxTimeoutInMS"=30000
      "CrossfadeCurrentTimeoutInMS"=30000
      "ScrollTimeoutInMS"=6000
      "DisableFirstRunCustomize"=0
      "IE10RunOncePerInstallCompleted"=0
      "IE10TourNoShow"=0
      "IE10RecommendedSettingsNo"=0
      "FrameTabWindow"=1
      "AdminTabProcs"=1
      "SessionMerging"=1
      "FrameMerging"=1
      "HangRecovery"=1
      "DesktopTransparentCoverWindowTime"=8
      "TSEnable"=1
      "Isolation"=PMIL
      "Isolation64Bit"=0
      "IsolationImmersive"=PMEM
      "TabShutdownDelay"=60000
      "FrameShutdownDelay"=0
      "NoUpdateCheck"=1
      "Search Bar"=Preserve
      "MinIEEnabled"=1
      "RefcountTracker"=0
      "TabDragOnSingleProc"=0
      "ForceBFCacheCandidacyPass"=0
      "Fasterback"=1
      "BackForwardInstrumentation"=0
      "Start Page"=https://www.google.com.au/ [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]
      "DisableCachingOfSSLPages"=0
      "IE5_UA_Backup_Flag"=5.0
      "PrivacyAdvanced"=1
      "SecureProtocols"=2688
      "CertificateRevocation"=1
      "User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
      "ZonesSecurityUpgrade"=0x3BE275040F3BD201
      "WarnonZoneCrossing"=0
      "EnableNegotiate"=1
      "MigrateProxy"=1
      "ProxyEnable"=0
      "UrlEncoding"=0
      "EnableAutodial"=0
      "NoNetAutodial"=0
      "EnableHttp1_1"=1
      "ProxyHttp1.1"=1
      "EnableHTTP2"=1
      "BackgroundConnections"=1
      "SyncMode5"=4
      "EmailName"=IEUser@
      "MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
      "EnableSSL3Fallback"=1
      "EnablePunycode"=1
      "ShowPunycode"=0
      "CreateUriCacheSize"=80
      "CoInternetCombineIUriCacheSize"=80
      "SecurityIdIUriCacheSize"=30
      "SpecialFoldersCacheSize"=8
      "PrivDiscUiShown"=1
      "WarnOnIntranet"=1
      "AutoConfigProxy"=wininet.dll
      "UseSchannelDirectly"=0x01000000 [HKLM\Software\Microsoft\Internet Explorer\Main]
      "Anchor_Visitation_Horizon"=0x01000000
      "ApplicationTileImmersiveActivation"=1
      "AssociationActivationMode"=0
      "AutoHide"=yes
      "Cache_Percent_of_Disk"=0x0A000000
      "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL"=
      "Delete_Temp_Files_On_Exit"=yes
      "Enable_Disk_Cache"=yes
      "Extensions Off Page"=about:NoAdd-ons
      "Local Page"=C:\Windows\System32\blank.htm
      "Placeholder_Height"=0x1A000000
      "Placeholder_Width"=0x1A000000
      "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page"=about:SecurityRisk
      "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS"=yes
      "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "EnableAutoUpgrade"=0 [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
      "blank"=res://mshtml.dll/blank.htm
      "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
      "Home"=270
      "InPrivate"=res://ieframe.dll/inprivate.htm
      "NavigationCanceled"=res://ieframe.dll/navcancl.htm
      "NavigationFailure"=res://ieframe.dll/navcancl.htm
      "NoAdd-ons"=res://ieframe.dll/noaddon.htm
      "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
      "PostNotCached"=res://ieframe.dll/repost.htm
      "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
      ""=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
      "ftp"=ftp://
      "home"=http://
      "mosaic"=http://
      "www"=http:// [HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
      "ActiveXCache"=C:\Windows\Downloaded Program Files
      "CodeBaseSearchPath"=CODEBASE
      "EnablePunycode"=1
      "MinorVersion"=0
      "WarnOnIntranet"=1 [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
      "Anchor_Visitation_Horizon"=0x01000000
      "ApplicationTileImmersiveActivation"=1
      "AssociationActivationMode"=0
      "AutoHide"=yes
      "Cache_Percent_of_Disk"=0x0A000000
      "Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
      "Default_Secondary_Page_URL"=
      "Delete_Temp_Files_On_Exit"=yes
      "Enable_Disk_Cache"=yes
      "Extensions Off Page"=about:NoAdd-ons
      "Local Page"=C:\Windows\SysWOW64\blank.htm
      "Placeholder_Height"=0x1A000000
      "Placeholder_Width"=0x1A000000
      "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
      "Security Risk Page"=about:SecurityRisk
      "Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
      "Use_Async_DNS"=yes
      "x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE [HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
      "blank"=res://mshtml.dll/blank.htm
      "DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
      "Home"=270
      "InPrivate"=res://ieframe.dll/inprivate.htm
      "NavigationCanceled"=res://ieframe.dll/navcancl.htm
      "NavigationFailure"=res://ieframe.dll/navcancl.htm
      "NoAdd-ons"=res://ieframe.dll/noaddon.htm
      "NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
      "PostNotCached"=res://ieframe.dll/repost.htm
      "SecurityRisk"=res://ieframe.dll/securityatrisk.htm [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
      ""=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
      "ftp"=ftp://
      "home"=http://
      "mosaic"=http://
      "www"=http:// [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
      "ActiveXCache"=C:\Windows\Downloaded Program Files
      "CodeBaseSearchPath"=CODEBASE
      "EnablePunycode"=1
      "MinorVersion"=0
      "WarnOnIntranet"=1
      ---------- | reparsepoint
      ---------- | Detection of offsets
      ---------- | Notify
      ---------- | Execution FileExts [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSR]
      "progid"=Potplayer.nsr       ---------- | SIOI | SEH | URLSH [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast] - {472083B0-C522-11CF-8763-00608CC02F24} --  C:\Program Files\AVAST Software\Avast\ashShA64.dll   [30/08/2016 15:05:08]
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} --  C:\Windows\System32\EhStorShell.dll   [16/07/2016 22:42:17]
      [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81} --  %SystemRoot%\System32\cscui.dll   
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive1] - {BBACC218-34EA-4666-9D7A-C78F2274A524} --     
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2] - {5AB7172C-9C11-405C-8DD5-AF20F3606282} --     
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3] - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} --     
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive4] - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} --     
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive5] - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} --     
      ---------- | Toolbar [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "Locked"=1    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
      "ITBar7Layout"=0x13000000000000000000000020000000100000001500000001000000000700005E010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
      "ITBar7Height"=21    [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
      "Version"=5   
      "UpgradeTime"=0x3BE275040F3BD201    [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}    [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   
      ---------- | Extensions
      ---------- | SearchScopes [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (Bing) - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] - (@ieframe.dll,-12512) - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC : ---------- | ElevationPolicy [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{000209FF-0000-0000-C000-000000000046}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{03288CB3-3893-46D1-8D58-B2F8BB6FF5BF}] - (C:\Program Files\Microsoft Office\Office14) - MSACCESS.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE903C-2776-4574-9855-EC1597ABE3D6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{57ddcd4f-cedc-489f-bc0e-8b68e565478f}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YJACKDE.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643CDDDA-BB87-4B3D-BB82-E8BF99DBF2C6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\System32\) - CertEnrollCtrl.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\system32\IME\SHARED\) - IMEPADSV.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\Office14) - NAMECONTROLSERVER.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\System32\IME\SHARED\) - imesearch.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a27aa6b7-4726-4a86-9759-3882af8f6594}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YARNKDE.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A73D8D09-594A-431F-AB27-72AF4FCF25CF}] - (C:\Program Files\Microsoft Office\Office14) - MSACCESS.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1750F5-7ECC-4DAA-AA46-CFC6EE89A953}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dcf785e6-be49-4097-9954-187dfc881d20}] - (C:\Windows\system32\spool\DRIVERS\x64\3) - E_YPREKDE.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\system32\IME\SHARED\) - imedictupdateui.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F6A6CA96-B08E-4429-BA30-39232494F292}] - (C:\Program Files\Microsoft Office\Office14) - MSPUB.EXE :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\System32\Macromed\Flash) - FlashUtil_ActiveX.exe :
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC88B53C-9B2A-1A25-5867-C8612E79DBF6}] - (C:\Program Files\Microsoft Office\Office14) - POWERPNT.EXE :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{000209FF-0000-0000-C000-000000000046}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BBE903C-2776-4574-9855-EC1597ABE3D6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dec4925-1312-4d7f-a6f5-89272d848dcf}] - (%WINDIR%\system32\IME\IMEJP\) - IMJPUEX.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4FA8381C-2705-4DC2-ADF3-347D4D619350}] - (%WINDIR%\system32\IME\shared) - imecfmui.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61bd7005-d55e-4693-a191-0caa33601426}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{643CDDDA-BB87-4B3D-BB82-E8BF99DBF2C6}] - (C:\Program Files\Microsoft Office\Office14) - excel.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{681f008a-b1c3-412d-9d95-e7a68837a6ce}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A7C9604-8A57-4B28-821B-BDEDF0E04788}] - (C:\Program Files\Microsoft Office\Office14) - winproj.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{734A9EB3-A34D-4fb7-9DB4-549C28F7EF97}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f7bd411-f034-4ac0-9424-224bd7ab4e4e}] - (%WINDIR%\sysnative\IME\SHARED\) - IMEPADSV.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{812954F9-FAA2-4aee-A9E7-3C4FDE2166A6}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office\Office14) - NAMECONTROLSERVER.EXE :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{989F13EE-B25B-4FAB-9AED-C4336C8CCF0C}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98E3C2D3-E92F-469F-87EB-76054F640517}] - (C:\Windows\SysWOW64\IME\SHARED\) - imesearch.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4fbcbc6-4be5-4c3d-8ab5-8b873357a23e}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{afe26134-8a16-4149-b798-242574f3f4a9}] - (%SystemRoot%\system32\IME\IMETC\) - IMTCPROP.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CA1750F5-7ECC-4DAA-AA46-CFC6EE89A953}] - (C:\Program Files\Microsoft Office\Office14) - winword.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ea109b0c-6a97-45f0-9eb4-5907dd99b995}] - (%WINDIR%\sysnative\IME\SHARED\) - imedictupdateui.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f5d04f46-b4b2-4202-a191-f780421b4200}] - (%WINDIR%\system32\IME\IMEJP\) - imjpdct.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fa6f0991-f729-4899-b095-d3fbca253cf6}] - () -  :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil_ActiveX.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe :
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC88B53C-9B2A-1A25-5867-C8612E79DBF6}] - (C:\Program Files\Microsoft Office\Office14) - POWERPNT.EXE : ---------- | Ext\Settings [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] :  : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL ---------- | Ext\Stats [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] :  : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash.ocx
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED8C108E-4349-11D2-91A4-00C04F7969E8}] :  : %SystemRoot%\System32\msxml3.dll ---------- | Browser Helper Objects [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL  [06/03/2013 08:37:48]
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL  [06/03/2013 08:37:48] ---------- | Chrome   ---------- | Opera
      ---------- | Firefox
      [HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_194.dll
      [HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
      [HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 24.0.0.194 Plugin) : C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_194.dll
      [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
      [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
      [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
      [HKLM\Software\WOW6432Node\MozillaPlugins\@foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf] - () : C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll
      [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0] - (Office Authorization plug-in for NPAPI browsers) : C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
      [HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
      ---------- | DNS [HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{7173e2d8-f7f2-4250-b930-9c99644fecc5}]
      "NameServer"=8.8.8.8,8.8.4.4
      [HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7173e2d8-f7f2-4250-b930-9c99644fecc5}]
      "NameServer"=8.8.8.8,8.8.4.4 ---------- | ActiveX [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - ->
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - ->
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - ->
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - ->
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - ->
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\inf\unregmp2.exe /ShowWMP
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - @%SystemRoot%\system32\themeui.dll,-2682 -> /UserInstall
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{31699572-6286-3C1C-A03C-511D59181038}] - (.NET Framework) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - @%SystemRoot%\system32\shell32.dll,-32969 -> U
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - ->
      [HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - -> %SystemRoot%\system32\msieftp.dll
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{71A5A636-652F-3BE0-BC14-02545E9F5EC7}] - (.NET Framework) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - ->
      ---------- | Applications [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\FSCapture.exe] : "C:\portable apps\FSCapture84\FSCapture.exe" "%1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\Inpaint.exe] : "C:\Program Files\Inpaint\Inpaint.exe" "%1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\uTorrent.exe] : "C:\Program Files (x86)\uTorrent\uTorrent.exe" "%1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\VideoReDo4.exe] : "C:\Program Files (x86)\VideoReDoTVSuite4\VideoReDo4.exe" "%1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Classes\Applications\xnview.exe] : "C:\portable apps\XnView\xnview.exe" "%1"
      [HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
      [HKLM\SOFTWARE\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
      [HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
      [HKLM\SOFTWARE\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
      [HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
      [HKLM\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
      [HKLM\SOFTWARE\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
      [HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
      [HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\LaunchWinApp.exe] : "C:\Windows\system32\LaunchWinApp.exe" "%1"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ois.exe] : C:\PROGRA~1\MICROS~1\Office14\OIS.EXE /shellOpen "%1"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\provtool.exe] : "%SystemRoot%\System32\provtool.exe" "%1"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
      [HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1" ---------- | DCOMApplications Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
      Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
      Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
      Name: TabTip - AppID: {01419581-4d63-4d43-ac26-6e2fc976c1f3}
      Name: lfsvc - AppID: {020FB939-2C8B-4DB7-9E90-9527966E38E5}
      Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
      Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
      Name: DevicesFlowExperienceFlow - AppID: {046AEAD9-5A27-4D3C-8A67-F82552E0A91B}
      Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
      Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
      Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
      Name: OOBE Bio Enrollment - AppID: {0771f7af-8de6-4bce-9528-2d4a12cb8168}
      Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
      Name: Retail Demo User COM Agent - AppID: {0886dae5-13ba-49d6-a6ef-d0922e502d96}
      Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
      Name: Proximity Sharing - AppID: {08FC06E4-C6B5-40BE-97B0-B80F943C615B}
      Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
      Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
      Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
      Name: NotificationController App ID - AppID: {0B789C73-D8DA-416D-B665-C1603676CEB1}
      Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
      Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
      Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
      Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
      Name: Shell Create Object Task Server - AppID: {133eac4f-5891-4d04-bada-d84870380a80}
      Name: Shell Create Object Handler - AppID: {135fd325-45b7-4c30-89f8-4386961669f0}
      Name: TPM Virtual Smart Card VCard Module Manager - AppID: {150F28F1-49A5-4C28-BE1A-CFA854A1D04B}
      Name: Remote TPM Virtual Smart Card Manager - AppID: {152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}
      Name: DelayAPO - AppID: {158401D3-257E-422E-9033-9C465D3F262E}
      Name: TPM Virtual Smart Card Manager - AppID: {16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}
      Name: Speech Runtime COM - AppID: {1725704B-A716-4E04-8EF6-87ED4F0A180A}
      Name: Immersive TPM Virtual Smart Card Manager - AppID: {19833350-BF9B-42A1-BDF0-BD1FCBE1FD31}
      Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
      Name: GIDS Smart Card Simulator Manager - AppID: {1AC32B1A-E379-4CAD-B655-F978A30856EC}
      Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
      Name: Office Licensing COM Server 14 - AppID: {1E886174-DC88-4B83-8BC5-66409EC75F14}
      Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
      Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
      Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
      Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
      Name: Microsoft Software Protection Platform Admin Object (Inner) - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A717}
      Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
      Name: Provisioning Core - AppID: {217700E0-0000-11DF-ADB9-F4CE462D9137}
      Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
      Name: CortanaExperienceFlow - AppID: {24AC8F2B-4D4A-4C17-9607-6A4B14068F97}
      Name: InstallAgent - AppID: {260eb9de-5cbe-4bff-a99a-3710af55bf1e}
      Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
      Name: Exchange Active Sync Policies Broker - AppID: {26795871-6B8F-4115-89DD-986213012798}
      Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
      Name: WInRTDesktopBroker - AppID: {27550CA0-E9DE-4186-A566-37A59BB6CA69}
      Name: Cloud Change Wnf Monitor - AppID: {276D4FD3-C41D-465F-8CA9-A82A7762DF32}
      Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
      Name: WalletService - AppID: {27D6B72D-094D-445A-9ACE-8298CBA0611A}
      Name: InstallAgentUserBroker - AppID: {28d08f70-46eb-4f26-a6cb-54b75132e100}
      Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
      Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
      Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
      Name: WalletService - AppID: {2EA38040-0B9C-4379-87FD-4D38BB892F37}
      Name: ConvertToPDFShellExtension - AppID: {2EAE6086-084B-4C42-B2CA-B30549B3D047}
      Name: DevicesFlow - AppID: {2F93C02D-77F9-46B4-95FB-8CBB81EEB62C}
      Name: Immersive Shell Broker - AppID: {2FD08A73-D1F1-43EB-B888-24C2496F95FD}
      Name: ShellServiceHostBrokerProvider - AppID: {30AD8C8E-AE85-42FA-B9E8-7E99E3DFBFC5}
      Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
      Name: AuthHost - AppID: {31337EC7-5767-11CF-BEAB-00AA006C3606}
      Name: Immersive Shell - AppID: {316CDED5-E4AE-4B15-9113-7055D84DCC97}
      Name: Delivery Optimization Mgmt - AppID: {338B40F9-9D68-4B53-A793-6B9AA0C5F63B}
      Name: Language Components Installer Com Handler - AppID: {33ADC7D5-BAF1-4661-9822-1FD23E63B39F}
      Name: wpnservice - AppID: {34E76A18-223B-4E23-BEAD-F59358CC0A90}
      Name: Windows Push Notification Platform - AppID: {362cc086-4d81-4824-bbb5-666d34b3197d}
      Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
      Name: Delivery Optimization - AppID: {379001DE-7108-4A45-8A74-6CD0A9FBEF2C}
      Name: Microsoft Portable Workspace Launcher - AppID: {37B73D7B-A976-43AE-97E4-BD4977B241F2}
      Name: HP Status Server - AppID: {3B05F114-4087-4557-8952-AAF023709EB0}
      Name: CortanaMapiHelper - AppID: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}
      Name: WorkspacePolicyProcessor - AppID: {3C3F40BC-60EB-4567-B90C-480C87C21AC1}
      Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
      Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
      Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
      Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
      Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
      Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
      Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
      Name: Connected User Store - AppID: {40AFA0B6-3B2F-4654-8C3F-161DE85CF80E}
      Name: EntAppSvc - AppID: {42C21DF5-FB58-4102-90E9-96A213DC7CE8}
      Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
      Name: SPP External COM Object - AppID: {44831FEC-DC51-4716-A7E1-E898FDF83C85}
      Name: Thumbnail Extraction Host Class - AppID: {4545dea0-2dfc-4906-a728-6d986ba399a9}
      Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
      Name: Application Activation Manager - AppID: {45BA127D-10A8-46EA-8AB7-56EA9078943C}
      Name: Set Network Location Elevated Virtual Factory - AppID: {46B988E8-BEC2-401F-A1C5-16C694F26D3E}
      Name: Radio Management Service - AppID: {478B41E6-3257-4519-BDA8-E971F9843849}
      Name: ShellServiceHost - AppID: {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
      Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
      Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
      Name: Telephony App Launcher - AppID: {49EBD8BE-1A92-4A86-A651-70AC565E0FEB}
      Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
      Name: IndexedDbCacheServer - AppID: {49f6e667-6658-4bd1-9de9-6af87f9faf85}
      Name: Virtual Factory for Languages Configuration - AppID: {4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}
      Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
      Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
      Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
      Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
      Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
      Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
      Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
      Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
      Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
      Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
      Name: wuapihost - AppID: {50E1C3FD-EC35-490E-9CCF-C68F9AE91919}
      Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
      Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
      Name: Offline Files Service - AppID: {52551A19-B337-498d-AE75-2283E29902DE}
      Name: FsrmPropertiesPropSheet - AppID: {52FC5917-F4E4-4C78-B469-20E722379F6C}
      Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
      Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
      Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
      Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
      Name: LockScreenContentServer Out of Proc Helper for LockScreenContent Clients - AppID: {536AACFB-5238-4314-B4D4-5B0A2E8B968E}
      Name: ShareFlow - AppID: {549e57e9-b362-49d1-b679-b64d510efe4b}
      Name: HP Port Resolver - AppID: {55F3F296-4775-4AE9-B0AA-52393842EF3C}
      Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
      Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
      Name: Elevated System Settings COM Host - AppID: {57360832-5F9B-4190-8467-000D2D510212}
      Name: PrintNotify - AppID: {588E10FA-0618-48A1-BE2F-0AD93E899FCC}
      Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
      Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
      Name: WalletService - AppID: {5BC7A3A1-E905-414B-9790-E511346F5CA6}
      Name: Microsoft Maps Background Transfer Service - AppID: {5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}
      Name: PrintBrmEngine - AppID: {5C797117-3B23-4549-A6D8-475AB3B62228}
      Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
      Name: Splash screen - AppID: {5EAD00DC-0E8B-497C-BDE8-B9153058CBEF}
      Name: User OOBE Create User Object Server - AppID: {5f7f3f7b-1177-4d4b-b1db-bc6f671b8f25}
      Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
      Name: wlidcli - AppID: {623D5F5E-2F09-427d-8BD7-64495CD9835D}
      Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
      Name: StartMenuHelper - AppID: {62D2FBE4-89F7-48A5-A35F-DA2B8A3C54B7}
      Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
      Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
      Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
      Name: tiledatamodelsvc - AppID: {65E2E13A-7110-4912-9F03-9A42E253D8F6}
      Name: AvAScr - AppID: {66A841F2-956C-4631-BFE7-C90225F417D6}
      Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
      Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
      Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
      Name: Watson subscriber for SENS Network Events - AppID: {6CF90891-3E04-4092-B96C-28E071EEEACB}
      Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
      Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
      Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
      Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
      Name: TieringEngineService - AppID: {6DF5BCF4-22E9-446D-8763-A2C7677ECF7D}
      Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
      Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
      Name: EditionUpgradeHelper - AppID: {6F65B602-F798-4094-8A41-A2A61961E5E8}
      Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
      Name: Windows Insider Service - AppID: {7006698d-2974-4091-a424-85dd0b909e23}
      Name: workfolderssvc - AppID: {712cedb9-16a4-4f79-801d-7de24d8c706e}
      Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
      Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
      Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
      Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
      Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
      Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
      Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
      Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
      Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
      Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
      Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
      Name: Shell Create Object Local Server - AppID: {7B6EA1D5-03C2-4AE4-B21C-8D0515CC91B7}
      Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
      Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
      Name: MediaMonkey - AppID: {7DB2DA7A-8F3D-4329-990C-32E15C849F00}
      Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
      Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
      Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
      Name: GPMC Reporting - AppID: {7f9bbc82-ba5f-4448-8622-ef76b8d007e6}
      Name: Authentication UI CredUI Out of Proc Helper for AppContainer Clients - AppID: {7FC12E96-4CB7-4ABD-ADAA-EF7845B10629}
      Name: CFmIfsEngine host - AppID: {82D94FB3-7FE6-4797-BB72-9A886C66073B}
      Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
      Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
      Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
      Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
      Name: AppReadiness Service - AppID: {88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}
      Name: Activation Manager Shim - AppID: {8A9AE632-CB07-4A11-8872-358A2A271A24}
      Name: Desktop Wallpaper Factory - AppID: {8B30085D-A3E3-44e3-AE7F-B03A1340EBED}
      Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
      Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
      Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
      Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
      Name: TiWorker - AppID: {8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}
      Name: AppVClient - AppID: {8D315960-32C4-4235-8369-901DF222816F}
      Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
      Name: WalletService - AppID: {8E44A57C-5638-44D3-9B83-34DF70EB57F2}
      Name: RdpSa - AppID: {8e7fae4d-cff0-41d3-a326-5a80470264bb}
      Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
      Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
      Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
      Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients - AppID: {924DC564-16A6-42EB-929A-9A61FA7DA06F}
      Name: HtmlLocalFileResolver - AppID: {93AAD2A0-036A-4B11-A078-DA8776B38139}
      Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
      Name: Telephony Incoming Call Toast - AppID: {990F07C7-78DC-4BD2-B145-5F791410BDDE}
      Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
      Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
      Name: RuntimeBroker - AppID: {9CA88EE3-ACB7-47c8-AFC4-AB702511C276}
      Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
      Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
      Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
      Name: CDP Reference Host - AppID: {A0316E2D-8793-4E74-AA48-8CE2ED05BA57}
      Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
      Name: TrayNotify - AppID: {a2b77517-6d12-4c60-b0c6-725e971ec8fe}
      Name: rundll32.exe - AppID: {a2d9ca22-a492-400c-b875-78ac25c0a6f3}
      Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
      Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
      Name: DsmAdminApi - AppID: {A5065670-136D-4FD6-A45F-00C85B90359C}
      Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
      Name: WLIDSvc - AppID: {A6721677-BA21-44E9-9E2A-76466D24D121}
      Name: Virtual Factory for MaintenanceUI - AppID: {A6BFEA43-501F-456F-A845-983D3AD7B8F0}
      Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
      Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
      Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
      Name: Delivery Optimization Mgmt - AppID: {AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}
      Name: F12AppFrameClient Class - AppID: {AABAA6AA-5398-4C08-AE60-6321A7F05E9C}
      Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
      Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
      Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
      Name: Out of proc server to enable Insider Hub scenarios to be reached from inside of its appcontainer - AppID: {ac0fd47a-37f4-4502-bfee-6b317e479d41}
      Name: RetailDemo Service - AppID: {ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}
      Name: WPN Srumon Server - AppID: {ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}
      Name: TrayToastActivator - AppID: {AFC732E2-BA57-4B3E-A70A-71371F99B871}
      Name: WorkspaceBroker Class - AppID: {B06FF84E-0A77-4DD2-A919-0EABD8979DC1}
      Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
      Name: DockInterface COM server - AppID: {b21858c6-9711-4257-99c8-5c0084bebce1}
      Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
      Name: AppActivationFailedHandler - AppID: {B3AADFEA-8404-4CBE-A62E-B0B715412C9E}
      Name: RContextMenu - AppID: {B5B6E648-E9F7-4CE3-987C-53FEDA97C1FA}
      Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
      Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
      Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
      Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
      Name: ApplicationActivationImpl - AppID: {B9305506-D05B-4C36-81C5-0E50886C1755}
      Name: Application Frame Host - AppID: {B9B05098-3E30-483F-87F7-027CA78DA287}
      Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
      Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
      Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
      Name: Setting Sync Task Factory - AppID: {bcbb3f8c-2889-474f-8fb7-904d4a416145}
      Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
      Name: EditionUpgradeManagerObj - AppID: {BD54C901-076B-434E-B6C7-17C531F4AB41}
      Name: VM IC Heartbeat Service - AppID: {be0fc7f0-f248-4091-a123-34ca29a6901b}
      Name: Shell AutoPlay Direct - AppID: {BF8841C9-378A-4CAD-B4FC-5091366CBC0D}
      Name: ShellBrowserWindow - AppID: {c08afd90-f2a1-11d1-8455-00a0c91f3880}
      Name: LockAppHost Out of Proc Helper for Lock Apps - AppID: {C08B030B-E91C-479D-BEFD-02DDA7FF1BCF}
      Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
      Name: DataExchangeHost - AppID: {C2E9756F-8155-4EAC-9ED5-0B690169D412}
      Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
      Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
      Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
      Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
      Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
      Name: Xbox Live Game Saves - AppID: {C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}
      Name: EntAppSvc - AppID: {C63261E4-6052-41FF-B919-496FECF4C4E5}
      Name: EmailClient Class - AppID: {C6E0A4C8-A933-411E-8068-406C2391665F}
      Name: FamilySafetyRefreshTask - AppID: {C844C79D-AED8-4DCE-AB25-4D359BED84F8}
      Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
      Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
      Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
      Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
      Name: editionupgradebroker - AppID: {C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}
      Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
      Name: User OOBE Create Elevated Object Server - AppID: {ca8c87c1-929d-45ba-94db-ef8e6cb346ad}
      Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
      Name: PrintIsolationSessionHost - AppID: {CB363445-F453-4C1E-8EE4-BD123C5E394F}
      Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
      Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
      Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
      Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
      Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
      Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
      Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
      Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
      Name: Color Management - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
      Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
      Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
      Name: CloudStorageWizard - AppID: {D8775A07-C529-4EA7-B307-BA7C8CBBDA03}
      Name: Microsoft Software Protection Platform Admin Object (outer) - AppID: {D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}
      Name: IndexedDbBrokerServer - AppID: {dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}
      Name: BrowserBrokerServer - AppID: {DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}
      Name: Srumon Server - AppID: {ddcfd26b-feed-44cd-b71d-79487d2e5e5a}
      Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
      Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
      Name: LockScreen Call Broker - AppID: {DE7D3D65-5454-4EF5-9518-776739DAB39F}
      Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
      Name: Immersive Print Dialog Surrogate - AppID: {E15FBAC2-C276-4523-92CA-561456EBCF3E}
      Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
      Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
      Name: Execute Unknown - AppID: {e44e9428-bdbc-4987-a099-40dc8fd255e7}
      Name: Authentication UI CredUI Out of Proc Helper for Non-AppContainer Clients (Failed Mouse In Pointer) - AppID: {E45A56CE-399C-45F0-9E6F-BFAACD3C711F}
      Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
      Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
      Name: Orchestrator Service - AppID: {E7299E79-75E5-47BB-A03D-6D319FB7F886}
      Name: TokenBroker Out Of Proc COM Server - AppID: {E73A797B-24CE-424A-AD4F-48E98B1E95B8}
      Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
      Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
      Name: Remove Device elevation surrogate - AppID: {E95186C7-7D80-4311-843D-0702CBC8B1E4}
      Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45E1-8E7D-64414AFF281A}
      Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
      Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
      Name: Immersive Print Dialog Surrogate - AppID: {EB28E902-728E-42C4-97DC-DA89E144C744}
      Name: Remote Desktop Services Message Server - AppID: {EB521D7D-4095-4E61-88FB-BF25700F142A}
      Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
      Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
      Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
      Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
      Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
      Name: CloudExperienceHost Broker AppID - AppID: {efe2d6d8-a81b-41e7-ae77-e5244ab80522}
      Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
      Name: AvailableNetworksExperienceFlow - AppID: {F2506CD7-82C2-43D9-A1D3-F85F5EFE7D09}
      Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
      Name: FodHelper - AppID: {F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}
      Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
      Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
      Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
      Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
      Name: Pen Workspace Discover Broker - AppID: {F5A6ACF4-FFE0-4934-AE1D-5F960EA0AAD9}
      Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
      Name: CloudExperienceHost Create System Object Server - AppID: {f7fa3149-91e7-43b7-8040-b707688ced1a}
      Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
      Name: WLIDFDP - AppID: {F828BB1A-2FAE-4AC4-AE6F-CAC9B529F996}
      Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
      Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
      Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
      Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
      Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
      Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
      Name: Hotspot Auth Module - AppID: {FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}
      Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
      Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
      Name: Proximity UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10C}
      Name: MP UX Host - AppID: {FDA74D11-C4A6-4577-9F73-D7CA8586E10D}
      Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}
      Name: EntAppSvc - AppID: {FFE1E5FE-F1F0-48C8-953E-72BA272F2744} Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{020FB939-2C8B-4DB7-9E90-9527966E38E5}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
      Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{0771f7af-8de6-4bce-9528-2d4a12cb8168}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{133eac4f-5891-4d04-bada-d84870380a80}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{135fd325-45b7-4c30-89f8-4386961669f0}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{150F28F1-49A5-4C28-BE1A-CFA854A1D04B}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{152EA2A8-70DC-4C59-8B2A-32AA3CA0DCAC}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{16A18E86-7F6E-4C20-AD89-4FFC0DB7A96A}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{1725704B-A716-4E04-8EF6-87ED4F0A180A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
      Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{1AC32B1A-E379-4CAD-B655-F978A30856EC}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F14}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
      Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A717}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
      Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{217700E0-0000-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
      Win32_DCOMApplication.AppID="{260eb9de-5cbe-4bff-a99a-3710af55bf1e}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
      Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{27550CA0-E9DE-4186-A566-37A59BB6CA69}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-4267310653-3012624349-32869343-335676702-674013981-1531007892-2777328540-762217067"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-5-32-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
      Win32_DCOMApplication.AppID="{28d08f70-46eb-4f26-a6cb-54b75132e100}" - Win32_SID.SID="S-1-15-3-1024-2558976728-3115931106-1512009022-3208506203-2008579624-341828572-3950653509-2339491937"
      Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{2A947841-0594-48CF-9C53-A08C95C22B55}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-15-3-1024-1314380931-3989923313-3249193833-1963115619-3940350845-1282913705-2904921893-3519892189"
      Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
      Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1212"
      Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{2EA38040-0B9C-4379-87FD-4D38BB892F37}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{338B40F9-9D68-4B53-A793-6B9AA0C5F63B}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{34E76A18-223B-4E23-BEAD-F59358CC0A90}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{379001DE-7108-4A45-8A74-6CD0A9FBEF2C}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{37B05236-FFB5-4D42-B0C8-4A36CBF1BE62}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{37B05236-FFB5-4D42-B0C8-4A36CBF1BE62}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{37B73D7B-A976-43AE-97E4-BD4977B241F2}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{42C21DF5-FB58-4102-90E9-96A213DC7CE8}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{42CBFAA7-A4A7-47BB-B422-BD10E9D02700}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{46B988E8-BEC2-401F-A1C5-16C694F26D3E}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-80-611605672-2879557022-2206624263-4029342278-3129212340"
      Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{49EBD8BE-1A92-4A86-A651-70AC565E0FEB}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{4A3F2F56-454A-4CC5-9734-BB7D8141AC0A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-5-32-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
      Win32_DCOMApplication.AppID="{50E1C3FD-EC35-490E-9CCF-C68F9AE91919}" - Win32_SID.SID="S-1-15-3-1024-2707581722-3970398075-3301609242-3412871183-2565310287-2959982868-2531230773-2372594412"
      Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{51a1467f-96a2-4b1c-9632-4b4d950fe216}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{52FC5917-F4E4-4C78-B469-20E722379F6C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{52FC5917-F4E4-4C78-B469-20E722379F6C}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{57360832-5F9B-4190-8467-000D2D510212}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{588E10FA-0618-48A1-BE2F-0AD93E899FCC}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-3-1024-3625662137-2682091254-856171984-2868379045-3001028726-1009205972-4175949866-684286152"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1031"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{5BC7A3A1-E905-414B-9790-E511346F5CA6}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{5C03E1B1-EB13-4DF1-8943-2FE8E7D5F309}" - Win32_SID.SID="S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376"
      Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{5E176815-9A63-4A69-810F-62E90D36612A}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{65E2E13A-7110-4912-9F03-9A42E253D8F6}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{6F65B602-F798-4094-8A41-A2A61961E5E8}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{730BFCEC-E4BF-4D3A-9FBB-01DD132467A4}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
      Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
      Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{7f9bbc82-ba5f-4448-8622-ef76b8d007e6}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{7f9bbc82-ba5f-4448-8622-ef76b8d007e6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{82D94FB3-7FE6-4797-BB72-9A886C66073B}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-6"
      Win32_DCOMApplication.AppID="{88283d7c-46f4-47d5-8fc2-db0b5cf0cb54}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{8D15A4F3-1BE5-4120-8A4D-2EF92A5DD58D}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{8DF61FB6-3223-4E2D-8A92-D937DDB0DF4C}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-15-3-1024-1701033769-137094913-3738083205-577272984-1204217555-1180762924-3352773070-2589626690"
      Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1030"
      Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-21-2702878673-795188819-444038987-1210"
      Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{8E44A57C-5638-44D3-9B83-34DF70EB57F2}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{8e7fae4d-cff0-41d3-a326-5a80470264bb}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-5-6"
      Win32_DCOMApplication.AppID="{924DC564-16A6-42EB-929A-9A61FA7DA06F}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{990F07C7-78DC-4BD2-B145-5F791410BDDE}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{A0316E2D-8793-4E74-AA48-8CE2ED05BA57}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{A0ADD4EC-5BD3-4f70-A47B-07797A45C635}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{a2d9ca22-a492-400c-b875-78ac25c0a6f3}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{a463fcb9-6b1c-4e0d-a80b-a2ca7999e25d}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{A6BFEA43-501F-456F-A845-983D3AD7B8F0}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{AA0B85DA-FDDF-4272-8D1D-FF9B966D75B0}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{AA65DD7C-83AC-48C0-A6FD-9B61FEBF8800}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-6"
      Win32_DCOMApplication.AppID="{ac793c1d-eb2f-4ffd-b1ec-7af1aaaf3325}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{ada41b3c-c6fd-4a08-8cc1-d6efde67be7d}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{b0316d0c-da2f-40e0-9f91-f600caf042dc}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{B06FF84E-0A77-4DD2-A919-0EABD8979DC1}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{b21858c6-9711-4257-99c8-5c0084bebce1}" - Win32_SID.SID="S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708"
      Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{BD54C901-076B-434E-B6C7-17C531F4AB41}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C2E9756F-8155-4EAC-9ED5-0B690169D412}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{C5D3C0E1-DC41-4F83-8BA8-CC0D46BCCDE3}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C63261E4-6052-41FF-B919-496FECF4C4E5}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-11"
      Win32_DCOMApplication.AppID="{C844C79D-AED8-4DCE-AB25-4D359BED84F8}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{C945AD06-534F-460C-8CB4-17C33099AF81}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{C97E2AEF-AB0E-4FA6-BA29-1A1A7CCBA125}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{ca8c87c1-929d-45ba-94db-ef8e6cb346ad}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{CB363445-F453-4C1E-8EE4-BD123C5E394F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{CE0E0BE8-CF56-4577-9577-34CC96AC087C}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{D63377CC-5B83-4213-BCA8-1E6CD0462F2A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{D63377CC-5B83-4213-BCA8-1E6CD0462F2A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628"
      Win32_DCOMApplication.AppID="{D8D4249F-A8FB-44A7-8AA0-564E8C385BD6}" - Win32_SID.SID="S-1-5-80-956008885-3418522649-1831038044-1853292631-2271478464"
      Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{dc4537c3-ca73-4ac7-9e1d-b2ce27c3a7a6}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{DD9C53BC-8441-4B94-BD0E-36E6E02A6D61}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{ddcfd26b-feed-44cd-b71d-79487d2e5e5a}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{e53cd6ee-5c5c-4701-9ff2-c204bfed819d}" - Win32_SID.SID="S-1-15-3-1024-2819154332-3691255550-2499738133-2646149002-4290075130-3069449926-721213713-3168903538"
      Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{E7299E79-75E5-47BB-A03D-6D319FB7F886}" - Win32_SID.SID="S-1-5-32-545"
      Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{E73A797B-24CE-424A-AD4F-48E98B1E95B8}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{E95186C7-7D80-4311-843D-0702CBC8B1E4}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{EB521D7D-4095-4E61-88FB-BF25700F142A}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{efe2d6d8-a81b-41e7-ae77-e5244ab80522}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{F1425A67-1545-44A2-AB59-8DF1020452D9}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
      Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{F2F94BB3-595C-4509-B7EE-243FA2BDEA5B}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-3433512109-503559027-1389316256-1766580070-2256751264"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-1260278928-804197538-2066346633-4268302704-2216462912"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-345135819-4012009209-3062012967-1747265747-3674605950"
      Win32_DCOMApplication.AppID="{F72671A9-012C-4725-9D2F-2A4D32D65169}" - Win32_SID.SID="S-1-5-80-951620777-1059631183-2804607755-3010024351-809615488"
      Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
      Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{f8842f8e-dafe-4b37-9d38-4e0714a61149}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
      Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-544"
      Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-19"
      Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-20"
      Win32_DCOMApplication.AppID="{FC5EEAF6-0002-11DF-ADB9-F4CE462D9137}" - Win32_SID.SID="S-1-5-32-556"
      Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
      Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-1-0"
      Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-10"
      Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-18"
      Win32_DCOMApplication.AppID="{FFE1E5FE-F1F0-48C8-953E-72BA272F2744}" - Win32_SID.SID="S-1-5-32-544" ---------- | SvcHost [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
      "bthaudiosvc"=BthHFSrv
      "DcomLaunch"=Power
      LSM
      BrokerInfrastructure
      PlugPlay
      DeviceInstall
      SystemEventsBroker
      DcomLaunch
      "defragsvc"=defragsvc
      "LocalServiceNetworkRestricted"=TimeBrokerSvc
      wscsvc
      LmHosts
      AppIDSvc
      homegroupprovider
      NgcCtnrSvc
      AJRouter
      icssvc
      wcmsvc
      eventlog
      AudioSrv
      DHCP
      RmSvc
      vmictimesync
      "RPCSS"=RpcEptMapper
      RpcSs
      "sdrsvc"=sdrsvc
      "utcsvc"=DiagTrack
      "WepHostSvcGroup"=WepHostSvc
      "LocalService"=nsi
      WdiServiceHost
      EventSystem
      RemoteRegistry
      SstpSvc
      netprofm
      lltdsvc
      fdphost
      bthserv
      PhoneSvc
      WebClient
      workfolderssvc
      w32time
      WinHttpAutoProxySvc
      FontCache
      LicenseManager
      CDPSvc
      tzautoupdate
      "LocalSystemNetworkRestricted"=HvHost
      WdiSystemHost
      ScDeviceEnum
      WiaRpc
      trkwks
      WUDFSvc
      hidserv
      dot3svc
      DsSvc
      WPDBusEnum
      fhsvc
      sysmain
      irmon
      EmbeddedMode
      DevQueryBroker
      svsvc
      Netman
      TabletInputService
      PcaSvc
      SmsRouter
      homegrouplistener
      vmicvss
      wlansvc
      NcbService
      CscService
      UmRdpService
      NgcSvc
      AudioEndpointBuilder
      SensorService
      DeviceAssociationService
      vmickvpexchange
      vmicshutdown
      vmicguestinterface
      vmicvmsession
      StorSvc
      "netsvcs"=CertPropSvc
      SCPolicySvc
      lanmanserver
      gpsvc
      IKEEXT
      iphlpsvc
      seclogon
      AppInfo
      msiscsi
      EapHost
      schedule
      winmgmt
      browser
      SessionEnv
      wercplsupport
      shpamsvc
      Themes
      lfsvc
      DmEnrollmentSvc
      FastUserSwitchingCompatibility
      Ias
      Irmon
      Nla
      Ntmssvc
      NWCWorkstation
      Nwsapagent
      Rasauto
      Rasman
      Remoteaccess
      SENS
      Sharedaccess
      SRService
      Tapisrv
      Wmi
      WmdmPmSp
      wuauserv
      BITS
      ShellHWDetection
      LogonHours
      PCAudit
      helpsvc
      uploadmgr
      dmwappushservice
      WpnService
      XboxNetApiSvc
      DcpSvc
      RetailDemo
      BDESVC
      DsmSvc
      NcaSvc
      AppMgmt
      ProfSvc
      UserManager
      dosvc
      XblAuthManager
      wisvc
      XblGameSave
      UsoSvc
      NetSetupSvc
      wlidsvc
      "WerSvcGroup"=wersvc
      "WbioSvcGroup"=WbioSrvc
      "LocalServiceNoNetwork"=DPS
      PLA
      BFE
      NcdAutoSetup
      mpssvc
      WwanSvc
      CoreMessagingRegistrar
      "imgsvc"=StiSvc
      "termsvcs"=TermService
      "swprv"=swprv
      "smphost"=smphost
      "ICService"=vmicrdv
      vmicheartbeat
      "wsappx"=clipsvc
      AppXSvc
      "Camera"=FrameServer
      "LocalServicePeerNet"=PNRPSvc
      p2pimsvc
      p2psvc
      PnrpAutoReg
      "NetworkServiceAndNoImpersonation"=KtmRm
      "appmodel"=TileDataModelSvc
      WalletService
      EntAppSvc
      StateRepository
      "LocalServiceAndNoImpersonation"=SSDPSRV
      upnphost
      SCardSvr
      QWAVE
      fdrespub
      wcncsvc
      SensrSvc
      BthHFSrv
      "NetworkServiceNetworkRestricted"=PolicyAgent
      "AxInstSVGroup"=AxInstSV
      "AppReadiness"=AppReadiness
      "NetworkService"=CryptSvc
      WECSVC
      MapsBroker
      DHCP
      TermService
      Tapisrv
      nlasvc
      lanmanworkstation
      WinRM
      DNSCache
      "smbsvcs"=lanmanserver
      browser
      "UnistackSvcGroup"=UnistoreSvc
      UserDataSvc
      OneSyncSvc
      MessagingService
      WpnUserService
      PimIndexMaintenanceSvc
      CDPUserSvc
      "PeerDist"=PeerDistSvc
      "print"=PrintNotify
      "HPZ12"=Pml Driver HPZ12
      Net Driver HPZ12 [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost]
      "netsvcs"=CertPropSvc
      SCPolicySvc
      lanmanserver
      gpsvc
      iphlpsvc
      msiscsi
      schedule
      winmgmt
      SessionEnv
      FastUserSwitchingCompatibility
      Ias
      Irmon
      Nla
      Ntmssvc
      NWCWorkstation
      Nwsapagent
      Rasauto
      Rasman
      Remoteaccess
      SENS
      Sharedaccess
      SRService
      Tapisrv
      Wmi
      WmdmPmSp
      wuauserv
      BITS
      ShellHWDetection
      LogonHours
      PCAudit
      helpsvc
      uploadmgr
      AppMgmt
      UserManager
      NetSetupSvc
      "LocalSystemNetworkRestricted"=ScDeviceEnum
      WiaRpc
      dot3svc
      Netman
      WPDBusEnum
      NcbService
      wlansvc
      AudioEndpointBuilder
      DeviceAssociationService
      "LocalService"=netprofm
      WebClient
      WinHttpAutoProxySvc
      "imgsvc"=StiSvc
      "LocalServiceNoNetwork"=PLA
      "smphost"=smphost
      "rpcss"=RpcSs
      "LocalServiceNetworkRestricted"=wscsvc
      LmHosts
      AudioSrv
      DHCP
      "appmodel"=StateRepository
      "LocalServiceAndNoImpersonation"=SSDPSRV
      upnphost
      SCardSvr
      QWAVE
      wcncsvc
      BthHFSrv
      "DcomLaunch"=PlugPlay
      DeviceInstall
      DcomLaunch
      "NetworkService"=CryptSvc
      WECSVC
      DHCP
      TermService
      Tapisrv
      WinRM
      DNSCache
      "smbsvcs"=lanmanserver
      ---------- | SvcHost - Netsvcs (Whitelisted)
      ---------- | Software [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\4kdownload.com]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\7-zip]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Adlice Software]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Adobe]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Akeo Consulting]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AMD]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AppDataLow]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Ashampoo]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ATI]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AudioFX]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\AVAST Software]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\BitTorrent]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\C-Media]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Caphyon]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Clients]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\CMEDIA]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Computerinsel]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Daum]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\DRD Systems]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\EaseUS]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Elecard]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\EPSON]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\FastStone]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\FireTrust]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Foxit Software]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\g3n-h@ckm@n]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\geissplugin]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\GNU]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Google]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Hewlett-Packard]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\IM Providers]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\iSpring Solutions]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\IvoSoft]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Kingsoft]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\LogiShrd]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\macrium]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Macromedia]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Malwarebytes]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\MediaMonkey]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mirage]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mozilla]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Mozilla Backup]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Netscape]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Nurgo-Software]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\O&O]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ODBC]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Paramount Software (UK) Ltd.]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PCurVersion]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PEiD]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Piriform]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Policies]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\PowerISO]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\QtProject]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Reason]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\RegisteredApplications]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\roamingdevice]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Skype]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Softpointer]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Solveig Multimedia]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Spoon]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Stardock]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Sys]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Sysinternals]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\techPowerUp]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Teorex]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\TGRMN Software]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Thunderbird]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\TPV]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Trolltech]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\VS Revo Group]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\VueScan]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Winamp]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Wow6432Node]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\ZebHelpProcess Helper]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Zemana]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\AppDataLow\Software\Microsoft]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\CurrentVersion]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\DWM]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Roaming]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Shell]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\TabletPC]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows\Windows Error Reporting]
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\Software\Microsoft\Windows NT\CurrentVersion]
      [HKLM\Software\AMD]
      [HKLM\Software\ASIO]
      [HKLM\Software\ATI]
      [HKLM\Software\ATI Technologies]
      [HKLM\Software\BANDISOFT]
      [HKLM\Software\Clients]
      [HKLM\Software\DAUM]
      [HKLM\Software\EPSON]
      [HKLM\Software\Foxit Software]
      [HKLM\Software\g3n-h@ckm@n]
      [HKLM\Software\Hewlett-Packard]
      [HKLM\Software\IM Providers]
      [HKLM\Software\Intel]
      [HKLM\Software\IvoSoft]
      [HKLM\Software\Khronos]
      [HKLM\Software\Logishrd]
      [HKLM\Software\Logitech]
      [HKLM\Software\Macrium]
      [HKLM\Software\Macromedia]
      [HKLM\Software\Microsoft]
      [HKLM\Software\Mozilla]
      [HKLM\Software\MozillaPlugins]
      [HKLM\Software\ODBC]
      [HKLM\Software\OEM]
      [HKLM\Software\Partner]
      [HKLM\Software\Policies]
      [HKLM\Software\RegisteredApplications]
      [HKLM\Software\Serif]
      [HKLM\Software\sysinternals]
      [HKLM\Software\UVK - Ultra virus killer backups]
      [HKLM\Software\Volatile]
      [HKLM\Software\VueScan]
      [HKLM\Software\WOW6432Node]
      [HKLM\Software\Zemana]
      [HKLM\Software\ZmnGlobalSDK]
      [HKLM\Software\Microsoft\Windows\ClickNote]
      [HKLM\Software\Microsoft\Windows\Configuration]
      [HKLM\Software\Microsoft\Windows\CurrentVersion]
      [HKLM\Software\Microsoft\Windows\DWM]
      [HKLM\Software\Microsoft\Windows\EnterpriseResourceManager]
      [HKLM\Software\Microsoft\Windows\Help]
      [HKLM\Software\Microsoft\Windows\HTML Help]
      [HKLM\Software\Microsoft\Windows\ITStorage]
      [HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
      [HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
      [HKLM\Software\Microsoft\Windows\Shell]
      [HKLM\Software\Microsoft\Windows\Tablet PC]
      [HKLM\Software\Microsoft\Windows\TabletPC]
      [HKLM\Software\Microsoft\Windows\Windows Error Reporting]
      [HKLM\Software\Microsoft\Windows\Windows Search]
      [HKLM\Software\Microsoft\Windows NT\CurrentVersion]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\Camera]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ICService]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\print]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\UnistackSvcGroup]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\utcsvc]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\WepHostSvcGroup]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]
      [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wsappx]
      [HKLM\Software\WOW6432Node\2BrightSparks]
      [HKLM\Software\WOW6432Node\8pecxstudios]
      [HKLM\Software\WOW6432Node\ALA]
      [HKLM\Software\WOW6432Node\Ashampoo]
      [HKLM\Software\WOW6432Node\ASIO]
      [HKLM\Software\WOW6432Node\ASUS Xonar Essence STX Audio]
      [HKLM\Software\WOW6432Node\ATI]
      [HKLM\Software\WOW6432Node\ATI Technologies]
      [HKLM\Software\WOW6432Node\AVAST Software]
      [HKLM\Software\WOW6432Node\BANDISOFT]
      [HKLM\Software\WOW6432Node\Caphyon]
      [HKLM\Software\WOW6432Node\EPSON]
      [HKLM\Software\WOW6432Node\Foxit Software]
      [HKLM\Software\WOW6432Node\FreeFileSync]
      [HKLM\Software\WOW6432Node\Google]
      [HKLM\Software\WOW6432Node\IM Providers]
      [HKLM\Software\WOW6432Node\Intel]
      [HKLM\Software\WOW6432Node\Khronos]
      [HKLM\Software\WOW6432Node\Licenses]
      [HKLM\Software\WOW6432Node\macrium]
      [HKLM\Software\WOW6432Node\Macromedia]
      [HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
      [HKLM\Software\WOW6432Node\Marvell]
      [HKLM\Software\WOW6432Node\Microsoft]
      [HKLM\Software\WOW6432Node\Mozilla]
      [HKLM\Software\WOW6432Node\MozillaPlugins]
      [HKLM\Software\WOW6432Node\ODBC]
      [HKLM\Software\WOW6432Node\OpenAL]
      [HKLM\Software\WOW6432Node\PowerISO]
      [HKLM\Software\WOW6432Node\Skype]
      [HKLM\Software\WOW6432Node\Stardock]
      [HKLM\Software\WOW6432Node\Virustotal]
      [HKLM\Software\WOW6432Node\Volatile]
      [HKLM\Software\WOW6432Node\webroot]
      [HKLM\Software\WOW6432Node\WOW6432Node]
      [HKLM\Software\WOW6432Node\WRData]
      [HKLM\Software\WOW6432Node\Clients]
      [HKLM\Software\WOW6432Node\Policies]
      [HKLM\Software\WOW6432Node\RegisteredApplications]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\ClickNote]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\EnterpriseResourceManager]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
      [HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\appmodel]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
      [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs] ---------- | FeatureControl [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
      "SdDisplay.exe"="1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
      "SdDisplay.exe"="11001"
      "PotPlayerMini64.exe"="11000"
      "UVKPortable.exe"="11001"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_MODE]
      "iexplore.exe"="8"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_CLIPCHILDREN_OPTIMIZATION]
      "PotPlayerMini64.exe"="1"
      [HKU\S-1-5-21-3754235531-495330377-4189813319-1001\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
      "iexplore.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
      "*"="1"
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "infopath.exe"="0"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
      "HelpPane.exe"="10000"
      "prevhost.exe"="8000"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
      "*"="1"
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "SAPfewgsrv.exe"="0"
      "SAPGUI.exe"="0"
      "SAPGuiIT.exe"="0"
      "SAPLgPad.exe"="0"
      "SAPLOGON.exe"="0"
      "Scale_for_R3.exe"="0"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
      "ieuser.exe"="1"
      "iexplore.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
      "YahooMusicEngine.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
      "HelpPane.exe"="100000"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
      "devenv.exe"="1"
      "dexplore.exe"="1"
      "helppane.exe"="1"
      "PresentationHost.exe"="0"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
      "msfeedssync.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
      "HelpPane.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
      ""=""
      "msiexec.exe"="0"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
      "cs.exe"="1"
      "waol.exe"="1"
      "wm.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
      "iexplore.exe"="0"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
      "helppane.exe"="0"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
      "wlmail.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      "msaccess.exe"="1"
      "powerpnt.exe"="1"
      "excel.exe"="1"
      "winword.exe"="1"
      "winwordd.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
      "explorer.exe"="4"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
      "explorer.exe"="2"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
      "mshta.exe"="1"
      "outlook.exe"="1"
      "sidebar.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
      "explorer.exe"="0"
      "iexplore.exe"="0"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
      "communicator.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
      "msimn.exe"="1"
      "prevhost.exe"="1"
      "winmail.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
      "HelpPane.exe"="0"
      "prevhost.exe"="0"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
      "msimn.exe"="1"
      "outlook.exe"="1"
      "winmail.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
      "HelpPane.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
      "excel.exe"="1"
      "infopath.exe"="1"
      "powerpnt.exe"="1"
      "winword.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
      "HelpPane.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
      "msn.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
      "iexplore.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      "clview.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
      "*"="1"
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "infopath.exe"="0"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
      "HelpPane.exe"="10000"
      "prevhost.exe"="8000"
      "Skype.exe"="11001"
      "SkypeBrowserHost.exe"="10001"
      "FoxitPhantomPDF.exe"="11000"
      "mbam.exe"="11000"
      "WiseProgramUninstaller.exe"="11000"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
      "*"="1"
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "SAPfewgsrv.exe"="0"
      "SAPGUI.exe"="0"
      "SAPGuiIT.exe"="0"
      "SAPLgPad.exe"="0"
      "SAPLOGON.exe"="0"
      "Scale_for_R3.exe"="0"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
      "ieuser.exe"="1"
      "iexplore.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
      "YahooMusicEngine.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DOCUMENT_COMPATIBLE_MODE]
      "HelpPane.exe"="100000"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
      "devenv.exe"="1"
      "dexplore.exe"="1"
      "helppane.exe"="1"
      "PresentationHost.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
      "msfeedssync.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
      "HelpPane.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
      ""=""
      "msiexec.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
      "cs.exe"="1"
      "waol.exe"="1"
      "wm.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
      "iexplore.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
      "helppane.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
      "wlmail.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
      "explorer.exe"="4"
      "Skype.exe"="6"
      "SkypeBrowserHost.exe"="6"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
      "explorer.exe"="2"
      "Skype.exe"="6"
      "SkypeBrowserHost.exe"="6"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
      "mshta.exe"="1"
      "outlook.exe"="1"
      "sidebar.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
      "explorer.exe"="0"
      "iexplore.exe"="0"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
      "communicator.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
      "msimn.exe"="1"
      "prevhost.exe"="1"
      "winmail.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
      "HelpPane.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
      "explorer.exe"="1"
      "HelpPane.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
      "HelpPane.exe"="0"
      "prevhost.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
      "PresentationHost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
      "msimn.exe"="1"
      "outlook.exe"="1"
      "winmail.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
      "HelpPane.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
      "excel.exe"="1"
      "infopath.exe"="1"
      "powerpnt.exe"="1"
      "winword.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
      "HelpPane.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VIEWLINKEDWEBOC_IS_UNSAFE]
      "HelpPane.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
      "mbam.exe"="0"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
      "msn.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "wmplayer.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
      "iexplore.exe"="1"
      "prevhost.exe"="1"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
      "explorer.exe"="1"
      "iexplore.exe"="1"
      "PresentationHost.exe"="1"
      "prevhost.exe"="1"
      "wmplayer.exe"="1" ---------- | The Created last ones ¦ Modified [MD5.01C2DBF55CAEDE1D3CA17F07F2534EF2] - [11/01/2017 10:27:31] - |A| - [43524096] - C:\WINDOWS\Installer\8137a326.msi
      [MD5.1227887B20C2646CA402AE3C7B97440F] - [18/01/2017 10:51:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{0D3E9E15-DE7A-300B-96F1-B4AF12B96488}
      [MD5.EFBBB7F43A39F8E67F1C4619D93E4599] - [18/01/2017 10:51:25] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}
      [MD5.BD1256AE79E035FF6338C60BC41A0940] - [18/01/2017 10:51:38] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BC958BD2-5DAC-3862-BB1A-C1BE0790438D}
      [MD5.85DA1FDA1663891A2C2400D0EB0053DE] - [18/01/2017 10:51:25] - |A| - [20480] - C:\WINDOWS\Installer\SourceHash{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}
      [MD5.00000000000000000000000000000000] - [11/01/2017 10:27:44] - |D| - [143612] - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}
      [MD5.E43AEE6A66067C6535C1F994BCFB93A1] - [20/01/2017 12:09:28] - |A| - [391496] - C:\WINDOWS\system32\aswBoot.exe
      [MD5.00000000000000000000000000000000] - [21/01/2017 16:36:49] - |D| - [65536] - C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿ8
      [MD5.00000000000000000000000000000000] - [22/01/2017 11:40:43] - |D| - [0] - C:\WINDOWS\system32\ÿÿÿÿÿÿÿÿerStore ---------- | Drives
      D:
      ---------- | C: [30/10/2015 18:24:24] - |SHD| - [548080989] - C:\$Recycle.Bin
      [20/01/2017 10:30:20] - |D| - [5460655] - C:\AdwCleaner
      [15/07/2016 14:05:07] - |D| - [113592595] - C:\AMD
      [17/07/2016 10:42:30] - |D| - [255448015] - C:\boot
      [MD5.0DBACCF6F62484244F6A48B7584019A8] - [30/10/2015 19:13:43] - |RASH| - (.-.) - [400228] - (0.0.0.0) - C:\bootmgr
      [MD5.93B885ADFE0DA089CDF634904FD59F71] - [30/10/2015 19:13:44] - |ASH| - (.-.) - [1] - (0.0.0.0) - C:\BOOTNXT
      [MD5.7F8AF53C42B892D90E0D888797057E91] - [08/11/2016 13:02:16] - |A| - (.-.) - [84916] - (0.0.0.0) - C:\cc_20161108_130213.reg
      [16/07/2016 07:00:30] - |SHD| - [0] - C:\Documents and Settings
      [20/01/2017 16:27:30] - |D| - [102671433] - C:\FRST
      [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/11/2016 16:14:39] - |ASH| - (.-.) - [6834819072] - (0.0.0.0) - C:\hiberfil.sys
      [27/04/2016 17:42:39] - |D| - [17268736] - C:\Logs
      [15/07/2016 17:08:40] - |RHD| - [723967093] - C:\MSOCache
      [21/07/2016 11:22:53] - |D| - [2348650120] - C:\My Shared Folder
      [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/07/2016 06:58:57] - |ASH| - (.-.) - [1073741824] - (0.0.0.0) - C:\pagefile.sys
      [16/07/2016 22:47:47] - |D| - [0] - C:\PerfLogs
      [15/07/2016 15:27:05] - |D| - [2980637051] - C:\portable apps
      [02/09/2016 15:25:48] - |D| - [0] - C:\processed mp3
      [16/07/2016 17:04:24] - |RD| - [3620826521] - C:\Program Files
      [16/07/2016 17:04:24] - |RD| - [1988286544] - C:\Program Files (x86)
      [16/07/2016 22:47:48] - |AHD| - [1649006402] - C:\ProgramData
      [24/01/2017 14:07:36] - |D| - [262052] - C:\QuickDiag
      [MD5.E2ACBC051880E7EC6BC310026A794C52] - [24/01/2017 14:08:46] - |A| - (.-.) - [301726] - (0.0.0.0) - C:\QuickDiag.txt
      [11/11/2016 11:11:00] - |SHD| - [971] - C:\Recovery
      [23/07/2016 16:25:22] - |D| - [410030110] - C:\RegBackup
      [MD5.D41D8CD98F00B204E9800998ECF8427E] - [16/07/2016 06:58:57] - |ASH| - (.-.) - [16777216] - (0.0.0.0) - C:\swapfile.sys
      [16/07/2016 06:58:56] - |SHD| - [0] - C:\System Volume Information
      [15/07/2016 15:31:37] - |D| - [6960297400] - C:\Temp
      [16/07/2016 17:04:24] - |RD| - [88857630847] - C:\Users
      [16/07/2016 17:04:24] - |D| - [22115571843] - C:\Windows
      [20/07/2016 16:17:55] - |D| - [505509599] - C:\Z97X-UD5H-BK 20-Jul-16 3-17-55 PM ---------- | C:\WINDOWS [16/07/2016 22:47:48] - |D| - [802] - C:\WINDOWS\addins
      [16/07/2016 22:47:48] - |D| - [11791252] - C:\WINDOWS\appcompat
      [16/07/2016 22:47:48] - |D| - [12418566] - C:\WINDOWS\AppPatch
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\AppReadiness
      [16/07/2016 22:47:47] - |RSD| - [905483285] - C:\WINDOWS\assembly
      [MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/07/2016 14:05:08] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\ativpsrm.bin
      [MD5.12EBDA58437CD1EA7066FCB6455241D2] - [30/08/2016 15:05:07] - |A| - (.Copyright (c) 2014 AVAST Software - avast! Screen Saver stub.) - [53208] - (12.3.3154.0) - C:\WINDOWS\avastSS.scr
      [16/07/2016 22:47:48] - |D| - [272580] - C:\WINDOWS\bcastdvr
      [MD5.7B465E25ADF5D6DBCE9DCAE3C6545405] - [16/07/2016 22:42:16] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [61440] - (10.0.14393.0) - C:\WINDOWS\bfsvc.exe
      [17/07/2016 01:29:36] - |SHD| - [591899] - C:\WINDOWS\BitLockerDiscoveryVolumeContents
      [16/07/2016 22:47:48] - |D| - [38115521] - C:\WINDOWS\Boot
      [MD5.7805E6F1D9596FA94A9AD69A2B4FFA23] - [10/11/2016 16:12:10] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\WINDOWS\bootstat.dat
      [16/07/2016 22:47:48] - |D| - [3715096] - C:\WINDOWS\Branding
      [16/07/2016 22:36:22] - |D| - [0] - C:\WINDOWS\CbsTemp
      [MD5.4A29BFC96FC8DA14587F01A1D2A278F2] - [15/07/2016 14:53:54] - |A| - (.-.) - [4879] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.cfg
      [MD5.11177480C554EEE171F517D92F065529] - [15/07/2016 14:53:55] - |A| - (.-.) - [52576] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.cfl
      [MD5.770459804C0B7AF057B19BDAA7287B20] - [15/07/2016 14:53:54] - |A| - (.-.) - [1154] - (0.0.0.0) - C:\WINDOWS\Cmicnfgp.ini.imi
      [MD5.E58124757713EE89D06897AE95E77270] - [15/07/2016 14:53:54] - |A| - (.-.) - [491] - (0.0.0.0) - C:\WINDOWS\cmudaxp.ini
      [MD5.D8F768A92F71D5F69C859F6A5C7A0606] - [10/11/2016 16:14:54] - |A| - (.-.) - [6540] - (0.0.0.0) - C:\WINDOWS\comsetup.log
      [15/07/2016 14:00:47] - |D| - [0] - C:\WINDOWS\CSC
      [16/07/2016 22:47:48] - |D| - [9074162] - C:\WINDOWS\Cursors
      [16/07/2016 22:47:48] - |D| - [2893219] - C:\WINDOWS\debug
      [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [10/11/2016 16:15:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagerr.xml
      [16/07/2016 22:47:48] - |D| - [4494460] - C:\WINDOWS\diagnostics
      [MD5.99F5D5BBD351694638DF3C0CC4A919A3] - [10/11/2016 16:15:55] - |A| - (.-.) - [7623] - (0.0.0.0) - C:\WINDOWS\diagwrn.xml
      [MD5.9CADC91DF349C198FFB5477A5B23B6C2] - [15/07/2016 14:53:54] - |A| - (.© Microsoft Corporation. - Driver Install Frameworks for API library module.) - [524768] - (2.1.0.0) - C:\WINDOWS\difxapi.dll
      [17/07/2016 01:14:00] - |D| - [0] - C:\WINDOWS\DigitalLocker
      [16/07/2016 22:47:48] - |SD| - [65] - C:\WINDOWS\Downloaded Program Files
      [MD5.35D8790AAB5C5F65F4E3A344345234DA] - [16/07/2016 22:49:13] - |A| - (.-.) - [4176] - (0.0.0.0) - C:\WINDOWS\DtcInstall.log
      [16/07/2016 22:47:48] - |HD| - [44056] - C:\WINDOWS\ELAMBKUP
      [17/07/2016 01:14:00] - |D| - [105984] - C:\WINDOWS\en-US
      [MD5.43BF96FCF50945BE35C22206980C9068] - [11/11/2016 11:09:05] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [4673304] - (10.0.14393.447) - C:\WINDOWS\explorer.exe
      [16/07/2016 22:47:48] - |RSD| - [389580888] - C:\WINDOWS\Fonts
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\GameBarPresenceWriter
      [16/07/2016 22:47:48] - |D| - [27490828] - C:\WINDOWS\Globalization
      [16/07/2016 22:47:48] - |D| - [1405337] - C:\WINDOWS\Help
      [MD5.553DF2ABF34649763324BC5470D04317] - [16/07/2016 22:42:20] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [975360] - (10.0.14393.0) - C:\WINDOWS\HelpPane.exe
      [MD5.52AFE6DE5E463B7A08C184B1EB49DD6A] - [16/07/2016 22:42:21] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [18432] - (10.0.14393.0) - C:\WINDOWS\hh.exe
      [16/07/2016 22:47:48] - |D| - [173189416] - C:\WINDOWS\IME
      [16/07/2016 22:47:48] - |RD| - [6841392] - C:\WINDOWS\ImmersiveControlPanel
      [16/07/2016 22:45:54] - |D| - [54986644] - C:\WINDOWS\INF
      [16/07/2016 22:47:48] - |D| - [1076853729] - C:\WINDOWS\InfusedApps
      [16/07/2016 22:47:48] - |D| - [36285422] - C:\WINDOWS\InputMethod
      [16/07/2016 22:47:48] - |SHD| - [4010206032] - C:\WINDOWS\Installer
      [16/07/2016 22:47:48] - |D| - [89407] - C:\WINDOWS\L2Schemas
      [16/07/2016 22:47:48] - |D| - [882096548] - C:\WINDOWS\LiveKernelReports
      [16/07/2016 17:04:29] - |D| - [21644329] - C:\WINDOWS\Logs
      [MD5.CF26438B72C37413AA12BE1A1DA1C387] - [17/11/2016 12:08:06] - |A| - (.-.) - [5007] - (0.0.0.0) - C:\WINDOWS\Macrium Reflect Patch Log.txt
      [16/07/2016 22:47:48] - |RSD| - [20316123] - C:\WINDOWS\Media
      [MD5.23AF90D2355D8C83AA4567EF1763B467] - [16/07/2016 22:42:12] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\WINDOWS\mib.bin
      [16/07/2016 22:47:47] - |RD| - [730094365] - C:\WINDOWS\Microsoft.NET
      [16/07/2016 22:47:48] - |D| - [2563] - C:\WINDOWS\Migration
      [16/07/2016 22:47:48] - |RD| - [484593] - C:\WINDOWS\MiracastView
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\ModemLogs
      [MD5.3B508CAE5DEBCBA928B5BC355517E2E6] - [16/07/2016 22:43:51] - |A| - (.© Microsoft Corporation. - Notepad.) - [243200] - (10.0.14393.0) - C:\WINDOWS\notepad.exe
      [17/07/2016 01:15:09] - |D| - [219754] - C:\WINDOWS\OCR
      [16/07/2016 22:47:48] - |RD| - [65] - C:\WINDOWS\Offline Web Pages
      [MD5.22E9853298C96B1AB89D8F71C4E82302] - [24/09/2016 14:28:26] - |A| - (.Copyright (c) 2012-2015 Power Admin LLC - PAExec Application.) - [189112] - (1.26.0.0) - C:\WINDOWS\PAExec.exe
      [11/11/2016 11:11:00] - |DC| - [257364032] - C:\WINDOWS\Panther
      [16/07/2016 22:47:48] - |D| - [29400963] - C:\WINDOWS\Performance
      [MD5.5CE93CD98D979232883C63F09231DC23] - [10/11/2016 16:14:39] - |A| - (.-.) - [36560] - (0.0.0.0) - C:\WINDOWS\PFRO.log
      [16/07/2016 22:47:48] - |D| - [1121835] - C:\WINDOWS\PLA
      [16/07/2016 22:47:48] - |D| - [6168888] - C:\WINDOWS\PolicyDefinitions
      [10/11/2016 16:11:40] - |D| - [4788533] - C:\WINDOWS\Prefetch
      [16/07/2016 22:47:48] - |RD| - [2036530] - C:\WINDOWS\PrintDialog
      [MD5.4ACE1A172D35E492443D29527441BB30] - [17/07/2016 01:30:48] - |A| - (.-.) - [33882] - (0.0.0.0) - C:\WINDOWS\Professional.xml
      [16/07/2016 22:47:48] - |D| - [1415126] - C:\WINDOWS\Provisioning
      [MD5.EFE3D78833FEDAF7F24C264BF9976301] - [16/07/2016 22:42:17] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [320512] - (10.0.14393.0) - C:\WINDOWS\regedit.exe
      [16/07/2016 22:47:48] - |D| - [1094420] - C:\WINDOWS\Registration
      [17/07/2016 01:29:36] - |D| - [0] - C:\WINDOWS\RemotePackages
      [16/07/2016 22:47:48] - |D| - [3640336] - C:\WINDOWS\rescache
      [16/07/2016 22:47:48] - |D| - [3868402] - C:\WINDOWS\Resources
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\SchCache
      [16/07/2016 22:47:48] - |D| - [121229] - C:\WINDOWS\schemas
      [16/07/2016 22:47:48] - |D| - [9249596] - C:\WINDOWS\security
      [10/11/2016 16:11:29] - |D| - [43622263] - C:\WINDOWS\ServiceProfiles
      [16/07/2016 17:04:24] - |D| - [115011971] - C:\WINDOWS\servicing
      [16/07/2016 22:49:46] - |D| - [42] - C:\WINDOWS\Setup
      [MD5.707740924999691826836B5010267874] - [10/11/2016 16:11:41] - |A| - (.-.) - [28492] - (0.0.0.0) - C:\WINDOWS\setupact.log
      [MD5.D41D8CD98F00B204E9800998ECF8427E] - [10/11/2016 16:11:41] - |A| - (.-.) - [0] - (0.0.0.0) - C:\WINDOWS\setuperr.log
      [16/07/2016 22:47:48] - |D| - [31190016] - C:\WINDOWS\ShellExperiences
      [27/04/2016 17:21:24] - |D| - [35886] - C:\WINDOWS\ShellNew
      [17/07/2016 01:14:36] - |D| - [3757408] - C:\WINDOWS\SKB
      [23/07/2016 16:27:36] - |D| - [90528057] - C:\WINDOWS\SoftwareDistribution
      [16/07/2016 22:47:48] - |D| - [107844594] - C:\WINDOWS\Speech
      [16/07/2016 22:47:48] - |D| - [51335125] - C:\WINDOWS\Speech_OneCore
      [MD5.BCDB205132974EC3AB6F5C01DD93489B] - [11/11/2016 11:04:57] - |A| - (.© Microsoft Corporation. - Print driver host for applications.) - [130560] - (10.0.14393.351) - C:\WINDOWS\splwow64.exe
      [16/07/2016 22:47:48] - |D| - [875530] - C:\WINDOWS\System
      [MD5.286A9EDB379DC3423A528B0864A0F111] - [30/10/2015 18:24:29] - |A| - (.-.) - [219] - (0.0.0.0) - C:\WINDOWS\system.ini
      [16/07/2016 17:04:24] - |D| - [5069325318] - C:\WINDOWS\System32
      [16/07/2016 22:47:48] - |D| - [145475045] - C:\WINDOWS\SystemApps
      [16/07/2016 22:47:48] - |D| - [17388709] - C:\WINDOWS\SystemResources
      [16/07/2016 17:04:27] - |D| - [1292643685] - C:\WINDOWS\SysWOW64
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\TAPI
      [30/10/2015 18:24:25] - |D| - [2734] - C:\WINDOWS\Tasks
      [16/07/2016 22:47:48] - |D| - [4980] - C:\WINDOWS\Temp
      [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\tracing
      [16/07/2016 22:47:48] - |D| - [225792] - C:\WINDOWS\twain_32
      [MD5.21F91141B4796108A50733B14850CDF2] - [16/07/2016 22:43:52] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [66560] - (1.7.1.3) - C:\WINDOWS\twain_32.dll
      [17/07/2016 11:04:47] - |D| - [281600] - C:\WINDOWS\twain_64
      [MD5.CA2A8AF1DBAD0F31F9B33A2827DFBC16] - [23/07/2016 16:25:23] - |A| - (.-.) - [207] - (0.0.0.0) - C:\WINDOWS\tweaking.com-regbackup-OFFICE6410-Windows-10-Pro-(64-bit).dat
      [16/07/2016 22:47:48] - |D| - [12420] - C:\WINDOWS\Vss
      [16/07/2016 22:47:48] - |D| - [101486259] - C:\WINDOWS\Web
      [MD5.23CF8138F49416231807E6DE371FB9E6] - [30/10/2015 18:24:29] - |A| - (.-.) - [92] - (0.0.0.0) - C:\WINDOWS\win.ini
      [MD5.C844CA459F3B209329984772269B6E56] - [16/07/2016 22:42:32] - |RAH| - (.-.) - [670] - (0.0.0.0) - C:\WINDOWS\WindowsShell.Manifest
      [MD5.038356387332650843BCB352BB89A101] - [10/11/2016 15:12:13] - |A| - (.-.) - [275] - (0.0.0.0) - C:\WINDOWS\WindowsUpdate.log
      [MD5.9328E170E5407D9DDE7EB1E208A2CBB4] - [16/07/2016 22:42:48] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [10240] - (10.0.14393.0) - C:\WINDOWS\winhlp32.exe
      [16/07/2016 17:04:24] - |D| - [6294634177] - C:\WINDOWS\WinSxS
      [MD5.E7E4D8D7340DA6934B9EA81CBB21374C] - [16/07/2016 22:43:08] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\WINDOWS\WMSysPr9.prx
      [MD5.E87C6A38E61A712C48025A6AD54C1113] - [16/07/2016 22:42:39] - |A| - (.© Microsoft Corporation. - Windows Write.) - [11264] - (10.0.14393.0) - C:\WINDOWS\write.exe
      [MD5.138DCF6DCAB9A273267E5BD7E8F79A9E] - [15/07/2016 14:53:56] - |A| - (.-.) - [97846] - (0.0.0.0) - C:\WINDOWS\Xonar STX Audio.ico
      [MD5.376AB38903301084A831934237CBADBE] - [16/07/2016 12:45:53] - |A| - (.-.) - [428240] - (0.0.0.0) - C:\WINDOWS\ZAM.krnl.trace
      [MD5.BFA37A3513CC2FF852AFC75CE60C0353] - [16/07/2016 12:45:52] - |A| - (.-.) - [412253] - (0.0.0.0) - C:\WINDOWS\ZAM_Guard.krnl.trace ---------- | C:\WINDOWS\System32\GroupPolicy [17/07/2016 10:58:04] - |D| - [0] - C:\WINDOWS\System32\GroupPolicy\User ---------- | Systemroot\System [15/07/2016 14:53:54] - |A| - [1093] - C:\WINDOWS\System\Cmicnfgp.ini     () - ()
      [03/06/2015 11:23:06] - |A| - [315392] - C:\WINDOWS\System\CmiFltr.dll     (Copyright c 2004) - (CmiFltr)
      [15/07/2016 14:53:55] - |A| - [134] - C:\WINDOWS\System\Dlap.pfx     () - ()
      [15/07/2016 14:53:56] - |A| - [282112] - C:\WINDOWS\System\HsMgr64.exe     (Copyright (C) 2007) - (HsMgr Application)
      [15/07/2016 14:53:56] - |A| - [122880] - C:\WINDOWS\System\HsSrv64.dll     (Copyright (C) 2008 C-Media Electronics Inc.) - (HsSrv Dynamic Link Library)
      [15/07/2016 14:53:56] - |A| - [122880] - C:\WINDOWS\System\HsSrv642.dll     (Copyright (C) 2008 C-Media Electronics Inc.) - (HsSrv Dynamic Link Library) ---------- | Systemroot\Installer (Microsoft Files Whitelisted) [17/09/2016 06:58:26] - C:\WINDOWS\Installer\1edcfb10.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:58:52] - C:\WINDOWS\Installer\1edcfb15.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:59:16] - C:\WINDOWS\Installer\1edcfb1a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:59:40] - C:\WINDOWS\Installer\1edcfb1f.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:30] - C:\WINDOWS\Installer\1edcfb4e.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:54] - C:\WINDOWS\Installer\1edcfb59.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:18] - C:\WINDOWS\Installer\1edcfb5e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:44] - C:\WINDOWS\Installer\1edcfb63.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:02:10] - C:\WINDOWS\Installer\1edcfb68.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:02:34] - C:\WINDOWS\Installer\1edcfb6d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:03:22] - C:\WINDOWS\Installer\1edcfb88.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:03:46] - C:\WINDOWS\Installer\1edcfb93.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:10] - C:\WINDOWS\Installer\1edcfb98.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:34] - C:\WINDOWS\Installer\1edcfb9d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:58] - C:\WINDOWS\Installer\1edcfba2.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:05:22] - C:\WINDOWS\Installer\1edcfba7.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:06:08] - C:\WINDOWS\Installer\1edcfbc3.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:06:32] - C:\WINDOWS\Installer\1edcfbce.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:42] - C:\WINDOWS\Installer\1edcfbd3.msi : (AMD Start Now Installation package - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:08] - C:\WINDOWS\Installer\1edcfbd8.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:44] - C:\WINDOWS\Installer\1edcfbdd.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [11/07/2015 17:44:38] - C:\WINDOWS\Installer\24d8df.msi : (Intel(R) ME UninstallLegacy - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [11/07/2015 17:44:50] - C:\WINDOWS\Installer\24d8e3.msi : (Intel(R) Management Engine Components - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [27/06/2015 10:21:04] - C:\WINDOWS\Installer\24d8e7.msi : (Intel(R) Chipset Device Software - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:52:34] - C:\WINDOWS\Installer\47d10.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:52:40] - C:\WINDOWS\Installer\47d14.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:52:48] - C:\WINDOWS\Installer\47d18.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:52:56] - C:\WINDOWS\Installer\47d1c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:02] - C:\WINDOWS\Installer\47d20.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:10] - C:\WINDOWS\Installer\47d24.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:16] - C:\WINDOWS\Installer\47d28.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:22] - C:\WINDOWS\Installer\47d2c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:30] - C:\WINDOWS\Installer\47d30.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:36] - C:\WINDOWS\Installer\47d34.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:44] - C:\WINDOWS\Installer\47d38.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:50] - C:\WINDOWS\Installer\47d3c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:53:58] - C:\WINDOWS\Installer\47d40.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:04] - C:\WINDOWS\Installer\47d44.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:12] - C:\WINDOWS\Installer\47d48.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:18] - C:\WINDOWS\Installer\47d4c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:26] - C:\WINDOWS\Installer\47d50.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:32] - C:\WINDOWS\Installer\47d54.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:38] - C:\WINDOWS\Installer\47d58.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:46] - C:\WINDOWS\Installer\47d5c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [30/11/2015 15:54:54] - C:\WINDOWS\Installer\47d60.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [15/07/2016 14:48:15] - C:\WINDOWS\Installer\61755.msi : (Intel(R) Network Connections - Intel)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [01/11/2016 13:34:36] - C:\WINDOWS\Installer\66966d64.msi : (Classic Shell - IvoSoft)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [11/01/2017 10:27:31] - C:\WINDOWS\Installer\8137a326.msi : (Skype - Skype Technologies S.A.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [16/07/2016 15:49:02] - C:\WINDOWS\Installer\815189.msi : (MailWasherPro - Firetrust)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/07/2016 10:41:56] - C:\WINDOWS\Installer\d56ae.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:58:26] - C:\WINDOWS\Installer\d619.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:58:52] - C:\WINDOWS\Installer\d61e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:59:16] - C:\WINDOWS\Installer\d623.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 06:59:40] - C:\WINDOWS\Installer\d628.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:04] - C:\WINDOWS\Installer\d62d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:30] - C:\WINDOWS\Installer\d632.msi : (Catalyst Control Center next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:54] - C:\WINDOWS\Installer\d637.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:18] - C:\WINDOWS\Installer\d63c.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:44] - C:\WINDOWS\Installer\d641.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:02:10] - C:\WINDOWS\Installer\d646.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:02:34] - C:\WINDOWS\Installer\d64b.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:02:58] - C:\WINDOWS\Installer\d650.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:03:22] - C:\WINDOWS\Installer\d655.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:03:46] - C:\WINDOWS\Installer\d65a.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:10] - C:\WINDOWS\Installer\d65f.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:34] - C:\WINDOWS\Installer\d664.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:04:58] - C:\WINDOWS\Installer\d669.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:05:22] - C:\WINDOWS\Installer\d66e.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:05:46] - C:\WINDOWS\Installer\d673.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:06:08] - C:\WINDOWS\Installer\d678.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:06:32] - C:\WINDOWS\Installer\d67d.msi : (Catalyst Control Center Next - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:42] - C:\WINDOWS\Installer\d682.msi : (AMD Start Now Installation package - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:00:08] - C:\WINDOWS\Installer\d687.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/09/2016 07:01:44] - C:\WINDOWS\Installer\d68c.msi : (AMD Settings - Advanced Micro Devices, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [16/07/2016 17:57:15] - C:\WINDOWS\Installer\f63fec.msi : (CyberPower PowerPanel Personal Edition 1.6.1 - Cyber Power Systems, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [17/07/2016 10:41:56] - C:\WINDOWS\Installer\reflect_setupv6.1.1366-x64-00.msi : (Paramount Software (UK) Ltd - Paramount Software (UK) Ltd.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}\ARPPRODUCTICON.exe     () - ()
      [16/07/2016 10:21:07] - [733166] - C:\WINDOWS\Installer\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}\IconName.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{26567561-DFB2-2B63-9BA8-6A490ED37016}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{2F544F46-5F6E-97BB-3550-A0242A3C5754}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}\ARPPRODUCTICON.exe     () - ()
      [01/11/2016 13:35:23] - [34494] - C:\WINDOWS\Installer\{383BB30A-B4A7-4666-9A83-22CFA8640097}\StartScreen.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{3AF70346-52C7-0334-606F-118D1C1CB7A2}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{51F85784-6799-5CA3-97B2-2E5904FC3E58}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:13] - [8306] - C:\WINDOWS\Installer\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{53AE8AC7-5213-67AF-0DC0-CED696B77643}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{59D2664C-949B-7FA7-9880-ECB993B6616A}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{5FD706FF-6AD8-E372-A35A-879409982655}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{5FEACE78-C338-9AED-FF05-7DE7E273C774}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:49:35] - [326456] - C:\WINDOWS\Installer\{638A518B-0D2E-4143-ACF8-F3D83D822E85}\ARPPRODUCTICON.exe     (Copyright (C) 2012 Intel Corporation.) - (Intel (R) Network Connections Driver Uninstaller)
      [16/07/2016 15:49:42] - [285478] - C:\WINDOWS\Installer\{6657DA03-A39B-472C-8458-6292E128A3D9}\ext.exe     () - ()
      [16/07/2016 15:49:42] - [285478] - C:\WINDOWS\Installer\{6657DA03-A39B-472C-8458-6292E128A3D9}\SystemFolder_msiexec_1.exe     () - ()
      [17/07/2016 10:42:24] - [43646] - C:\WINDOWS\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\ImgToVHD.exe     () - ()
      [17/07/2016 10:42:24] - [19942] - C:\WINDOWS\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\xReflect.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{970A40CA-46AB-986C-1798-976ED0EA00FA}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{A50C89BC-8D8E-8828-824A-7171F6D583D5}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{AC85CF50-9A55-0103-ADBF-365C37603AA4}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:12] - [8306] - C:\WINDOWS\Installer\{AD28960A-6190-C991-C964-308B86EAA2E2}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{B349892D-B015-033C-4CA8-3635E6B655D7}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:10] - [8306] - C:\WINDOWS\Installer\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:27] - [8306] - C:\WINDOWS\Installer\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:28] - [8306] - C:\WINDOWS\Installer\{C14A3A5B-8A86-C239-37D7-158211778C54}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{C3EE628C-7394-FE2C-0C90-C05284EB528D}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{DAB44116-0266-C65B-B643-AC11217C3041}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:12] - [4846] - C:\WINDOWS\Installer\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:11] - [8306] - C:\WINDOWS\Installer\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}\ARPPRODUCTICON.exe     () - ()
      [10/11/2016 16:12:13] - [8306] - C:\WINDOWS\Installer\{E29B4E12-2EB0-93F6-8556-3ED42722D653}\ARPPRODUCTICON.exe     () - ()
      [16/07/2016 17:57:26] - [4846] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\assist_1.exe     () - ()
      [16/07/2016 17:57:26] - [13822] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe.exe     () - ()
      [16/07/2016 17:57:26] - [13822] - C:\WINDOWS\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe_1.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}\ARPPRODUCTICON.exe     () - ()
      [15/07/2016 14:05:26] - [8306] - C:\WINDOWS\Installer\{FC4086D6-E345-5F43-08BB-280FB57DAF49}\ARPPRODUCTICON.exe     () - ()
      [11/01/2017 10:27:44] - [143612] - C:\WINDOWS\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe     () - () ---------- | %System%\*.in* [15/07/2016 14:53:56] - [61] - C:\WINDOWS\System32\cmasiopx.ini
      [16/07/2016 22:43:08] - [3458] - C:\WINDOWS\System32\ieuinit.inf
      [27/10/2012 10:42:24] - [29494] - C:\WINDOWS\System32\lvcoin64.ini
      [15/07/2016 14:07:14] - [1169502] - C:\WINDOWS\System32\PerfStringBackup.INI
      [16/07/2016 22:42:39] - [60124] - C:\WINDOWS\System32\tcpmon.ini
      [16/07/2016 22:42:11] - [2307] - C:\WINDOWS\System32\WimBootCompress.ini
      [15/07/2016 14:53:56] - [57] - C:\WINDOWS\Syswow64\cmasiop.ini
      [16/07/2016 22:43:59] - [3458] - C:\WINDOWS\Syswow64\ieuinit.inf
      [16/07/2016 22:42:43] - [2307] - C:\WINDOWS\Syswow64\WimBootCompress.ini ---------- | Listing no Microsoft signed files (Not necessary Malwares) | system32 | Syswow64 | General scan [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\AppPatch\Custom\Custom64
      [MD5.B7C476BBE4F001F4F33C04D9ABC33DC8] - |A| - [16/07/2016 22:42:17] - (.-.) - [14.52 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\pcamain.sdb
      [MD5.50EF6BB9E06CAE09D33E89B989D0D766] - |A| - [11/11/2016 11:04:57] - (.-.) - [539.77 Ko] - (0.0.0.0) - C:\WINDOWS\AppPatch\AppPatch64\sysmain.sdb
      [MD5.00000000000000000000000000000000] - |D| - [20/01/2017 16:37:55] - [0 Ko] - C:\WINDOWS\Temp\macrium
      [MD5.BADCBB7052C7D58D4985AA354AF7B703] - |A| - [20/01/2017 17:21:00] - (.-.) - [4.86 Ko] - (0.0.0.0) - C:\WINDOWS\Temp\MpCmdRun.log
      [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 16:14:52] - [0 Ko] - C:\WINDOWS\Temp\_avast_
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:00] - [0 Ko] - C:\WINDOWS\System32\0409
      [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 22:42:35] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@AudioToastIcon.png
      [MD5.8E4B25CC8E98F63DBD54176DFAB539E0] - |A| - [16/07/2016 22:42:05] - (.-.) - [0.44 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@BackgroundAccessToastIcon.png
      [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 22:42:38] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@EnrollmentToastIcon.png
      [MD5.373CF57FF3DAAEEB629F90CE7226B30D] - |A| - [16/07/2016 22:42:41] - (.-.) - [0.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@language_notification_icon.png
      [MD5.46DACDA5036EBECEDF08427407E3017C] - |A| - [16/07/2016 22:42:40] - (.-.) - [0.51 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@optionalfeatures.png
      [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 22:42:38] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@VpnToastIcon.png
      [MD5.7AC3EA1A5175106ED6467FF0C5315541] - |A| - [16/07/2016 22:42:38] - (.-.) - [14.75 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WiFiNotificationIcon.png
      [MD5.58B6CB6A8528BA1B267CFAE325E6B834] - |A| - [16/07/2016 22:42:23] - (.-.) - [20.3 Ko] - (0.0.0.0) - C:\WINDOWS\System32\@WindowsHelloFaceToastIcon.png
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:29] - [3176.34 Ko] - C:\WINDOWS\System32\AdvancedInstallers
      [MD5.15E48BE612310DCE461355B5FA6EFEB0] - |A| - [16/12/2015 17:06:10] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amd-vulkan64.json
      [MD5.D3E20E50BAFB4D0A9440491500C68B80] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [162.51 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdave64.dll
      [MD5.60D3FF6476231E05A194FA08126B4C74] - |A| - [26/10/2016 01:04:24] - (.-.) - [260.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdgfxinfo64.dll
      [MD5.B75FF1E9B2F49D9A88850DEDAA493DD7] - |A| - [26/10/2016 01:05:38] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [158.41 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdhcp64.dll
      [MD5.35F0ED7436D860A33D533CD5BE219E00] - |A| - [05/07/2016 10:56:32] - (.-.) - [17.26 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AMDKernelEvents.man
      [MD5.3E78CA7A3379BA252FC8B22661D26925] - |A| - [26/10/2016 01:04:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [750.02 Ko] - (1.0.5.1) - C:\WINDOWS\System32\amdlvr64.dll
      [MD5.2A03D9F82CAD8E9746F9C74A9C41DABA] - |A| - [26/10/2016 01:04:26] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [98.52 Ko] - (1.6.0.0) - C:\WINDOWS\System32\amdmcl64.dll
      [MD5.644ED8E7B1B54E0BEA0E7F29B3A4EF05] - |A| - [26/10/2016 01:05:38] - (.-.) - [477.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\amdmiracast.dll
      [MD5.68D1E35540A34E28334F8DDE07614612] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [127.17 Ko] - (21.19.137.1) - C:\WINDOWS\System32\amdpcom64.dll
      [MD5.22BBEB9339D3A0BBFD7604C12CE623A1] - |A| - [26/10/2016 01:04:36] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [9185.02 Ko] - (1.0.21.0) - C:\WINDOWS\System32\amdvlk64.dll
      [MD5.73909BE2A96CF1A415642A616E0C9A0C] - |A| - [26/10/2016 01:04:38] - (.Advanced Micro Devices, Inc. Copyright (C) 2016 - Advanced Media Framework.) - [2405.52 Ko] - (1.3.0.5) - C:\WINDOWS\System32\amfrt64.dll
      [MD5.971819F3DD0996BCCB9E4330C52C4207] - |A| - [11/11/2016 11:09:06] - (.-.) - [436.42 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ApnDatabase.xml
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\AppLocker
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [7762.11 Ko] - C:\WINDOWS\System32\appraiser
      [MD5.F94192B47ACA96AFFEBC1073891EBB42] - |A| - [16/07/2016 22:43:20] - (.-.) - [0.19 Ko] - (0.0.0.0) - C:\WINDOWS\System32\AppVStreamingUX.exe.config
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [272 Ko] - C:\WINDOWS\System32\ar-SA
      [MD5.E43AEE6A66067C6535C1F994BCFB93A1] - |A| - [20/01/2017 12:09:28] - (.Copyright (c) 2014 AVAST Software - avast! start-up scanner.) - [382.32 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\aswBoot.exe
      [MD5.EC83A581FABE54CAE1185D4C20BE7A32] - |A| - [26/10/2016 01:04:36] - (.© 2004 Advanced Micro Devices, Inc. - eRecord Message Resource File.) - [76.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\ati2erec.dll
      [MD5.EE8CCC6F0A6DD567583940B98DDFE580] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [1319.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiadlxx.dll
      [MD5.57C062C8895B25592D6D1026E74BFE8D] - |A| - [16/09/2016 15:00:14] - (.-.) - [733.73 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiapfxx.blb
      [MD5.6B650127AA80F10CEE49B79ED88E2929] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2009 Advanced Micro Devices, Inc. - atiapfxx Application.) - [410.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiapfxx.exe
      [MD5.D4FDAC30A1AB3917DCA71C4961D082AE] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub64.dll.) - [154.63 Ko] - (8.17.10.1484) - C:\WINDOWS\System32\aticfx64.dll
      [MD5.10F7B50C0BE0104DFF0E2E0442EBEE7E] - |A| - [26/10/2016 01:04:38] - (.2002-2012 - Graphics DEM.) - [465.52 Ko] - (4.5.6103.25025) - C:\WINDOWS\System32\atidemgy.dll
      [MD5.850A4FCDF26D246EB35B9A40B097F489] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2011 AMD Inc. - atidxxstub64.dll.) - [116.02 Ko] - (8.17.10.690) - C:\WINDOWS\System32\atidxx64.dll
      [MD5.12261F23AF18D7B382A872DF42AA2BD1] - |A| - [26/10/2016 01:04:38] - (.-.) - [242.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atieah64.exe
      [MD5.858812E799B05B28C90EDD438E3AA692] - |A| - [26/10/2016 01:04:40] - (.Copyright © 2008-2009 AMD - AMD External Events Client Module.) - [528.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atieclxx.exe
      [MD5.264B9AE7F91280A3A99560BE562CEEA8] - |A| - [26/10/2016 01:04:40] - (.Copyright © 2008-2009 AMD - AMD External Events Service Module.) - [298.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atiesrxx.exe
      [MD5.240A345AAA1553CBE42E46FDFB75B340] - |A| - [26/10/2016 01:04:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [214.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atig6txx.dll
      [MD5.4C9B5560677E3D6C8DE22E44509C0C8C] - |A| - [26/10/2016 01:05:40] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [127.17 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atimpc64.dll
      [MD5.7DE3C20D9ACAF196C1939A3D9900F618] - |A| - [26/10/2016 01:04:40] - (.Copyright ฉ 2009 AMD - Multi-language DPPE DLL.) - [125.52 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atimuixx.dll
      [MD5.9F364202C2450DD50E6398BCA947D8DD] - |A| - [26/10/2016 01:04:42] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [151.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\atisamu64.dll
      [MD5.B3EA61C09466563056AD6443024AE84D] - |A| - [16/09/2016 14:58:44] - (.-.) - [3357.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\atiumd6a.cap
      [MD5.CD35635BD1B0990F2B385089A512980D] - |A| - [23/09/2015 13:21:42] - (.-.) - [316 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvaxy_el.dat
      [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/09/2016 14:57:24] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsva.dat
      [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/09/2016 14:57:24] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ativvsvl.dat
      [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:46:18] - [1.42 Ko] - C:\WINDOWS\System32\BestPractices
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [247.5 Ko] - C:\WINDOWS\System32\bg-BG
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4451.88 Ko] - C:\WINDOWS\System32\Boot
      [MD5.31ABC8C02F1CCE0DA39550D763384184] - |A| - [16/07/2016 22:42:12] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\WINDOWS\System32\BthpanContextHandler.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.93 Ko] - C:\WINDOWS\System32\Bthprops
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [63393.77 Ko] - C:\WINDOWS\System32\CatRoot
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [35427.65 Ko] - C:\WINDOWS\System32\catroot2
      [MD5.76C6E06E02984A23B8F316698C663CEA] - |A| - [26/10/2016 01:04:44] - (.-.) - [280.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\clinfo.exe
      [MD5.4879B899B7DD732371B34D8179F66615] - |A| - [15/07/2016 14:53:56] - (.Copyright (c) 2004-2012 C-Media Electronics Inc. - C-Media Universal ASIO Driver.) - [454.5 Ko] - (2.0.0.12) - C:\WINDOWS\System32\cmasiopx.dll
      [MD5.738AE9031F5E11A707462503EABF8689] - |A| - [15/07/2016 14:53:56] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\cmasiopx.ini
      [MD5.AFE67D6CED5706CD1B7CB912EEB0AA60] - |A| - [15/07/2016 14:53:55] - (.Copyright (C) 2015 - Driver Installer.) - [815.5 Ko] - (1.0.6.0) - C:\WINDOWS\System32\Cmeauoxy.exe
      [MD5.ED31B969F049D2E5F4315653B71277EA] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2012 - ConfigPanel DLL.) - [4427.5 Ko] - (1.0.0.4) - C:\WINDOWS\System32\CmiCnfgp.cpl
      [MD5.11BB3D5DC9336037C14A46873FA1FFDF] - |A| - [15/07/2016 14:53:54] - (.Copyright (C) 2006 - Vista Driver Installer.) - [351 Ko] - (1.0.1.0) - C:\WINDOWS\System32\CmiInstallResAll64.dll
      [MD5.D0202455E9140E0F8847F50B5F03FF8F] - |A| - [03/06/2015 11:23:06] - (.Copyright c 2007 - cmudaxp.dll.) - [32 Ko] - (5.12.1.9) - C:\WINDOWS\System32\cmudaxp.dll
      [MD5.06FB32873596CBB20E1DC83677940FAF] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2000-2006 - CMedia OpenAL(TM) Implementation.) - [120 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Cm_Oal.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [2011.66 Ko] - C:\WINDOWS\System32\CodeIntegrity
      [MD5.DBC0B91713CEF31F737CF3338564BF23] - |A| - [23/04/2016 11:52:36] - (.AMD. - CoInstaller DLL.) - [853.48 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_15.30.dll
      [MD5.F372FB5156609ACB00FE4DB57468B905] - |A| - [26/10/2016 01:04:44] - (.AMD. - CoInstaller DLL.) - [888.02 Ko] - (1.0.5.9) - C:\WINDOWS\System32\coinst_16.40.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [360 Ko] - C:\WINDOWS\System32\Com
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [294373.13 Ko] - C:\WINDOWS\System32\config
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [47.64 Ko] - C:\WINDOWS\System32\Configuration
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [297 Ko] - C:\WINDOWS\System32\cs-CZ
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\System32\da-DK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [177.63 Ko] - C:\WINDOWS\System32\DDFs
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [329 Ko] - C:\WINDOWS\System32\de-DE
      [MD5.306B90493D00011EB635E161C6C024B8] - |A| - [16/07/2016 22:42:22] - (.-.) - [4128.04 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultHrtfs.bin
      [MD5.664AA698FC0106A2B075A641E8DC6302] - |A| - [16/07/2016 22:47:52] - (.-.) - [0.84 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DefaultQuestions.json
      [MD5.CF07114FDC5692425E179A7D2CD21C6C] - |A| - [12/02/2016 00:17:30] - (.Advanced Micro Devices. - Delay Audio Processing Object.) - [110.74 Ko] - (1.0.0.1) - C:\WINDOWS\System32\DelayAPO.dll
      [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [27/10/2012 10:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\System32\DevManagerCore.dll
      [MD5.91A3172B40F30446804FC0B1FD579AE9] - |A| - [26/10/2016 01:04:44] - (.-.) - [303.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\dgtrayicon.exe
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [642 Ko] - C:\WINDOWS\System32\DiagSvcs
      [MD5.8B5F7B8C2EFE38CA571FBE24658DF11F] - |A| - [16/07/2016 22:42:36] - (.-.) - [90.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\DiskSnapshot.conf
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [7578.09 Ko] - C:\WINDOWS\System32\Dism
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1116.16 Ko] - C:\WINDOWS\System32\downlevel
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:24] - [84805.57 Ko] - C:\WINDOWS\System32\drivers
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [1831920.86 Ko] - C:\WINDOWS\System32\DriverStore
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [149.5 Ko] - C:\WINDOWS\System32\dsc
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [325 Ko] - C:\WINDOWS\System32\el-GR
      [MD5.DE00239530F39B2305EE0DFC0E92DF82] - |A| - [15/07/2016 15:52:05] - (.-.) - [15.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\empty.ico
      [MD5.5B1C9F61DB0A0C962629034B8D1C805B] - |A| - [10/11/2016 16:15:17] - (.-.) - [22.21 Ko] - (0.0.0.0) - C:\WINDOWS\System32\emptyregdb.dat
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:01] - [3445.5 Ko] - C:\WINDOWS\System32\en
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [236 Ko] - C:\WINDOWS\System32\en-GB
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [42131.83 Ko] - C:\WINDOWS\System32\en-US
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [318 Ko] - C:\WINDOWS\System32\es-ES
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [257.5 Ko] - C:\WINDOWS\System32\es-MX
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [232 Ko] - C:\WINDOWS\System32\et-EE
      [MD5.BAC5074667751F72A9CE48CDC31BAC48] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) 2007 SEIKO EPSON CORP. - E_GCINST.) - [10.5 Ko] - (1.0.0.6) - C:\WINDOWS\System32\E_GCINST.DLL
      [MD5.8159960E8BA20F1C4A4EBCF0DAEC60E5] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2010. - ECBTEGB AMD64.) - [82 Ko] - (3.3.0.0) - C:\WINDOWS\System32\E_YD4BKDE.DLL
      [MD5.2E21840342850A8A7F28D28D6DD3A1CD] - |A| - [17/07/2016 11:25:06] - (.Copyright (C) SEIKO EPSON CORPORATION 2005-2013. - EPSON Bi-directional Monitor AMD64.) - [175.5 Ko] - (4.4.0.0) - C:\WINDOWS\System32\E_YLMBKDE.DLL
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [25837.16 Ko] - C:\WINDOWS\System32\F12
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [297 Ko] - C:\WINDOWS\System32\fi-FI
      [MD5.6A18CBBE6B13ECFFEC75E20F0E08F322] - |A| - [10/11/2016 16:11:28] - (.-.) - [263.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\FNTCACHE.DAT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [264 Ko] - C:\WINDOWS\System32\fr-CA
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [326 Ko] - C:\WINDOWS\System32\fr-FR
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\FxsTmp
      [MD5.9F5449DC115ED438CE2293D2E55FAB96] - |A| - [26/10/2016 01:04:44] - (.-.) - [286.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\GameManager64.dll
      [MD5.D07F2281427BD098356EE74B6CB26B86] - |A| - [16/07/2016 22:42:12] - (.-.) - [89 Ko] - (0.0.0.0) - C:\WINDOWS\System32\gatherNetworkInfo.vbs
      [MD5.00000000000000000000000000000000] - |HD| - [30/10/2015 18:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicy
      [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 18:24:25] - [0 Ko] - C:\WINDOWS\System32\GroupPolicyUsers
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [259.5 Ko] - C:\WINDOWS\System32\he-IL
      [MD5.17646020C8DACD0F51E76846CFDAEB3A] - |A| - [10/06/2009 21:51:30] - (.-.) - [18.46 Ko] - (0.0.0.0) - C:\WINDOWS\System32\HPEACLHN.HPI
      [MD5.C5E82BCFD577AF98F3A7937A69A338B9] - |A| - [14/07/2009 02:41:04] - (.Copyright (C) 1999-2008 - LanguageMonitor.) - [35.5 Ko] - (0.3.7071.0) - C:\WINDOWS\System32\HPZ3LWN7.DLL
      [MD5.5E397C92860B114CF2A9E036F02EBDC6] - |A| - [26/10/2016 01:04:46] - (.-.) - [279.02 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hsa-thunk64.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [300.5 Ko] - C:\WINDOWS\System32\hu-HU
      [MD5.2A571B7728F23E83A800527879105180] - |A| - [16/07/2016 22:42:04] - (.-.) - [44.17 Ko] - (0.0.0.0) - C:\WINDOWS\System32\hypervisor.mof
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [5.36 Ko] - C:\WINDOWS\System32\ias
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [36.27 Ko] - C:\WINDOWS\System32\icsxml
      [MD5.8898B09A8D08E138F238224648DF0739] - |A| - [16/07/2016 22:42:35] - (.-.) - [170.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\IHDS.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [25926.67 Ko] - C:\WINDOWS\System32\IME
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\inetsrv
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4803 Ko] - C:\WINDOWS\System32\InputMethod
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\Ipmi
      [MD5.5EA855B4A875E08AD93FF901B5D9E275] - |A| - [16/07/2016 22:42:09] - (.-.) - [226 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ism32k.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [323 Ko] - C:\WINDOWS\System32\it-IT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [235.5 Ko] - C:\WINDOWS\System32\ja-jp
      [MD5.0C2C5388D6590842F0FAFC6CAA9E67B4] - |A| - [14/07/2016 18:48:58] - (.-.) - [115.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_ci.sbin
      [MD5.3A532B3DBAF4ABE35517CEE1F0007B28] - |A| - [05/08/2016 19:02:54] - (.-.) - [111.2 Ko] - (0.0.0.0) - C:\WINDOWS\System32\kapp_si.sbin
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [233 Ko] - C:\WINDOWS\System32\ko-KR
      [MD5.050BC9351A3386458B696F8BCA78B27B] - |A| - [16/07/2016 22:42:22] - (.-.) - [145.55 Ko] - (0.0.0.0) - C:\WINDOWS\System32\LargeRoom.bin
      [MD5.C15D2C94E3C94CEFE8DE6A9D36C35FD1] - |A| - [13/10/2016 21:55:18] - (.(C) 1991-2012 Logitech. - LDA Component Extensions (UNICODE).) - [2410.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LdaCx2.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [73.41 Ko] - C:\WINDOWS\System32\Licenses
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [12008.5 Ko] - C:\WINDOWS\System32\LogFiles
      [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [27/10/2012 10:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPP.dll
      [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [27/10/2012 10:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LogiDPPApp.exe
      [MD5.1F1E9FBB7FE7A39A84A061F6EF7003B4] - |A| - [21/09/2012 10:02:06] - (.Copyright © 2010-2012 Logitech. All Rights Reserved - Logitech Download Assistant.) - [3850.45 Ko] - (1.10.77.0) - C:\WINDOWS\System32\LogiLDA.DLL
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [237 Ko] - C:\WINDOWS\System32\lt-LT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [238.5 Ko] - C:\WINDOWS\System32\lv-LV
      [MD5.4D4248F6D008D86D5575EE5B154971AE] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Co-Installer.) - [256.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvco1380853.dll
      [MD5.FF510CF2A7FA73192E7DB06D7C311799] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Video Codec.) - [171.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\lvcod64.dll
      [MD5.1A8AE8A66B6C289046276453768EF270] - |A| - [27/10/2012 10:42:24] - (.-.) - [28.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoin64.ini
      [MD5.8712C10DFF5681EBE493E18445CE74B8] - |A| - [10/11/2016 16:12:15] - (.-.) - [8.24 Ko] - (0.0.0.0) - C:\WINDOWS\System32\lvcoinst.log
      [MD5.B4CD287DFAA6578AC763A3800F0C2DC8] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [750.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUI64.dll
      [MD5.CCFDDF84B42198B0AAD27D11ACFD254E] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [547.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\LVUIRC64.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [57409.5 Ko] - C:\WINDOWS\System32\Macromed
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [32.68 Ko] - C:\WINDOWS\System32\MailContactsCalendarSync
      [MD5.7A495CA1402C2F9F5D035092AD808669] - |A| - [16/07/2016 22:44:03] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\WINDOWS\System32\manage-bde.wsf
      [MD5.07DD57569955686E4042438869687BD2] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [174.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\mantle64.dll
      [MD5.D56961BFA0F335BB3F89638E85CE0FA4] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [144.02 Ko] - (21.19.137.1) - C:\WINDOWS\System32\mantleaxl64.dll
      [MD5.BC74BDA8DC53F722C2CA686071600AE2] - |A| - [16/07/2016 22:42:22] - (.-.) - [107.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\MediumRoom.bin
      [MD5.00000000000000000000000000000000] - |D| - [11/11/2016 11:01:47] - [4.62 Ko] - C:\WINDOWS\System32\Microsoft
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6554.3 Ko] - C:\WINDOWS\System32\migration
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [47558.48 Ko] - C:\WINDOWS\System32\migwiz
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 10:28:02] - [0 Ko] - C:\WINDOWS\System32\MRT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [45.5 Ko] - C:\WINDOWS\System32\MSDRM
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.28 Ko] - C:\WINDOWS\System32\MsDtc
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6 Ko] - C:\WINDOWS\System32\MUI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [288 Ko] - C:\WINDOWS\System32\nb-NO
      [MD5.451F4315A0579FB2FE1C519EF48DE616] - |A| - [10/11/2016 16:11:29] - (.-.) - [18.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetSetupMig.log
      [MD5.C146E873B22C3B300B21A859FE66C27A] - |A| - [16/07/2016 22:42:12] - (.-.) - [21.15 Ko] - (0.0.0.0) - C:\WINDOWS\System32\NetTrace.PLA.Diagnostics.xml
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [51 Ko] - C:\WINDOWS\System32\networklist
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [308 Ko] - C:\WINDOWS\System32\nl-NL
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [16570.66 Ko] - C:\WINDOWS\System32\Nui
      [MD5.F54598052A618ADC0231853D870A22BE] - |A| - [16/07/2016 22:47:53] - (.-.) - [15.06 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OEMDefaultAssociations.xml
      [MD5.2901049544FDF863362FABA2363EB647] - |A| - [16/07/2016 22:42:11] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\WINDOWS\System32\onlinesetup.cmd
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [12625.7 Ko] - C:\WINDOWS\System32\oobe
      [MD5.C0931D5268C84343A19E158D7F8D4A1B] - |A| - [15/07/2016 14:54:01] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [109 Ko] - (6.14.357.23) - C:\WINDOWS\System32\OpenAL32.dll
      [MD5.42D2360079B1DF3230024AE920737367] - |A| - [16/07/2016 22:42:22] - (.-.) - [45.81 Ko] - (0.0.0.0) - C:\WINDOWS\System32\OutdoorAudioEnvironment.bin
      [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:44:56] - [64 Ko] - C:\WINDOWS\System32\P
      [MD5.E5C724C6C0A579B5A374802E3D48E35D] - |A| - [16/07/2016 22:49:31] - (.-.) - [201.47 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfc009.dat
      [MD5.32BC2E0CC95E2DCEE25B15BFB82D07B8] - |A| - [16/07/2016 22:49:35] - (.-.) - [32.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfd009.dat
      [MD5.092CA894E3CE62036E0CB2AC8ADA0C88] - |A| - [16/07/2016 22:49:31] - (.-.) - [938.62 Ko] - (0.0.0.0) - C:\WINDOWS\System32\perfh009.dat
      [MD5.B87C59F07CE5F38064E14D1F4124527A] - |A| - [15/07/2016 14:07:14] - (.-.) - [1142.09 Ko] - (0.0.0.0) - C:\WINDOWS\System32\PerfStringBackup.INI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [306 Ko] - C:\WINDOWS\System32\pl-PL
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [559.5 Ko] - C:\WINDOWS\System32\PointOfService
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [413.88 Ko] - C:\WINDOWS\System32\Printing_Admin_Scripts
      [MD5.007893E8374C766471239EB291BA8C17] - |A| - [16/07/2016 22:42:31] - (.-.) - [4.05 Ko] - (0.0.0.0) - C:\WINDOWS\System32\psmodulediscoveryprovider.mof
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [308 Ko] - C:\WINDOWS\System32\pt-BR
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [303.5 Ko] - C:\WINDOWS\System32\pt-PT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [23.75 Ko] - C:\WINDOWS\System32\ras
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\System32\RasToast
      [MD5.5D9616D2A76F38EF94866248CA4EDB2C] - |A| - [16/07/2016 22:43:18] - (.Copyright (C) 2009 - RemoteFX Helper.) - [106 Ko] - (1.1.0.0) - C:\WINDOWS\System32\RDVGHelper.exe
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [2.03 Ko] - C:\WINDOWS\System32\Recovery
      [MD5.692DC6EF573FFCDD9DFB55D1C783DB93] - |A| - [16/07/2016 22:42:04] - (.-.) - [0.16 Ko] - (0.0.0.0) - C:\WINDOWS\System32\removehypervisor.mof
      [MD5.C6CA43573C21CA6392F57F238C8391FC] - |A| - [27/10/2012 10:42:22] - (.-.) - [39.45 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Repository.reg
      [MD5.D67CDB8D2584AAC165A77488C5A7A987] - |A| - [16/07/2016 22:42:37] - (.-.) - [8.92 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriHMImageList
      [MD5.4FE9CE56EFA89779D81B988698D2454C] - |A| - [16/07/2016 22:42:37] - (.-.) - [8.4 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ResPriImageList
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.07 Ko] - C:\WINDOWS\System32\restore
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [243.5 Ko] - C:\WINDOWS\System32\ro-RO
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [300 Ko] - C:\WINDOWS\System32\ru-RU
      [MD5.823766420F635089EF07D4DABDDC0D54] - |A| - [11/02/2016 14:11:08] - (.-.) - [145.52 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_ci.sbin
      [MD5.A769B352B827590EA4CCAC16E6269E33] - |A| - [12/12/2013 09:53:56] - (.-.) - [135.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\samu_krnl_isv_ci.sbin
      [MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |A| - [16/07/2016 22:43:50] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\WINDOWS\System32\ScavengeSpace.xml
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6.92 Ko] - C:\WINDOWS\System32\SecureBootUpdates
      [MD5.A8308D2F3DDE0745E8B678BF69A2ECD0] - |A| - [16/07/2016 22:42:34] - (.-.) - [8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\settings.dat
      [MD5.8C3D0C73A0850A0EE62DF9EC36DBDE80] - |A| - [15/07/2016 14:49:33] - (.-.) - [1.86 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SetupBD.din
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [245 Ko] - C:\WINDOWS\System32\sk-SK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [240.5 Ko] - C:\WINDOWS\System32\sl-SI
      [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 16:11:29] - [4427.94 Ko] - C:\WINDOWS\System32\SleepStudy
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [45.92 Ko] - C:\WINDOWS\System32\slmgr
      [MD5.1C6F12AA3D178A0A953E8005B3CD4CDE] - |A| - [16/07/2016 22:42:22] - (.-.) - [68.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SmallRoom.bin
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:24] - [12881.02 Ko] - C:\WINDOWS\System32\SMI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [7576.34 Ko] - C:\WINDOWS\System32\Speech
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8565.2 Ko] - C:\WINDOWS\System32\Speech_OneCore
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [216603.01 Ko] - C:\WINDOWS\System32\spool
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8698.89 Ko] - C:\WINDOWS\System32\spp
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [31.88 Ko] - C:\WINDOWS\System32\sppui
      [MD5.B3C318456F25FD2BA8B96521784553C1] - |A| - [10/11/2016 16:11:55] - (.-.) - [64 Ko] - (0.0.0.0) - C:\WINDOWS\System32\spu_storage.bin
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [243.5 Ko] - C:\WINDOWS\System32\sr-Latn-CS
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [244 Ko] - C:\WINDOWS\System32\sr-Latn-RS
      [MD5.C1AA14DBA23EB5AE5044727DF182FE5C] - |A| - [16/07/2016 22:42:16] - (.-.) - [54.8 Ko] - (0.0.0.0) - C:\WINDOWS\System32\srms.dat
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8088 Ko] - C:\WINDOWS\System32\sru
      [MD5.643BC8D0DD30E19D542D8EA97A2D81CF] - |A| - [30/07/2016 09:05:16] - (.Copyright (C) 2009-2016, Ivo Beltchev - Start Menu Helper Extension.) - [282.46 Ko] - (4.3.0.0) - C:\WINDOWS\System32\StartMenuHelper64.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293.5 Ko] - C:\WINDOWS\System32\sv-SE
      [MD5.20C4FE2B130D9F0C92D7629E71AFBB66] - |A| - [16/07/2016 22:43:20] - (.-.) - [1.68 Ko] - (0.0.0.0) - C:\WINDOWS\System32\SyncAppvPublishingServer.vbs
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1622.33 Ko] - C:\WINDOWS\System32\Sysprep
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [912.78 Ko] - C:\WINDOWS\System32\SystemResetPlatform
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [508.25 Ko] - C:\WINDOWS\System32\Tasks
      [MD5.00000000000000000000000000000000] - |D| - [30/10/2015 18:24:25] - [431.53 Ko] - C:\WINDOWS\System32\Tasks_Migrated
      [MD5.D602CA245CC6774A0981B607F0675609] - |A| - [16/07/2016 22:42:39] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\tcpmon.ini
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [227.5 Ko] - C:\WINDOWS\System32\th-TH
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [289.5 Ko] - C:\WINDOWS\System32\tr-TR
      [MD5.C8F2952DAE3971614DBD0C509F35BE93] - |A| - [16/07/2016 22:42:38] - (.-.) - [10.29 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlan.xslt
      [MD5.2F05390B798363D51EBE65D6320CD45E] - |A| - [16/07/2016 22:42:38] - (.-.) - [1.65 Ko] - (0.0.0.0) - C:\WINDOWS\System32\TransformPPSToWlanCredentials.xslt
      [MD5.D200497DD3A24F138123F0EB6C385D1D] - |A| - [16/07/2016 22:43:20] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevAppMonitor.exe.config
      [MD5.4AAEE8D86EC81DA2A1514ABC77E71F57] - |A| - [16/07/2016 22:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\System32\UevCustomActionTypes.tlb
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [240 Ko] - C:\WINDOWS\System32\uk-UA
      [MD5.E7482D1D449217C8641762F5C38E157C] - |A| - [16/07/2016 22:42:12] - (.-.) - [9.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\VpnSohDesktop.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [80437.17 Ko] - C:\WINDOWS\System32\wbem
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [0 Ko] - C:\WINDOWS\System32\WCN
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [111436.48 Ko] - C:\WINDOWS\System32\WDI
      [MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |A| - [16/07/2016 22:42:11] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\WINDOWS\System32\WdsUnattendTemplate.xml
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1.1 Ko] - C:\WINDOWS\System32\WinBioDatabase
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [42585.77 Ko] - C:\WINDOWS\System32\WinBioPlugIns
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [9524.25 Ko] - C:\WINDOWS\System32\WindowsPowerShell
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [113860 Ko] - C:\WINDOWS\System32\winevt
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.5 Ko] - C:\WINDOWS\System32\WinMetadata
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [100.11 Ko] - C:\WINDOWS\System32\winrm
      [MD5.C30C621748C66CE751B19B2788559A3E] - |A| - [16/07/2016 22:42:35] - (.-.) - [4.58 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpcmon.png
      [MD5.B6B479B04C64AF5EF36C24EBDF278302] - |A| - [16/07/2016 22:42:27] - (.-.) - [0.71 Ko] - (0.0.0.0) - C:\WINDOWS\System32\wpr.config.xml
      [MD5.7E17D0060DD9270800C469A52F982A3C] - |A| - [15/07/2016 14:54:01] - (.Copyright © 2005 - OpenAL32.) - [410 Ko] - (2.2.0.0) - C:\WINDOWS\System32\wrap_oal.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [208 Ko] - C:\WINDOWS\System32\zh-CN
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-HK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [202.5 Ko] - C:\WINDOWS\System32\zh-TW
      [MD5.00000000000000000000000000000000] - |D| - [21/01/2017 16:36:49] - [64 Ko] - C:\WINDOWS\System32\ÿÿÿÿÿÿÿÿ8
      [MD5.00000000000000000000000000000000] - |D| - [22/01/2017 11:40:43] - [0 Ko] - C:\WINDOWS\System32\ÿÿÿÿÿÿÿÿerStore
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [0 Ko] - C:\WINDOWS\SysWOW64\0409
      [MD5.82C37C3E27020AF6C2E018E944284676] - |A| - [16/07/2016 22:43:00] - (.-.) - [0.3 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@AudioToastIcon.png
      [MD5.495C1F072039B434827A5FE0D9761E4D] - |A| - [16/07/2016 22:43:02] - (.-.) - [0.32 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@EnrollmentToastIcon.png
      [MD5.1622DE67156496C78D6B7BE9B471645B] - |A| - [16/07/2016 22:43:02] - (.-.) - [0.39 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\@VpnToastIcon.png
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:30] - [2141.84 Ko] - C:\WINDOWS\SysWOW64\AdvancedInstallers
      [MD5.4BD514B1671CE16F504AD60C64241952] - |A| - [15/12/2015 13:54:08] - (.-.) - [0.14 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amd-vulkan32.json
      [MD5.54822F373E034B5F0DF5DFD8495D7897] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon AMD AVE Driver Component.) - [141.95 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdave32.dll
      [MD5.B6B3A9015E23E425832CEC9F843F1E0B] - |A| - [26/10/2016 01:04:24] - (.-.) - [233.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
      [MD5.2419EBC4D61131BD96605F627F94D09A] - |A| - [26/10/2016 01:05:38] - (.Copyright (C) 2013 - Universal Adapter for Adobe.) - [142.45 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdhcp32.dll
      [MD5.C623D109E090F9823450770164414902] - |A| - [26/10/2016 01:04:26] - (.Advanced Micro Devices, Inc. Copyright (C) 2015 - LiquidVR SDK 1.0.) - [628.02 Ko] - (1.0.5.1) - C:\WINDOWS\SysWOW64\amdlvr32.dll
      [MD5.3A012958F3CE956EDE29354F27CFB2CA] - |A| - [26/10/2016 01:04:26] - (.Copyright (c) 2013 Advanced Micro Devices, Inc. - Radeon MCL Universal Driver.) - [82.52 Ko] - (1.6.0.0) - C:\WINDOWS\SysWOW64\amdmcl32.dll
      [MD5.229E7E015A43409450FDAAA9FF844878] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [109.7 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\amdpcom32.dll
      [MD5.D9BAB312D6D1E3C7AE7E01127D89FA41] - |A| - [26/10/2016 01:04:34] - (.Copyright (C) 2015 AMD Inc. - Vulkan driver, support for SI family and above.) - [7411.52 Ko] - (1.0.21.0) - C:\WINDOWS\SysWOW64\amdvlk32.dll
      [MD5.3A8C33F094F77CBE47613BB78B7FD73F] - |A| - [26/10/2016 01:04:38] - (.Advanced Micro Devices, Inc. Copyright (C) 2016 - Advanced Media Framework.) - [2100.52 Ko] - (1.3.0.5) - C:\WINDOWS\SysWOW64\amfrt32.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\AppLocker
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [250 Ko] - C:\WINDOWS\SysWOW64\ar-SA
      [MD5.1047B89F1D409A17CCFE2F78F933F5A0] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [992.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atiadlxx.dll
      [MD5.1047B89F1D409A17CCFE2F78F933F5A0] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 2008-2016 Advanced Micro Devices, Inc. - ADL.) - [992.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atiadlxy.dll
      [MD5.57C062C8895B25592D6D1026E74BFE8D] - |A| - [16/09/2016 15:00:14] - (.-.) - [733.73 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiapfxx.blb
      [MD5.71CADF0D987A3570F827C483D9B2E92B] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2012 AMD Inc. - aticfxstub32.dll.) - [142.53 Ko] - (8.17.10.1484) - C:\WINDOWS\SysWOW64\aticfx32.dll
      [MD5.B97C243106B7B87A587651422EA1A0AD] - |A| - [26/10/2016 01:04:38] - (.Copyright (C) 1998-2011 AMD Inc. - atidxxstub32.dll.) - [105.02 Ko] - (8.17.10.690) - C:\WINDOWS\SysWOW64\atidxx32.dll
      [MD5.E38CC8AA0E708067AEB39CEA63F95F51] - |A| - [26/10/2016 01:04:38] - (.-.) - [221.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atieah32.exe
      [MD5.CF273BFD0544FD416235DA384C626586] - |A| - [26/10/2016 01:04:40] - (.Copyright (C) 2007 Advanced Micro Devices, Inc. - atigktxx.dll.) - [189.02 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atigktxx.dll
      [MD5.BC7113C43A430ABEEBBC3427D0962831] - |A| - [26/10/2016 01:05:38] - (.Copyright (c) 2009 Advanced Micro Devices, Inc. - Radeon PCOM Universal Driver.) - [109.7 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atimpc32.dll
      [MD5.36CC1440350744C5C6F357F2987B5F13] - |A| - [26/10/2016 01:04:42] - (.Copyright (c) 2010 Advanced Micro Devices, Inc. - Radeon spu api dll.) - [132.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\atisamu32.dll
      [MD5.D31B40E8E02B7099CA4EE1095AD386A3] - |A| - [16/09/2016 14:54:12] - (.-.) - [3390.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\atiumdva.cap
      [MD5.7C163EDE63854539828F5B2C1BC529FD] - |A| - [16/09/2016 14:57:24] - (.-.) - [153.46 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsva.dat
      [MD5.219D7091DD1D93728392337FE9C7ADD6] - |A| - [16/09/2016 14:57:24] - (.-.) - [200.15 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\ativvsvl.dat
      [MD5.00000000000000000000000000000000] - |D| - [10/11/2016 15:46:18] - [1.42 Ko] - C:\WINDOWS\SysWOW64\BestPractices
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [222 Ko] - C:\WINDOWS\SysWOW64\bg-BG
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.93 Ko] - C:\WINDOWS\SysWOW64\Bthprops
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\catroot
      [MD5.DC63352F62FEBF6F2B83FE0C7BDB9596] - |A| - [15/07/2016 14:53:56] - (.Copyright (c) 2004-2012 C-Media Electronics Inc. - C-Media Universal ASIO Driver.) - [296 Ko] - (2.0.0.12) - C:\WINDOWS\SysWOW64\cmasiop.dll
      [MD5.41A77E5512C8690F2F271EF0C199ABF1] - |A| - [15/07/2016 14:53:56] - (.-.) - [0.06 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\cmasiop.ini
      [MD5.B8B44F6431C68171BB4B2380D238AC6F] - |A| - [03/06/2015 11:23:06] - (.Copyright c 2004 - CmiFltr.) - [308 Ko] - (1.0.0.0) - C:\WINDOWS\SysWOW64\CmiFltr.dll
      [MD5.8AC47B5D5A2521C194B9433B9A0159D6] - |A| - [15/07/2016 14:53:56] - (.C-Media. 2006 - CmPaput.) - [196 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\Cmpaoxy.dll
      [MD5.06FB32873596CBB20E1DC83677940FAF] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2000-2006 - CMedia OpenAL(TM) Implementation.) - [120 Ko] - (1.0.0.1) - C:\WINDOWS\SysWOW64\Cm_Oal.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [318 Ko] - C:\WINDOWS\SysWOW64\Com
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [13.55 Ko] - C:\WINDOWS\SysWOW64\config
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [47.64 Ko] - C:\WINDOWS\SysWOW64\Configuration
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\cs-CZ
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [264.5 Ko] - C:\WINDOWS\SysWOW64\da-DK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [298.5 Ko] - C:\WINDOWS\SysWOW64\de-DE
      [MD5.B227DF8720C51EE0A80CB23CCCEF1EC6] - |A| - [27/10/2012 10:42:24] - (.-.) - [328.35 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\DevManagerCore.dll
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [19 Ko] - C:\WINDOWS\SysWOW64\DiagSvcs
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [6007.05 Ko] - C:\WINDOWS\SysWOW64\Dism
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 17:04:27] - [1068.16 Ko] - C:\WINDOWS\SysWOW64\downlevel
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [3410.93 Ko] - C:\WINDOWS\SysWOW64\drivers
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\DriverStore
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\el-GR
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:02] - [3108.5 Ko] - C:\WINDOWS\SysWOW64\en
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [213 Ko] - C:\WINDOWS\SysWOW64\en-GB
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [34143.91 Ko] - C:\WINDOWS\SysWOW64\en-US
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [287.5 Ko] - C:\WINDOWS\SysWOW64\es-ES
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [231.5 Ko] - C:\WINDOWS\SysWOW64\es-MX
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [209 Ko] - C:\WINDOWS\SysWOW64\et-EE
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [21626.66 Ko] - C:\WINDOWS\SysWOW64\F12
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [267.5 Ko] - C:\WINDOWS\SysWOW64\fi-FI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [237 Ko] - C:\WINDOWS\SysWOW64\fr-CA
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [294 Ko] - C:\WINDOWS\SysWOW64\fr-FR
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\FxsTmp
      [MD5.F718B871013C76D0AF117A7BF933B1D0] - |A| - [26/10/2016 01:04:44] - (.-.) - [252.02 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\GameManager32.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicy
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\GroupPolicyUsers
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [238.5 Ko] - C:\WINDOWS\SysWOW64\he-IL
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [217 Ko] - C:\WINDOWS\SysWOW64\hr-HR
      [MD5.5D4B81BCFF4F330A6827D544648D3053] - |A| - [26/10/2016 01:04:46] - (.-.) - [245.52 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\hsa-thunk.dll
      [MD5.0740D338A42F7778760F2B0CB6DA5830] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2007 - HsMgr Application.) - [196 Ko] - (1.0.0.2) - C:\WINDOWS\SysWOW64\HsMgr.exe
      [MD5.1CB2F37F3A13FA1389ED068007D65693] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2008 C-Media Electronics Inc. - HsSrv Dynamic Link Library.) - [208 Ko] - (1.0.12.106) - C:\WINDOWS\SysWOW64\HsSrv.dll
      [MD5.1CB2F37F3A13FA1389ED068007D65693] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2008 C-Media Electronics Inc. - HsSrv Dynamic Link Library.) - [208 Ko] - (1.0.12.106) - C:\WINDOWS\SysWOW64\HsSrv2.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\hu-HU
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [36.27 Ko] - C:\WINDOWS\SysWOW64\icsxml
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [21385.67 Ko] - C:\WINDOWS\SysWOW64\IME
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\inetsrv
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [201 Ko] - C:\WINDOWS\SysWOW64\InputMethod
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1160 Ko] - C:\WINDOWS\SysWOW64\InstallShield
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Ipmi
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [293 Ko] - C:\WINDOWS\SysWOW64\it-IT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\ja-JP
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [212.5 Ko] - C:\WINDOWS\SysWOW64\ko-KR
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [73.41 Ko] - C:\WINDOWS\SysWOW64\Licenses
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\LogFiles
      [MD5.B65E8E52916A527F88486875EE291AA8] - |A| - [27/10/2012 10:42:22] - (.-.) - [10663.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPP.dll
      [MD5.24764C249F769991079F6D4B14B822AF] - |A| - [27/10/2012 10:42:22] - (.-.) - [100.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LogiDPPApp.exe
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [213.5 Ko] - C:\WINDOWS\SysWOW64\lt-LT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [214.5 Ko] - C:\WINDOWS\SysWOW64\lv-LV
      [MD5.BDC67729D0A4940C525654FF869C5289] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Video Codec.) - [297.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\lvcodec2.dll
      [MD5.E8C604C7E16CE90C0D4564EC06B118E8] - |A| - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [529.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2.dll
      [MD5.F13DA78D0873B2025556D65DB5E3210D] - |A| - [27/10/2012 10:42:24] - (.(c) 1996-2012 Logitech. - Logitech Camera Property Pages.) - [525.85 Ko] - (13.80.853.0) - C:\WINDOWS\SysWOW64\LVUI2RC.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [48858.23 Ko] - C:\WINDOWS\SysWOW64\Macromed
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [32.68 Ko] - C:\WINDOWS\SysWOW64\MailContactsCalendarSync
      [MD5.8C4F082A307CC618745B7DEE519DD1BB] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle loader.) - [149.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\mantle32.dll
      [MD5.582007B2EF34B2496579FC81B22D3F05] - |A| - [26/10/2016 01:04:46] - (.Copyright (C) 2013 AMD Inc. - Mantle extension library.) - [123.52 Ko] - (21.19.137.1) - C:\WINDOWS\SysWOW64\mantleaxl32.dll
      [MD5.00000000000000000000000000000000] - |SD| - [02/12/2016 04:35:58] - [0 Ko] - C:\WINDOWS\SysWOW64\Microsoft
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [3008.97 Ko] - C:\WINDOWS\SysWOW64\migration
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [821.34 Ko] - C:\WINDOWS\SysWOW64\migwiz
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [45.5 Ko] - C:\WINDOWS\SysWOW64\MSDRM
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [52.28 Ko] - C:\WINDOWS\SysWOW64\MsDtc
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6 Ko] - C:\WINDOWS\SysWOW64\MUI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [260.5 Ko] - C:\WINDOWS\SysWOW64\nb-NO
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\NDF
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [51 Ko] - C:\WINDOWS\SysWOW64\networklist
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [278 Ko] - C:\WINDOWS\SysWOW64\nl-NL
      [MD5.00000000000000000000000000000000] - |SD| - [16/07/2016 22:47:48] - [3781.5 Ko] - C:\WINDOWS\SysWOW64\Nui
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [644.69 Ko] - C:\WINDOWS\SysWOW64\oobe
      [MD5.27F100DDD1B016087162CE506BB1FDDF] - |A| - [15/07/2016 14:54:01] - (.Copyright (C) 2000-2006 - Standard OpenAL(TM) Implementation.) - [100 Ko] - (6.14.357.23) - C:\WINDOWS\SysWOW64\OpenAL32.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [275.5 Ko] - C:\WINDOWS\SysWOW64\pl-PL
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [413.88 Ko] - C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [278.5 Ko] - C:\WINDOWS\SysWOW64\pt-BR
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [273.5 Ko] - C:\WINDOWS\SysWOW64\pt-PT
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [23.75 Ko] - C:\WINDOWS\SysWOW64\ras
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\RasToast
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0.76 Ko] - C:\WINDOWS\SysWOW64\Recovery
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\restore
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [218.5 Ko] - C:\WINDOWS\SysWOW64\ro-RO
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [270.5 Ko] - C:\WINDOWS\SysWOW64\ru-RU
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [219 Ko] - C:\WINDOWS\SysWOW64\sk-SK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\sl-SI
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [45.92 Ko] - C:\WINDOWS\SysWOW64\slmgr
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\SMI
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4199.34 Ko] - C:\WINDOWS\SysWOW64\Speech
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [6318.85 Ko] - C:\WINDOWS\SysWOW64\Speech_OneCore
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [1682.05 Ko] - C:\WINDOWS\SysWOW64\spp
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [31.88 Ko] - C:\WINDOWS\SysWOW64\sppui
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [223 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-CS
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [219.5 Ko] - C:\WINDOWS\SysWOW64\sr-Latn-RS
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\sru
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [265.5 Ko] - C:\WINDOWS\SysWOW64\sv-SE
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\sysprep
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [0 Ko] - C:\WINDOWS\SysWOW64\Tasks
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [205 Ko] - C:\WINDOWS\SysWOW64\th-TH
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [261.5 Ko] - C:\WINDOWS\SysWOW64\tr-TR
      [MD5.01E96A85B337B702AE2BC7F838AE7B65] - |A| - [16/07/2016 22:43:20] - (.-.) - [3.34 Ko] - (0.0.0.0) - C:\WINDOWS\SysWOW64\UevCustomActionTypes.tlb
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [215.5 Ko] - C:\WINDOWS\SysWOW64\uk-UA
      [MD5.A31EB8FF1492B63BDADA025D994C5B0D] - |A| - [15/07/2016 14:53:56] - (.Copyright (C) 2013 - Vmix Dynamic Link Library.) - [140 Ko] - (1.0.0.26) - C:\WINDOWS\SysWOW64\VmixP8.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [16742.42 Ko] - C:\WINDOWS\SysWOW64\wbem
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [0 Ko] - C:\WINDOWS\SysWOW64\WCN
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [8799.41 Ko] - C:\WINDOWS\SysWOW64\WindowsPowerShell
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [4228.5 Ko] - C:\WINDOWS\SysWOW64\WinMetadata
      [MD5.00000000000000000000000000000000] - |D| - [17/07/2016 01:14:03] - [100.11 Ko] - C:\WINDOWS\SysWOW64\winrm
      [MD5.5FB883AE7A93A069207A15AC8B86CA86] - |A| - [15/07/2016 14:54:01] - (.Copyright © 2005 - OpenAL32.) - [404 Ko] - (2.2.0.0) - C:\WINDOWS\SysWOW64\wrap_oal.dll
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [190.5 Ko] - C:\WINDOWS\SysWOW64\zh-CN
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-HK
      [MD5.00000000000000000000000000000000] - |D| - [16/07/2016 22:47:48] - [185 Ko] - C:\WINDOWS\SysWOW64\zh-TW ---------- | [John] [10/11/2016 16:12:49] - |D| - [1321900496] - C:\Users\John\AppData\Local
      [15/07/2016 14:02:32] - |D| - [4379379] - C:\Users\John\AppData\LocalLow
      [10/11/2016 16:12:49] - |AD| - [1567146567] - C:\Users\John\AppData\Roaming
      [05/11/2016 16:01:08] - |D| - [64852] - C:\Users\John\AppData\Local\2BrightSparks
      [21/07/2016 11:15:26] - |D| - [7460839] - C:\Users\John\AppData\Local\4kdownload.com
      [15/07/2016 14:17:57] - |D| - [385121393] - C:\Users\John\AppData\Local\8pecxstudios
      [15/07/2016 14:04:38] - |D| - [0] - C:\Users\John\AppData\Local\ActiveSync
      [17/07/2016 14:26:35] - |D| - [80114] - C:\Users\John\AppData\Local\Adobe
      [15/07/2016 14:05:33] - |D| - [124997675] - C:\Users\John\AppData\Local\AMD
      [10/11/2016 16:12:49] - |SHD| - [13212282637] - C:\Users\John\AppData\Local\Application Data
      [18/07/2016 16:31:28] - |D| - [0] - C:\Users\John\AppData\Local\Apps
      [16/07/2016 11:46:24] - |D| - [366364] - C:\Users\John\AppData\Local\ashampoo
      [02/09/2016 15:25:10] - |D| - [0] - C:\Users\John\AppData\Local\Audacity
      [15/07/2016 16:07:05] - |D| - [0] - C:\Users\John\AppData\Local\CEF
      [17/07/2016 12:54:55] - |D| - [1688893] - C:\Users\John\AppData\Local\ClassicShell
      [15/07/2016 14:19:34] - |D| - [20996120] - C:\Users\John\AppData\Local\Comms
      [10/11/2016 16:16:42] - |D| - [1690377] - C:\Users\John\AppData\Local\ConnectedDevicesPlatform
      [17/07/2016 12:16:19] - |A| - [3584] - C:\Users\John\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
      [24/12/2016 16:48:21] - |D| - [3245056] - C:\Users\John\AppData\Local\drmingw
      [28/07/2016 16:34:57] - |D| - [0] - C:\Users\John\AppData\Local\ElevatedDiagnostics
      [03/12/2016 12:16:02] - |D| - [28678] - C:\Users\John\AppData\Local\FreeFixer
      [13/11/2016 13:50:28] - |D| - [2791] - C:\Users\John\AppData\Local\Google
      [15/07/2016 15:23:58] - |D| - [955] - C:\Users\John\AppData\Local\Hekasoft
      [10/11/2016 16:12:49] - |SHD| - [130] - C:\Users\John\AppData\Local\History
      [20/01/2017 13:36:52] - |AH| - [80396] - C:\Users\John\AppData\Local\IconCache.db
      [31/08/2016 13:41:00] - |D| - [62140661] - C:\Users\John\AppData\Local\ImpressionFacile
      [22/07/2016 17:44:07] - |D| - [11853448] - C:\Users\John\AppData\Local\Learnpulse
      [16/07/2016 16:18:15] - |D| - [0] - C:\Users\John\AppData\Local\MediaMonkey
      [10/11/2016 16:12:49] - |D| - [232713048] - C:\Users\John\AppData\Local\Microsoft
      [15/07/2016 17:08:55] - |D| - [0] - C:\Users\John\AppData\Local\Microsoft Help
      [15/07/2016 14:05:51] - |D| - [83515] - C:\Users\John\AppData\Local\MicrosoftEdge
      [28/09/2016 14:33:52] - |D| - [0] - C:\Users\John\AppData\Local\MusicBrainz
      [15/07/2016 14:02:38] - |D| - [160651535] - C:\Users\John\AppData\Local\Packages
      [16/07/2016 14:12:07] - |D| - [0] - C:\Users\John\AppData\Local\PeerDistRepub
      [06/12/2016 09:53:29] - |D| - [4111] - C:\Users\John\AppData\Local\PicturesToExe
      [16/07/2016 17:57:26] - |AD| - [2108] - C:\Users\John\AppData\Local\PowerPanel Personal Edition
      [15/07/2016 14:17:02] - |D| - [0] - C:\Users\John\AppData\Local\Programs
      [15/07/2016 14:02:44] - |D| - [0] - C:\Users\John\AppData\Local\Publishers
      [27/08/2016 15:46:08] - |D| - [817] - C:\Users\John\AppData\Local\ShamurShamur
      [16/07/2016 10:39:38] - |D| - [91611] - C:\Users\John\AppData\Local\Stardock
      [10/11/2016 16:12:49] - |D| - [1262556] - C:\Users\John\AppData\Local\Temp
      [10/11/2016 16:12:49] - |SHD| - [26304617] - C:\Users\John\AppData\Local\Temporary Internet Files
      [18/01/2017 10:52:28] - |D| - [0] - C:\Users\John\AppData\Local\Tempzxpsign585867b071174feb
      [18/01/2017 10:52:18] - |D| - [0] - C:\Users\John\AppData\Local\Tempzxpsignd49902c792104523
      [15/07/2016 16:16:25] - |D| - [62050286] - C:\Users\John\AppData\Local\Thunderbird
      [15/07/2016 14:02:38] - |D| - [15949824] - C:\Users\John\AppData\Local\TileDataLayer
      [15/07/2016 14:02:39] - |D| - [577439] - C:\Users\John\AppData\Local\VirtualStore
      [16/07/2016 10:25:46] - |D| - [160368763] - C:\Users\John\AppData\Local\VS Revo Group
      [06/12/2016 09:53:29] - |D| - [0] - C:\Users\John\AppData\Local\WnSoft-WaveCache
      [19/11/2016 13:03:39] - |D| - [68322687] - C:\Users\John\AppData\Local\Zemana
      [11/11/2016 08:55:59] - |D| - [0] - C:\Users\John\AppData\LocalLow\AMD
      [15/07/2016 15:24:28] - |D| - [518660] - C:\Users\John\AppData\LocalLow\LastPass
      [15/07/2016 14:02:50] - |SD| - [3860719] - C:\Users\John\AppData\LocalLow\Microsoft
      [26/11/2016 09:17:05] - |D| - [0] - C:\Users\John\AppData\LocalLow\Mozilla
      [05/11/2016 16:01:08] - |D| - [0] - C:\Users\John\AppData\Roaming\2BrightSparks
      [15/07/2016 14:17:57] - |D| - [126034240] - C:\Users\John\AppData\Roaming\8pecxstudios
      [15/07/2016 14:02:38] - |D| - [1381691] - C:\Users\John\AppData\Roaming\Adobe
      [16/07/2016 11:47:35] - |D| - [4414773] - C:\Users\John\AppData\Roaming\Ashampoo
      [15/07/2016 14:54:02] - |D| - [2253] - C:\Users\John\AppData\Roaming\ASUS
      [02/09/2016 15:25:10] - |D| - [4908] - C:\Users\John\AppData\Roaming\Audacity
      [15/07/2016 16:05:46] - |D| - [14763644] - C:\Users\John\AppData\Roaming\AVAST Software
      [17/07/2016 12:54:28] - |D| - [2221] - C:\Users\John\AppData\Roaming\ClassicShell
      [05/11/2016 15:33:39] - |D| - [0] - C:\Users\John\AppData\Roaming\cryptlib
      [16/07/2016 15:49:55] - |D| - [5854236] - C:\Users\John\AppData\Roaming\Firetrust
      [16/07/2016 10:22:47] - |D| - [6096058] - C:\Users\John\AppData\Roaming\Foxit Software
      [01/09/2016 14:02:53] - |D| - [109276] - C:\Users\John\AppData\Roaming\FreeFileSync
      [03/12/2016 12:16:02] - |D| - [0] - C:\Users\John\AppData\Roaming\FreeFixer
      [15/07/2016 15:23:29] - |D| - [7] - C:\Users\John\AppData\Roaming\Hekasoft
      [22/07/2016 17:44:04] - |D| - [65326] - C:\Users\John\AppData\Roaming\Learnpulse
      [16/07/2016 15:50:34] - |D| - [1027] - C:\Users\John\AppData\Roaming\Macromedia
      [16/07/2016 16:18:09] - |D| - [33880210] - C:\Users\John\AppData\Roaming\MediaMonkey
      [10/11/2016 16:12:49] - |SD| - [6838348] - C:\Users\John\AppData\Roaming\Microsoft
      [12/11/2016 17:29:17] - |D| - [0] - C:\Users\John\AppData\Roaming\Mozilla
      [05/10/2016 11:49:16] - |D| - [452] - C:\Users\John\AppData\Roaming\PhotoLine
      [16/07/2016 17:00:19] - |D| - [18006] - C:\Users\John\AppData\Roaming\PotPlayerMini64
      [15/07/2016 17:19:44] - |D| - [101986168] - C:\Users\John\AppData\Roaming\Skype
      [04/11/2016 15:45:59] - |D| - [7482511] - C:\Users\John\AppData\Roaming\Solveig Multimedia
      [16/07/2016 10:39:38] - |D| - [87665408] - C:\Users\John\AppData\Roaming\Stardock
      [16/07/2016 10:39:40] - |A| - [0] - C:\Users\John\AppData\Roaming\Stardockfences_debug_snapshot.dat
      [15/07/2016 16:16:25] - |D| - [1108326312] - C:\Users\John\AppData\Roaming\Thunderbird
      [16/07/2016 13:59:09] - |D| - [797545] - C:\Users\John\AppData\Roaming\uTorrent
      [17/07/2016 11:34:20] - |D| - [73298] - C:\Users\John\AppData\Roaming\VideoReDo-TVSuite4
      [23/07/2016 14:05:13] - |D| - [282] - C:\Users\John\AppData\Roaming\Wise Uninstaller
      [15/07/2016 15:43:16] - |D| - [46844185] - C:\Users\John\AppData\Roaming\XYplorer
      [06/10/2016 14:33:19] - |D| - [14241846] - C:\Users\John\AppData\Roaming\ZHP
      [15/07/2016 14:02:39] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
      [10/11/2016 16:12:49] - |RD| - [28878] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
      [10/11/2016 16:12:49] - |RD| - [3888] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
      [10/11/2016 16:12:49] - |RD| - [2925] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
      [15/07/2016 14:02:39] - |RD| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [12/12/2016 12:50:47] - |D| - [3821] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ALA
      [15/10/2016 14:07:37] - |A| - [1393] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo Burning Studio 16.lnk
      [15/07/2016 14:10:34] - |A| - [1243] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CNext.lnk
      [10/11/2016 16:16:43] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
      [10/11/2016 16:12:49] - |D| - [170] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
      [15/07/2016 14:04:08] - |A| - [2360] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
      [15/07/2016 14:02:39] - |RD| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
      [10/11/2016 16:12:49] - |RD| - [5318] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
      [10/11/2016 16:12:49] - |RD| - [7238] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
      [15/07/2016 14:02:39] - |ASH| - [174] - C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | [Public]
      ---------- | C:\ProgramData [18/01/2017 10:52:17] - |D| - [0] - C:\ProgramData\Adobe
      [17/07/2016 10:29:58] - |D| - [26720] - C:\ProgramData\AMD
      [10/11/2016 16:16:35] - |SHD| - [17130792365] - C:\ProgramData\Application Data
      [16/07/2016 11:46:13] - |D| - [523938] - C:\ProgramData\Ashampoo
      [31/08/2016 13:41:09] - |D| - [0] - C:\ProgramData\Avanquest Software
      [15/07/2016 16:04:41] - |D| - [73482099] - C:\ProgramData\AVAST Software
      [01/11/2016 13:35:36] - |D| - [11736] - C:\ProgramData\ClassicShell
      [16/07/2016 22:47:48] - |D| - [0] - C:\ProgramData\Comms
      [10/11/2016 16:16:35] - |SHD| - [29551] - C:\ProgramData\Desktop
      [10/11/2016 16:16:35] - |SHD| - [278] - C:\ProgramData\Documents
      [17/07/2016 11:24:52] - |D| - [3993517] - C:\ProgramData\EPSON
      [16/07/2016 15:49:02] - |D| - [15556274] - C:\ProgramData\Firetrust
      [15/07/2016 14:40:43] - |D| - [14556643] - C:\ProgramData\Intel
      [17/07/2016 10:37:29] - |D| - [261909742] - C:\ProgramData\Macrium
      [18/12/2016 10:09:50] - |D| - [66947826] - C:\ProgramData\Malwarebytes
      [16/07/2016 16:18:08] - |D| - [295241] - C:\ProgramData\MediaMonkey
      [16/07/2016 22:47:48] - |SD| - [790622413] - C:\ProgramData\Microsoft
      [15/07/2016 17:08:55] - |D| - [7594] - C:\ProgramData\Microsoft Help
      [10/11/2016 16:18:12] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
      [31/08/2016 13:41:00] - |A| - [117] - C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
      [17/07/2016 10:59:11] - |RASH| - [8] - C:\ProgramData\ntuser.pol
      [10/11/2016 16:12:07] - |D| - [367023011] - C:\ProgramData\Package Cache
      [16/07/2016 22:47:48] - |D| - [1001] - C:\ProgramData\regid.1991-06.com.microsoft
      [15/07/2016 17:19:41] - |D| - [43524096] - C:\ProgramData\Skype
      [16/07/2016 22:47:48] - |D| - [0] - C:\ProgramData\SoftwareDistribution
      [16/07/2016 10:39:38] - |D| - [9638796] - C:\ProgramData\Stardock
      [10/11/2016 16:16:35] - |SHD| - [142635] - C:\ProgramData\Start Menu
      [19/12/2016 16:48:48] - |D| - [160] - C:\ProgramData\TechSmith
      [17/07/2016 11:34:23] - |AD| - [0] - C:\ProgramData\TEMP
      [10/11/2016 16:16:35] - |SHD| - [0] - C:\ProgramData\Templates
      [13/12/2016 11:31:39] - |D| - [2] - C:\ProgramData\Ultra Adware Killer
      [16/07/2016 22:47:48] - |D| - [968] - C:\ProgramData\USOPrivate
      [10/11/2016 16:17:28] - |D| - [1114112] - C:\ProgramData\USOShared
      [16/07/2016 10:25:45] - |D| - [1786] - C:\ProgramData\VS Revo Group ---------- | C:\ProgramData\Microsoft\Windows\Start Menu [16/07/2016 22:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
      [16/07/2016 22:47:48] - |RD| - [141417] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
      [17/07/2016 11:04:47] - |A| - [1044] - C:\ProgramData\Microsoft\Windows\Start Menu\VueScan x64.lnk ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs [24/10/2016 11:58:26] - |D| - [1351] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
      [16/07/2016 22:47:48] - |RD| - [1614] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
      [16/07/2016 22:47:48] - |RD| - [14299] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
      [16/07/2016 22:47:48] - |RD| - [23012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
      [10/11/2016 16:12:13] - |D| - [2003] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
      [16/07/2016 11:46:24] - |D| - [2943] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
      [15/07/2016 14:53:56] - |D| - [1371] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar Essence STX Audio
      [02/09/2016 15:24:02] - |A| - [1088] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
      [15/07/2016 16:05:45] - |A| - [1979] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
      [01/11/2016 13:35:23] - |D| - [4719] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
      [16/07/2016 17:57:26] - |D| - [4320] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberPower PowerPanel Personal Edition
      [22/08/2016 15:22:59] - |D| - [3220] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
      [16/07/2016 22:47:50] - |ASH| - [796] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
      [16/07/2016 15:49:42] - |D| - [4137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firetrust
      [17/07/2016 16:11:48] - |D| - [2189] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\i-Menu
      [16/07/2016 22:43:50] - |RAS| - [2349] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk
      [31/08/2016 13:11:20] - |D| - [1922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inpaint
      [17/07/2016 10:42:24] - |D| - [2030] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
      [16/07/2016 22:47:48] - |D| - [170] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
      [18/12/2016 10:09:53] - |D| - [4038] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
      [16/07/2016 16:18:09] - |D| - [4247] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
      [15/07/2016 17:12:19] - |D| - [29434] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
      [16/07/2016 22:42:22] - |RAS| - [2219] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk
      [18/07/2016 13:55:33] - |D| - [7109] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
      [16/07/2016 22:43:50] - |RAS| - [2199] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk
      [16/07/2016 10:25:45] - |D| - [3535] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
      [15/07/2016 17:19:43] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
      [16/07/2016 10:39:37] - |D| - [2089] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
      [16/07/2016 22:47:48] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
      [16/07/2016 22:47:48] - |RD| - [2670] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
      [17/07/2016 11:34:23] - |D| - [3315] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoReDo
      [10/11/2016 16:14:00] - |A| - [1576] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
      [20/01/2017 13:06:10] - |D| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware ---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup [16/07/2016 22:47:50] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini ---------- | C:\Program Files (x86) [24/10/2016 11:58:23] - |D| - [124113891] - C:\Program Files (x86)\4KDownload
      [12/12/2016 12:50:47] - |D| - [1868888] - C:\Program Files (x86)\ALA
      [10/11/2016 16:12:12] - |AD| - [56201665] - C:\Program Files (x86)\AMD
      [16/07/2016 11:46:13] - |D| - [571802231] - C:\Program Files (x86)\Ashampoo
      [02/09/2016 15:24:00] - |AD| - [60007596] - C:\Program Files (x86)\Audacity
      [16/07/2016 17:04:24] - |D| - [138648186] - C:\Program Files (x86)\Common Files
      [16/07/2016 17:57:26] - |AD| - [7451812] - C:\Program Files (x86)\CyberPower PowerPanel Personal Edition
      [16/07/2016 22:47:50] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
      [16/07/2016 15:49:42] - |D| - [20313812] - C:\Program Files (x86)\Firetrust
      [16/07/2016 10:21:04] - |D| - [523087461] - C:\Program Files (x86)\Foxit Software
      [17/07/2016 16:11:48] - |AD| - [19876210] - C:\Program Files (x86)\i-Menu
      [15/07/2016 14:54:03] - |HD| - [5681879] - C:\Program Files (x86)\InstallShield Installation Information
      [15/07/2016 14:40:43] - |D| - [1336022] - C:\Program Files (x86)\Intel
      [16/07/2016 22:47:48] - |D| - [1988463] - C:\Program Files (x86)\Internet Explorer
      [16/07/2016 16:18:07] - |AD| - [56791189] - C:\Program Files (x86)\MediaMonkey
      [15/07/2016 17:09:34] - |D| - [39769547] - C:\Program Files (x86)\Microsoft Analysis Services
      [15/07/2016 17:08:55] - |D| - [4155781] - C:\Program Files (x86)\Microsoft Office
      [16/07/2016 22:47:48] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
      [15/07/2016 16:13:45] - |AD| - [87742116] - C:\Program Files (x86)\Mozilla Thunderbird
      [11/11/2016 11:01:26] - |D| - [25757] - C:\Program Files (x86)\MSBuild
      [15/07/2016 14:54:01] - |D| - [765952] - C:\Program Files (x86)\OpenAL
      [11/11/2016 11:01:26] - |D| - [36957953] - C:\Program Files (x86)\Reference Assemblies
      [15/07/2016 17:19:43] - |RD| - [85152973] - C:\Program Files (x86)\Skype
      [16/07/2016 10:39:37] - |D| - [16195056] - C:\Program Files (x86)\Stardock
      [10/11/2016 16:14:53] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
      [16/07/2016 13:59:52] - |AD| - [396152] - C:\Program Files (x86)\uTorrent
      [17/07/2016 11:34:20] - |AD| - [75376266] - C:\Program Files (x86)\VideoReDoTVSuite4
      [15/08/2016 17:01:08] - |D| - [220079] - C:\Program Files (x86)\VirusTotalUploader2
      [16/07/2016 22:47:48] - |D| - [1922048] - C:\Program Files (x86)\Windows Defender
      [16/07/2016 22:47:48] - |D| - [5958656] - C:\Program Files (x86)\Windows Mail
      [16/07/2016 22:47:48] - |D| - [3264664] - C:\Program Files (x86)\Windows Media Player
      [16/07/2016 22:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Multimedia Platform
      [16/07/2016 22:47:48] - |D| - [7466690] - C:\Program Files (x86)\Windows NT
      [16/07/2016 22:47:48] - |D| - [5418176] - C:\Program Files (x86)\Windows Photo Viewer
      [16/07/2016 22:47:48] - |D| - [34128] - C:\Program Files (x86)\Windows Portable Devices
      [16/07/2016 22:47:48] - |SHD| - [0] - C:\Program Files (x86)\Windows Sidebar
      [16/07/2016 22:47:48] - |D| - [3222839] - C:\Program Files (x86)\WindowsPowerShell
      [19/11/2016 13:04:04] - |AD| - [16862105] - C:\Program Files (x86)\Zemana AntiMalware ---------- | C:\Program Files [24/01/2017 13:18:29] - |D| - [7983488] - C:\Program Files\9-lab
      [10/11/2016 16:11:53] - |AD| - [151556709] - C:\Program Files\AMD
      [15/07/2016 14:53:55] - |D| - [12274616] - C:\Program Files\ASUS Xonar Essence STX Audio
      [10/11/2016 16:12:12] - |AD| - [189078] - C:\Program Files\ATI Technologies
      [15/07/2016 16:05:37] - |D| - [672979221] - C:\Program Files\AVAST Software
      [01/11/2016 13:35:23] - |D| - [10118035] - C:\Program Files\Classic Shell
      [16/07/2016 17:04:24] - |D| - [269079103] - C:\Program Files\Common Files
      [15/07/2016 14:17:49] - |AD| - [119691438] - C:\Program Files\Cyberfox
      [16/07/2016 16:59:34] - |D| - [75150277] - C:\Program Files\DAUM
      [16/07/2016 22:47:50] - |ASH| - [174] - C:\Program Files\desktop.ini
      [01/09/2016 14:02:06] - |AD| - [46196986] - C:\Program Files\FreeFileSync
      [15/07/2016 15:23:29] - |AD| - [2284117] - C:\Program Files\Hekasoft Backup & Restore
      [31/08/2016 13:11:20] - |AD| - [15199322] - C:\Program Files\Inpaint
      [15/07/2016 14:42:21] - |AD| - [26740] - C:\Program Files\Intel
      [16/07/2016 22:47:47] - |D| - [2580826] - C:\Program Files\Internet Explorer
      [17/07/2016 10:42:24] - |D| - [181879847] - C:\Program Files\Macrium
      [18/12/2016 10:09:50] - |D| - [131019021] - C:\Program Files\Malwarebytes
      [15/07/2016 17:09:34] - |D| - [66182091] - C:\Program Files\Microsoft Analysis Services
      [15/07/2016 17:08:55] - |AD| - [576152023] - C:\Program Files\Microsoft Office
      [11/11/2016 11:01:26] - |D| - [25757] - C:\Program Files\MSBuild
      [18/07/2016 13:55:33] - |AD| - [8464279] - C:\Program Files\PowerISO
      [11/11/2016 11:01:26] - |D| - [34617001] - C:\Program Files\Reference Assemblies
      [27/04/2016 17:34:16] - |HD| - [0] - C:\Program Files\Uninstall Information
      [16/07/2016 10:25:44] - |D| - [41385246] - C:\Program Files\VS Revo Group
      [17/07/2016 11:04:46] - |D| - [33914848] - C:\Program Files\VueScan
      [16/07/2016 22:47:47] - |RD| - [14858410] - C:\Program Files\Windows Defender
      [17/07/2016 01:29:36] - |D| - [6281288] - C:\Program Files\Windows Defender Advanced Threat Protection
      [16/07/2016 22:47:47] - |D| - [6181888] - C:\Program Files\Windows Mail
      [16/07/2016 22:47:47] - |D| - [4971196] - C:\Program Files\Windows Media Player
      [16/07/2016 22:47:47] - |D| - [37784] - C:\Program Files\Windows Multimedia Platform
      [16/07/2016 22:47:47] - |D| - [7730882] - C:\Program Files\Windows NT
      [16/07/2016 22:47:47] - |D| - [6216896] - C:\Program Files\Windows Photo Viewer
      [16/07/2016 22:47:47] - |D| - [37784] - C:\Program Files\Windows Portable Devices
      [16/07/2016 22:47:47] - |SHD| - [0] - C:\Program Files\Windows Sidebar
      [16/07/2016 22:47:47] - |HD| - [1111920222] - C:\Program Files\WindowsApps
      [16/07/2016 22:47:47] - |D| - [3639928] - C:\Program Files\WindowsPowerShell ---------- | C:\Program Files (x86)\Common Files [10/11/2016 16:12:16] - |D| - [337630] - C:\Program Files (x86)\Common Files\logishrd
      [16/07/2016 22:47:48] - |AD| - [125839059] - C:\Program Files (x86)\Common Files\Microsoft Shared
      [16/07/2016 22:47:48] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
      [11/11/2016 11:48:15] - |AD| - [2581120] - C:\Program Files (x86)\Common Files\Skype
      [16/07/2016 22:47:48] - |D| - [9887675] - C:\Program Files (x86)\Common Files\System ---------- | C:\Program Files\Common files [10/11/2016 16:11:54] - |D| - [2638144] - C:\Program Files\Common files\ATI Technologies
      [23/07/2016 14:15:24] - |AD| - [99992] - C:\Program Files\Common files\DESIGNER
      [17/07/2016 11:26:10] - |D| - [152640] - C:\Program Files\Common files\EPSON
      [10/11/2016 16:12:15] - |D| - [1022022] - C:\Program Files\Common files\logishrd
      [16/07/2016 22:47:47] - |AD| - [254479768] - C:\Program Files\Common files\microsoft shared
      [16/07/2016 22:47:47] - |D| - [2702] - C:\Program Files\Common files\Services
      [16/07/2016 22:47:47] - |D| - [10683835] - C:\Program Files\Common files\System ---------- | Tasks [MD5.D30F8816AF69EFEBC4AA28033865FF7E] - [18/11/2016 12:12:44] - |A| - [830] - C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
      [MD5.1B89EB54F8FB57EA2E8A98EE0412725A] - [24/09/2016 14:28:24] - |A| - [214] - C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
      [MD5.09970ABE8E8DB299E79E1A26834A2653] - [01/10/2016 10:31:17] - |A| - [749] - C:\WINDOWS\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job
      [MD5.6C64775151600A736761DCB4B967DA23] - [01/10/2016 10:31:17] - |A| - [935] - C:\WINDOWS\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}.job
      [MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [10/11/2016 16:15:47] - |AH| - [6] - C:\WINDOWS\Tasks\SA.DAT
      [MD5.00000000000000000000000000000000] - [10/11/2016 16:15:47] - |D| - [0] - C:\WINDOWS\System32\Tasks\2BrightSparks
      [MD5.202A4A8E61E949FE3A7F6F71B0F69856] - [18/11/2016 12:12:44] - |A| - [3818] - C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater         :   C:\WINDOWS\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
      [MD5.BB91DE30AA99425F2389D2A20996A502] - [10/11/2016 16:15:47] - |A| - [4004] - C:\WINDOWS\System32\Tasks\avast! Emergency Update         :   C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
      [MD5.96A11ED431FE61A859A7A7EB730B2F9C] - [10/11/2016 16:15:47] - |A| - [3370] - C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Invitation {FAEDF3DB-11CF-420C-8314-1B3775AEC002}         :   C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
      [MD5.88B8463A6ED97CFE00CC972916ACECA9] - [10/11/2016 16:15:47] - |A| - [3548] - C:\WINDOWS\System32\Tasks\EPSON WF-3640 Series Update {FAEDF3DB-11CF-420C-8314-1B3775AEC002}         :   C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSKDE.EXE
      [MD5.00000000000000000000000000000000] - [16/07/2016 22:47:48] - |D| - [501182] - C:\WINDOWS\System32\Tasks\Microsoft
      [MD5.00000000000000000000000000000000] - [10/11/2016 16:15:48] - |D| - [4522] - C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
      [MD5.00000000000000000000000000000000] - [16/07/2016 22:47:48] - |D| - [0] - C:\WINDOWS\Syswow64\Tasks\Microsoft ---------- | Firewall [HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
      "vm-monitoring-dcom"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=135|App=%SystemRoot%\system32\svchost.exe|Svc=RpcSs|Name=@icsvc.dll,-709|Desc=@icsvc.dll,-710|EmbedCtxt=@icsvc.dll,-700|
      "vm-monitoring-icmpv4"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=1|Name=@icsvc.dll,-701|Desc=@icsvc.dll,-702|EmbedCtxt=@icsvc.dll,-700|
      "vm-monitoring-icmpv6"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=58|Name=@icsvc.dll,-703|Desc=@icsvc.dll,-704|EmbedCtxt=@icsvc.dll,-700|
      "vm-monitoring-nb-session"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=139|Name=@icsvc.dll,-705|Desc=@icsvc.dll,-706|EmbedCtxt=@icsvc.dll,-700|
      "vm-monitoring-rpc"=v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\system32\svchost.exe|Svc=Schedule|Name=@icsvc.dll,-707|Desc=@icsvc.dll,-708|EmbedCtxt=@icsvc.dll,-700|
      "Wininit-Shutdown-In-Rule-TCP-RPC"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36753|Desc=@firewallapi.dll,-36754|EmbedCtxt=@firewallapi.dll,-36751|
      "Wininit-Shutdown-In-Rule-TCP-RPC-EPMapper"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC-EPMap|App=%systemroot%\system32\wininit.exe|Name=@firewallapi.dll,-36755|Desc=@firewallapi.dll,-36756|EmbedCtxt=@firewallapi.dll,-36751|
      "Netlogon-NamedPipe-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
      "Netlogon-TCP-RPC-In"=v2.26|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=RPC|App=%SystemRoot%\System32\lsass.exe|Name=@netlogon.dll,-1008|Desc=@netlogon.dll,-1009|EmbedCtxt=@netlogon.dll,-1010|
      "WirelessDisplay-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10200|Desc=@wifidisplay.dll,-10201|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
      "WirelessDisplay-Out-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10202|Desc=@wifidisplay.dll,-10203|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
      "WirelessDisplay-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Private|Profile=Public|App=%systemroot%\system32\WUDFHost.exe|Name=@wifidisplay.dll,-10204|Desc=@wifidisplay.dll,-10205|LUAuth=O:LSD:(A;;CC;;;S-1-5-84-0-0-0-0-0)|EmbedCtxt=@wifidisplay.dll,-100|TTK2_22=WFDDisplay|
      "WirelessDisplay-Infra-In-TCP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|Profile=Public|LPort=7250|App=%systemroot%\system32\CastSrv.exe|Name=@wifidisplay.dll,-10206|Desc=@wifidisplay.dll,-10207|EmbedCtxt=@wifidisplay.dll,-100|
      "MDNS-In-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort2_24=mDNS|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37303|Desc=@%SystemRoot%\system32\firewallapi.dll,-37304|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
      "MDNS-Out-UDP"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|LPort=5353|App=%SystemRoot%\system32\svchost.exe|Svc=dnscache|Name=@%SystemRoot%\system32\firewallapi.dll,-37305|Desc=@%SystemRoot%\system32\firewallapi.dll,-37306|EmbedCtxt=@%SystemRoot%\system32\firewallapi.dll,-37302|
      "DeliveryOptimization-TCP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-102|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
      "DeliveryOptimization-UDP-In"=v2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=7680|App=%SystemRoot%\system32\svchost.exe|Svc=dosvc|Name=@%systemroot%\system32\dosvc.dll,-103|Desc=@%systemroot%\system32\dosvc.dll,-104|EmbedCtxt=@%systemroot%\system32\dosvc.dll,-100|Edge=TRUE|
      "{6E02EDC5-5B51-4FBF-9A42-6C549FE2F8E1}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=8612|App=C:\Program Files\VueScan\vuescan.exe|Name=VueScan (canon-bjnp2-In)|Desc=Inbound rule for VueScan to allow searching network for legacy Canon scanners.|
      "{BD4885C8-3297-4CAF-955D-C4798CA65EEA}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5353|App=C:\Program Files\VueScan\vuescan.exe|Name=VueScan (mDNS-In)|Desc=Inbound rule for VueScan to allow searching network for scanners using mDNS.|
      "{00FF91AC-7766-460C-85DF-7DA7366849E8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\MediaMonkey\MediaMonkey.exe|Name=MediaMonkey auto-conf 1328497419|
      "{2BBF161C-9403-493C-B659-F591ED39EDD8}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=17|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (UDP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
      "{97D71CC0-B247-4ADE-B9CA-B8D46510D6E2}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Protocol=6|App=C:\Program Files (x86)\uTorrent\uTorrent.exe|Name=µTorrent (TCP-In)|Desc=Allow µTorrent network traffic with Edge Traversal|Edge=TRUE|
      "{EF71B855-1CE4-4569-9CE9-AC990983B87D}"=v2.25|Action=Allow|Active=TRUE|Dir=In|App=C:\Program Files (x86)\Skype\Phone\Skype.exe|Name=Skype|
      "{DB4754A4-1643-406F-AC7B-EA58F494E227}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{384D0EF4-88EC-497D-8FCE-87728664CB98}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1000|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{804EECA6-4E4C-4303-A7D0-22AD25B64F1E}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
      "{14D5127A-5277-4D63-9E5A-64465DE0CE72}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Desc=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/Description}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3137318289-415437605-3491609480-3741388289-878520165-689859088-69748861|EmbedCtxt=@{Windows.PurchaseDialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.PurchaseDialog/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{79D23DB5-67E8-4D5B-B4BB-1F3D9D5DDC81}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{6A8D883B-BF8C-4147-9381-A05F8EEC6475}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{7D8EEA86-4296-4000-B4D6-0BE76F117281}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Desc=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3833609522-3861047620-3675164185-1739081557-594447883-3111017752-456581032|EmbedCtxt=@{Microsoft.XboxIdentityProvider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxIdentityProvider/Resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{A9754056-E5D6-43CC-AF4C-D5777E1E9BB0}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{22C5E545-4446-4C3E-B9C6-142D881A82CD}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Desc=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1322174799-1054373777-2441082058-564842223-2721992343-4124100487-3261661085|EmbedCtxt=@{Microsoft.WindowsFeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.WindowsFeedback/FeedbackApp.Resources/AppName/Text}|Platform=2:6:2|Platform2=GTEQ|
      "{CD419A58-7EC1-4CD6-BE5E-DBEA1A04FFF8}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{33E46CBC-5152-4C31-9A73-C39AA98F5376}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
      "{DDE80687-9317-45D6-9ECF-7635CA79E916}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Desc=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-4016783169-893401051-2237370320-274899566-412088533-2398988950-2155762795|EmbedCtxt=@{Microsoft.Windows.FeatureOnDemand.InsiderHub_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.FeatureOnDemand.InsiderHub/Resources/AppStoreName}|Platform=2:6:2|Platform2=GTEQ|
      "{C950B8FD-8397-42BC-8C83-56BC9D0FB6E6}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{3B2266F9-D0A8-457D-A002-D7D9124B9CCB}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{894C4550-7760-4D43-85D3-28DB720CF830}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{CCD9DB1A-8EE1-4902-AA88-026B9B8C4BD4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{9DC17756-D478-4A4D-940F-ED27A70A9221}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Desc=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{3DB7BB9F-5885-47A3-8C8C-0D73F70998BF}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{4F5C4C9E-3EFE-4F11-8678-142439A48325}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{CD1CDA90-9CB1-486B-A449-ECD34731C7C4}"=v2.25|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{A5B8B344-41B4-4C91-927A-3CAC18C5D16B}"=v2.25|Action=Allow|Active=TRUE|Dir=Out|Name=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-500|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{EDA9A1C8-E4D2-4D7F-B606-BE4D48BDB532}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=windows_ie_ac_001|Desc=Created by IE|LUOwn=S-1-5-18|AppPkgId=S-1-15-2-1430448594-2639229838-973813799-439329657-1197984847-4069167804-1277922394|EmbedCtxt=windows_ie_ac_001|Platform=2:6:2|Platform2=GTEQ|
      "{229EE879-D1FF-444D-BF1A-267250F49986}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{462841C1-BCAE-457C-B9B5-58AEAC362F6D}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Desc=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272|EmbedCtxt=@{Microsoft.AAD.BrokerPlugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{6927B265-8737-4EBC-81F2-5D78B86DF926}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{27D1A47D-F7C8-415F-92E8-9D323430B247}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Desc=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2434737943-167758768-3180539153-984336765-1107280622-3591121930-2677285773|EmbedCtxt=@{Microsoft.Windows.CloudExperienceHost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}|Platform=2:6:2|Platform2=GTEQ|
      "{BB6D8200-DD74-440B-A0D9-9D0FE77B14A7}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Desc=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-155514346-2573954481-755741238-1654018636-1233331829-3075935687-2861478708|EmbedCtxt=@{Microsoft.Windows.ShellExperienceHost_10.0.14393.447_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{23227A95-604C-4806-B473-20769E15F9B1}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{33AC586B-A8D2-41F3-A970-9683D7F1D8F9}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Desc=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/ProductDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742|EmbedCtxt=@{Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{F0E6C910-5001-4EB8-8BF1-2F0B6F680CAE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Desc=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-969871995-3242822759-583047763-1618006129-3578262429-3647035748-2471858633|EmbedCtxt=@{Microsoft.AccountsControl_10.0.14393.447_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{FF9E7C7B-C7CD-4607-9414-21CE344626C2}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Desc=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2758101530-1321080646-1475665648-4066602542-2880396197-3643791541-2654759312|EmbedCtxt=@{Microsoft.LockApp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{461E208C-89A2-4E0D-A5DF-3357AEBA8ADF}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|
      "{F462D453-BD09-4DFC-9CB1-A40ACD2CB60A}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{41875873-9EAA-4319-AC69-0A2F83D04BE4}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices|
      "{E868F82C-C822-4D33-BF11-B53915945BD5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Public|IFType=Wireless|Name=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Desc=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1162584699-752881360-2552798240-2633183829-2219405937-1046343680-2483954874|EmbedCtxt=@{Microsoft.PPIProjection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.PPIProjection/resources/ProductName}|Platform=2:6:2|Platform2=GTEQ|TTK2_22=WFDDevices|
      "{E9791158-64F0-4404-8A5A-CFC6A6463810}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Desc=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1255970798-2717750985-493741290-1721212560-3530798636-1829112236-3118580706|EmbedCtxt=@{Microsoft.Windows.Apprep.ChxApp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{1FC98750-AB07-45AC-9558-0FE3FBBC8180}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Desc=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723|EmbedCtxt=@{Microsoft.Windows.ContentDeliveryManager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{BFA84485-FCD9-4F12-9C1A-8E22774BFF6B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Desc=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3072599432-1607568789-957273504-856596282-71567818-1546726304-1084662928|EmbedCtxt=@{Microsoft.Windows.ParentalControls_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ParentalControls/resources/DisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{EA726BB5-E50C-4A4C-AAE8-D40453646998}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName}|Desc=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDescription}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3733603082-4179795269-1217541644-381468798-1681740699-3059609168-2054985149|EmbedCtxt=@{Microsoft.Windows.SecureAssessmentBrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{58F22165-1917-4D76-B079-2F1D4AB281A5}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Desc=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-957941444-2271171641-4049211970-804197638-2225746618-2474488012-4131196493|EmbedCtxt=@{Microsoft.XboxGameCallableUI_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{9FD2D571-5218-40C7-8794-2A3ACD112B2B}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|
      "{24788DDF-A96A-42F7-ABEA-6460B3EADB91}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Desc=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-735366590-2037340711-2578745391-3096723288-1660081568-2625366440-3369012008|EmbedCtxt=@{Windows.ContactSupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.ContactSupport/Resources/appDisplayName}|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{4D5DDC9D-70DA-4A7E-8837-F424B5DD1294}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|
      "{EABB7793-AEC7-4B0F-85E8-F39B62D5AE7B}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Profile=Public|Name=Xbox|Desc=Xbox|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-4153522205-3718366397-1353898457-1332184198-1210887116-3116787857-2103916698|EmbedCtxt=Xbox|Platform=2:6:2|Platform2=GTEQ|Edge=TRUE|
      "{32E349FE-46C7-47B3-8C9F-7D2D82CF487D}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ|
      "{548084E8-0DE8-44BA-83AF-DB0BE113CAFC}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Desc=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246530975-808720366-1776470054-230329187-4153223113-3550430174-4193313734|EmbedCtxt=@{Microsoft.SkypeApp_11.4.86.0_x64__kzf8qxf38zg5c?ms-resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName}|Platform=2:6:2|Platform2=GTEQ|
      "{97FECF52-1FDD-4FD3-9732-05A1DE64E665}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Store Purchase App|Desc=Store Purchase App|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-2246242352-370130666-2593524754-1827188282-2313440240-2317694540-2761805292|EmbedCtxt=Store Purchase App|Platform=2:6:2|Platform2=GTEQ|
      "{F08F550B-F619-41AC-99B0-78D2CE69E496}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
      "{11087C58-9735-4599-830E-C0920E21C087}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=OneNote|Desc=OneNote|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3445883232-1224167743-206467785-1580939083-2750001491-3097792036-3019341970|EmbedCtxt=OneNote|Platform=2:6:2|Platform2=GTEQ|
      "{635797E5-BC7B-4612-9EDE-8318E88221CE}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Sticky Notes|Desc=Microsoft Sticky Notes|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-3539788797-2700867667-1432428195-1581642-2885308443-3834444517-2495346167|EmbedCtxt=Microsoft Sticky Notes|Platform=2:6:2|Platform2=GTEQ|
      "{D93E2B03-D594-478C-B156-1675495CBD47}"=v2.26|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|
      "{E7B13D76-957D-4F4E-AF6C-5E75527F0B9C}"=v2.26|Action=Allow|Active=TRUE|Dir=In|Profile=Domain|Profile=Private|Name=Microsoft Solitaire Collection|Desc=Microsoft Solitaire Collection|LUOwn=S-1-5-21-3754235531-495330377-4189813319-1001|AppPkgId=S-1-15-2-1985198343-3186790915-4047221937-1969271670-3792558349-1325541827-400269725|EmbedCtxt=Microsoft Solitaire Collection|Platform=2:6:2|Platform2=GTEQ|     ---------- | Control\Class [HKLM\SYSTEM\CurrentControlSet\Control\Class\{03F52937-1FD6-44FB-82C6-FE988F1B1D61}] : (aswSP) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{04A83FC2-2AE2-4C88-B45F-E9707B377636}] : (aswHwid) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{05f5cfe2-4733-4950-a6bb-07aad01a3a84}] : (XboxComposite) [] -> @dc1-controller.inf,%ClassName%;Xbox Peripherals
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{13e42dfa-85d9-424d-8646-28a70f864f9c}] : (RemotePosDevice) [] -> @remoteposdrv.inf,%ClassName%;POS Remote Device
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{14b62f50-3f15-11dd-ae16-0800200c9a66}] : (DigitalMediaDevices) [] -> @digitalmediadevice.inf,%ClassName%;Digital Media Devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}] : (PrintQueue) [] -> @printqueue.inf,%ClassName%;Print queues
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{24A0C840-2C3D-4410-8236-8B40816C7B90}] : (aswVmm) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{25dbce51-6c8f-4a72-8a6d-b54c2b4fc835}] : (WCEUSBS) [] -> @%SystemRoot%\System32\SysClass.Dll,-3026
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{268c95a1-edfe-11d3-95c3-0010dc4050a5}] : (Security Accelerator) [] -> @c_sslaccel.inf,%ClassName%;Security accelerators
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2a9fe532-0cdc-44f9-9827-76192f2ca2fb}] : (HidMsr) [] -> @c_magneticstripereader.inf,%ClassName%;POS HID Magnetic Stripe Reader
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2db15374-706e-4131-a0c7-d7c78eb0289a}] : (SystemRecovery) [] -> @c_fssystemrecovery.inf,%ClassDesc%;FS System recovery filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{2EA9B43F-3045-43B5-80F2-FD06C55FBB90}] : (vhdmp) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B648}] : (fvevol) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3163C566-D381-4467-87BC-A65A18D5B649}] : (fvevol) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{36fc9e60-c465-11cf-8056-444553540000}] : (USB) [] -> @%SystemRoot%\System32\SysClass.Dll,-3025
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3e3f0674-c83c-4558-bb26-9820e1eba5c5}] : (ContentScreener) [] -> @c_fscontentscreener.inf,%ClassDesc%;FS Content screener filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{3f966bd9-fa04-4ec5-991c-d326973b5128}] : (AndroidUsbDeviceClass) [] -> @oem37.inf,%ClassName%;SAMSUNG Android Phone
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675d81-502a-4a82-9f84-b75f418c5dea}] : (Media Center Extender) [] -> @c_mcx.inf,%ClassDesc%;Media Center Extenders
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658ee7e-f050-11d1-b6bd-00c04fa372a7}] : (PnpPrinters) [] -> @%SystemRoot%\system32\ntprint.dll,-1300
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721b56-6795-11d2-b1a8-0080c72e74a2}] : (Dot4) [] -> @%SystemRoot%\system32\sysclass.dll,-3023
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{48d3ebc4-4cf8-48ff-b869-9c68ad42eb9f}] : (Replication) [] -> @c_fsreplication.inf,%ClassDesc%;FS Replication filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{49ce6ac8-6f86-11d2-b1e5-0080c72e74a2}] : (Dot4Print) [] -> @%SystemRoot%\system32\sysclass.dll,-3024
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e965-e325-11ce-bfc1-08002be10318}] : (CDROM) [] -> @%SystemRoot%\System32\StorProp.dll,-17001
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e966-e325-11ce-bfc1-08002be10318}] : (Computer) [] -> @%SystemRoot%\System32\SysClass.dll,-3000
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e967-e325-11ce-bfc1-08002be10318}] : (DiskDrive) [] -> @c_diskdrive.inf,%ClassDesc%;Disk drives
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}] : (Display) [] -> @%SystemRoot%\System32\DispCI.dll,-3100
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e969-e325-11ce-bfc1-08002be10318}] : (FDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3013
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96a-e325-11ce-bfc1-08002be10318}] : (HDC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3001
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96b-e325-11ce-bfc1-08002be10318}] : (Keyboard) [] -> @%SystemRoot%\System32\SysClass.Dll,-3002
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96c-e325-11ce-bfc1-08002be10318}] : (MEDIA) [] -> @%SystemRoot%\System32\mmci.dll,-3000
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}] : (Modem) [] -> @%SystemRoot%\System32\mdminst.dll,-14100
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96e-e325-11ce-bfc1-08002be10318}] : (Monitor) [] -> @c_monitor.inf,%ClassDesc%;Monitors
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e96f-e325-11ce-bfc1-08002be10318}] : (Mouse) [] -> @%SystemRoot%\System32\SysClass.Dll,-3004
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e970-e325-11ce-bfc1-08002be10318}] : (MTD) [] -> @%SystemRoot%\System32\SysClass.Dll,-3021
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e971-e325-11ce-bfc1-08002be10318}] : (MultiFunction) [] -> @%SystemRoot%\System32\SysClass.Dll,-3014
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}] : (Net) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1502
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e973-e325-11ce-bfc1-08002be10318}] : (NetClient) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1504
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e974-e325-11ce-bfc1-08002be10318}] : (NetService) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1505
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e975-e325-11ce-bfc1-08002be10318}] : (NetTrans) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1503
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e977-e325-11ce-bfc1-08002be10318}] : (PCMCIA) [] -> @%SystemRoot%\System32\SysClass.Dll,-3010
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e978-e325-11ce-bfc1-08002be10318}] : (Ports) [] -> @%SystemRoot%\System32\msports.dll,-10000
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e979-e325-11ce-bfc1-08002be10318}] : (Printer) [] -> @%SystemRoot%\system32\ntprint.dll,-1004
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97b-e325-11ce-bfc1-08002be10318}] : (SCSIAdapter) [] -> @%SystemRoot%\System32\SysClass.Dll,-3005
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97d-e325-11ce-bfc1-08002be10318}] : (System) [] -> @%SystemRoot%\System32\SysClass.Dll,-3008
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e97e-e325-11ce-bfc1-08002be10318}] : (Unknown) [] -> @%SystemRoot%\System32\SysClass.Dll,-3009
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{4d36e980-e325-11ce-bfc1-08002be10318}] : (FloppyDisk) [] -> @%SystemRoot%\System32\SysClass.Dll,-3015
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127dc3-0f36-415e-a6cc-4cb3be910b65}] : (Processor) [] -> @c_processor.inf,%ClassDesc%;Processors
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906cb8-ba12-11d1-bf5d-0000f805f530}] : (MultiPortSerial) [] -> @%SystemRoot%\system32\sysclass.dll,-3022
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944a-f6b9-4057-a056-8c550228544c}] : (Memory) [] -> @%SystemRoot%\System32\SysClass.Dll,-3018
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{50dd5230-ba8a-11d1-bf5d-0000f805f530}] : (SmartCardReader) [] -> @%SystemRoot%\System32\StorProp.dll,-17002
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175d334-c371-4806-b3ba-71fd53c9258d}] : (Sensor) [] -> @%SystemRoot%\system32\SensorsCpl.dll,-10000
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{522119B9-1B9A-498A-AC52-148B533EFD50}] : (aswSP) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{533c5b84-ec70-11d2-9505-00c04f79deaf}] : (VolumeSnapshot) [] -> @%SystemRoot%\System32\SysClass.Dll,-3011
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53966cb1-4d46-4166-bf23-c522403cd495}] : (ScmDisk) [] -> @c_scmdisk.inf,%ClassDesc%;Persistent memory disks
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53ccb149-e543-4c84-b6e0-bce4f6b7e806}] : (ScmVolume) [] -> @c_scmvolume.inf,%ClassDesc%;Storage Class Memory volumes
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{53d29ef7-377c-4d14-864b-eb3a85769359}] : (Biometric) [] -> @%SystemRoot%\System32\SysClass.DLL,-3028
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5630831c-06c9-4856-b327-f5d32586e060}] : (Proximity) [] -> @c_proximity.inf,%ClassDesc%;Proximity devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5989fce8-9cd0-467d-8a6a-5419e31529d4}] : (AudioProcessingObject) [] -> @c_apo.inf,%ClassDesc%;Audio Processing Objects (APOs)
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5c4c3332-344d-483c-8739-259e934c9cc8}] : (SoftwareComponent) [] -> @c_swcomponent.inf,%ClassDesc%;Software components
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{5d1b9aaa-01e2-46af-849f-272b3f324c46}] : (FSFilterSystem) [] -> @c_fssystem.inf,%ClassDesc%;FS System filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{62f9c741-b25a-46ce-b54c-9bccce08b6f2}] : (SoftwareDevice) [] -> @c_swdevice.inf,%ClassDesc%;Software devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6880337A-1EB4-4EF2-9659-0FD2EC60CB1B}] : (aswSP) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6a0a8e78-bba6-4fc4-a709-1e33cd09d67e}] : (PhysicalQuotaManagement) [] -> @c_fsphysicalquotamgmt.inf,%ClassDesc%;FS Physical quota management filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc1-810f-11d0-bec7-08002be2092f}] : (1394) [] -> @%SystemRoot%\System32\SysClass.Dll,-3016
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc5-810f-11d0-bec7-08002be2092f}] : (Infrared) [] -> @%SystemRoot%\System32\NetCfgx.dll,-1501
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6bdd1fc6-810f-11d0-bec7-08002be2092f}] : (Image) [] -> @%SystemRoot%\system32\sti_ci.dll,-52
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6d807884-7d21-11cf-801c-08002be10318}] : (TapeDrive) [] -> @%SystemRoot%\System32\SysClass.Dll,-3006
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (BasicDisplay) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71a27cdd-812a-11d0-bec7-08002be2092f}] : (Volume) [] -> @c_volume.inf,%ClassDesc%;Storage volumes
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{71aa14f8-6fad-4622-ad77-92bb9d7e6947}] : (ContinuousBackup) [] -> @c_fscontinuousbackup.inf,%ClassDesc%;FS Continuous backup filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631e54-78a4-11d0-bcf7-00aa00b7b32a}] : (Battery) [] -> @%SystemRoot%\system32\powrprof.dll,-611
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{745a17a0-74d3-11d0-b6fe-00a0c90f57da}] : (HIDClass) [] -> @%SystemRoot%\System32\hid.dll,-101
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{772e18f2-8925-4229-a5ac-6453cb482fda}] : (HidCashDrawer) [] -> @c_cashdrawer.inf,%ClassName%;POS Cash Drawer
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{7ebefbc0-3200-11d2-b4c2-00a0c9697d07}] : (61883) [] -> @%SystemRoot%\System32\SysClass.Dll,-3019
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{81C87465-DE07-4EFC-9D93-61E891D52FD2}] : (RdpVideoMiniport) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8503c911-a6c7-4919-8f79-5028f5866b0c}] : (QuotaManagement) [] -> @c_fsquotamgmt.inf,%ClassDesc%;FS Quota management filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{87C077B2-3D3B-4156-938A-EA51B451D6C6}] : (aswSP) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88a1c342-4539-11d3-b88d-00c04fad5171}] : (TS_Generic) [] -> @ts_generic.inf,%TSClassName%;Generic Remote Desktop devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{88bae032-5a81-49f0-bc3d-a4ff138216d6}] : (USBDevice) [] -> @%SystemRoot%\System32\SysClass.Dll,-3029
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{89786ff1-9c12-402f-9c9e-17753c7f4375}] : (CopyProtection) [] -> @c_fscopyprotection.inf,%ClassDesc%;FS Copy protection filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8AE85550-832C-4A9B-81BB-2A49DBEE72B4}] : (aswRvrt) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ecc055d-047f-11d1-a537-0000f8753ed1}] : (LegacyDriver) [] -> @%SystemRoot%\System32\SysClass.Dll,-3003
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{990a2bd7-e738-46c7-b26f-1cf8fb9f1391}] : (SmartCard) [] -> @%SystemRoot%\System32\SysClass.DLL,-3031
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9d6d66a6-0b0c-4563-9077-a0e9a7955ae4}] : (Ramdisk) [] -> @ramdisk.inf,%ClassName%;RAM Disk drives
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{9da2b80f-f89f-4a49-a5c2-511b085b9e8a}] : (EhStorSilo) [] -> @rawsilo.inf,%ClassName%;IEEE 1667 silo and control devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a588a4-c46f-4b37-b7ea-c82fe89870c6}] : (SDHost) [] -> @%SystemRoot%\System32\SysClass.Dll,-3012
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{a0a701c0-a511-42ff-aa6c-06dc0395576f}] : (Encryption) [] -> @c_fsencryption.inf,%ClassDesc%;FS Encryption filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{A3E32DBA-BA89-4F17-8386-2D0127FBD4CC}] : (rdpbus) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b1d1a169-c54f-4379-81db-bee7d88d7454}] : (AntiVirus) [] -> @c_fsantivirus.inf,%ClassDesc%;FS Anti-virus filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{b86dff51-a31e-4bac-b3cf-e8cfe75c9fc2}] : (ActivityMonitor) [] -> @c_fsactivitymonitor.inf,%ClassDesc%;FS Activity monitor filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{bbbe8734-08fa-4966-b6a6-4e5ad010cdd7}] : (USBFunctionController) [] -> @%SystemRoot%\System32\SysClass.Dll,-3030
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c06ff265-ae09-48f0-812c-16753d7cba83}] : (AVC) [] -> @%SystemRoot%\System32\SysClass.Dll,-3027
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c166523c-fe0c-4a94-a586-f1a80cfbbf3e}] : (AudioEndpoint) [] -> @audioendpoint.inf,%ClassName%;Audio inputs and outputs
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c243ffbd-3afc-45e9-b3d3-2ba18bc7ebc5}] : (BarcodeScanner) [] -> @c_barcodescanner.inf,%ClassName%;POS Barcode Scanner
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c30ecea0-11ef-4ef9-b02e-6af81e6e65c0}] : (WSDPrintDevice) [] -> @wsdprint.inf,%ClassName%;WSD Print Provider
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{C4A06E97-ED42-47B9-83E1-F12299B286A5}] : (aswRdr) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{c7bc9b22-21f0-4f0d-9bb6-66c229b8cd33}] : (POSPrinter) [] -> @c_receiptprinter.inf,%ClassName%;POS Receipt Printer
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{cdcf0939-b75b-4630-bf76-80f7ba655884}] : (CFSMetadataServer) [] -> @c_fscfsmetadataserver.inf,%ClassDesc%;FS CFS metadata server filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{ce5939ae-ebde-11d0-b181-0000f8753ec4}] : (MediumChanger) [] -> @%SystemRoot%\System32\StorProp.dll,-17003
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d02bc3da-0c8e-4945-9bd5-f1883c226c8c}] : (SecurityEnhancer) [] -> @c_fssecurityenhancer.inf,%ClassDesc%;FS Security enhancer filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d421b08e-6d16-41ca-9c4d-9147e5ac98e0}] : (Miracast) [] -> @miradisp.inf,%ClassName%;Miracast display devices
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d48179be-ec20-11d1-b6b8-00c04fa372a7}] : (SBP2) [] -> @%SystemRoot%\System32\SysClass.Dll,-3017
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d546500a-2aeb-45f6-9482-f4b1799c3177}] : (HSM) [] -> @c_fshsm.inf,%ClassDesc%;FS HSM filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d61ca365-5af4-4486-998b-9db4734c6ca3}] : (XnaComposite) [] -> @xusb22.inf,%XUSB22.ClassName%;Xbox 360 Peripherals
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{d94ee5d8-d189-4994-83d2-f68d7d41b0e6}] : (SecurityDevices) [] -> @%SystemRoot%\System32\SysClass.Dll,-3020
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{db4f6ddd-9c0e-45e4-9597-78dbbad0f412}] : (SmartCardFilter) [] -> @%SystemRoot%\System32\SysClass.DLL,-3032
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{E004269C-D387-4461-B955-25A64CFE23CE}] : (amdkmdag) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e0cbf06c-cd8b-4647-bb8a-263b43f0f974}] : (Bluetooth) [] -> @%SystemRoot%\system32\bthci.dll,-4001
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e2f84ce7-8efa-411c-aa69-97454ca4cb57}] : (Extension) [] -> @c_extension.inf,%ClassDesc%;Extensions
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{e55fa6f9-128c-4d04-abab-630c74b1453a}] : (Infrastructure) [] -> @c_fsinfrastructure.inf,%ClassDesc%;FS Infrastructure filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{eec5ad98-8080-425f-922a-dabf3de3f69a}] : (WPD) [] -> @%SystemRoot%\System32\wpd_ci.dll,-101
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f2e7dd72-6468-4e36-b6f1-6488f42c1b52}] : (Firmware) [] -> @c_firmware.inf,%ClassDesc%;Firmware
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f3586baf-b5aa-49b5-8d6c-0569284c639f}] : (Compression) [] -> @c_fscompression.inf,%ClassDesc%;FS Compression filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f72fe0d4-cbcb-407d-8814-9ed673d0dd6b}] : (USB) [] -> @oem28.inf,%ClassName%;ADB Interface
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f75a86c0-10d8-4c3a-b233-ed60e4cdfaac}] : (Virtualization) [] -> @c_fsvirtualization.inf,%ClassDesc%;FS Virtualization filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{f8ecafa6-66d1-41a5-899b-66585d7216b7}] : (OpenFileBackup) [] -> @c_fsopenfilebackup.inf,%ClassDesc%;FS Open file backup filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{FB58BE68-EA9E-4803-847F-2CE814E7B159}] : (aswSP) [] ->
      [HKLM\SYSTEM\CurrentControlSet\Control\Class\{fe8f1572-c67a-48c0-bbac-0b5c6d66cafb}] : (Undelete) [] -> @c_fsundelete.inf,%ClassDesc%;FS Undelete filters
      [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2] -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
      [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5] -> elstrans.dll (Copyright (c) Microsoft Corporation.)
      [HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1] -> ElsLad.dll (Copyright (c) Microsoft Corporation.) ---------- | Loaded modules (whitelist) [16/07/2016 12:45:47] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zamguard64.sys
      [16/07/2016 12:45:48] - (0.0.0.0) - (Zemana Ltd. - ZAM) - C:\Windows\System32\drivers\zam64.sys
      [18/07/2016 13:55:33] - (6.6.0.0) - (Power Software Ltd - PowerISO Virtual Drive) - C:\WINDOWS\System32\Drivers\SCDEmu.SYS
      [03/06/2015 11:23:06] - (0.0.8.1823) - (C-Media Inc - C-Media Audio WDM Driver) - C:\WINDOWS\system32\drivers\cmudaxp.sys
      [17/07/2016 16:11:57] - (3.8.0.0) - (Nicomsoft Ltd. - WINI2C-DDC Kernel Mode Driver) - C:\Windows\system32\drivers\mi2c.sys
      [12/10/2015 16:39:20] - (6.1.865.0) - (Windows (R) Win 7 DDK provider - Paramount Software Image Mounting Driver) - C:\Windows\system32\drivers\psmounterex.sys
      [21/07/2014 13:36:48] - (1.0.0.1) - (Paramount Software UK Ltd - Volume Access driver) - C:\WINDOWS\System32\Drivers\PSVolAcc.SYS ---------- | LoadOrderGroup Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
      Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
      Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
      Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
      Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
      Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
      Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
      Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
      Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
      Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
      Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
      Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
      Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
      Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
      Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
      Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
      Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
      Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
      Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
      Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
      Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
      Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
      Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
      Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
      Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
      Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
      Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
      Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
      Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
      Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
      Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
      Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
      Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
      Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
      Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
      Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
      Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
      Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
      Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
      Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
      Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
      Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
      Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
      Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
      Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
      Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
      Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
      Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 48 - Status: OK
      Name: AudioGroup - DriverEnabled: True - GroupOrder: 49 - Status: OK
      Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
      Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
      Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
      Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
      Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
      Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
      Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
      Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
      Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
      Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
      Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
      Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
      Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
      Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
      Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
      Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
      Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
      Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
      Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
      Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
      Name: Core - DriverEnabled: False - GroupOrder: 70 - Status: OK
      Name: Network - DriverEnabled: False - GroupOrder: 71 - Status: OK
      Name: PnP Filter - DriverEnabled: False - GroupOrder: 72 - Status: OK
      Name: Core Security Extensions - DriverEnabled: False - GroupOrder: 73 - Status: OK
      Name: NetworkService - DriverEnabled: False - GroupOrder: 74 - Status: OK
      Name: _Early-Launch - DriverEnabled: False - GroupOrder: 75 - Status: OK
      Name: LocalService - DriverEnabled: False - GroupOrder: 76 - Status: OK ---------- | LoadOrderGroupServiceDependencies LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
      LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs" ---------- | LoadOrderGroupServiceMembers LoadOrderGroup.Name="Event log" - Service.Name="AMD External Events Utility"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
      LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
      LoadOrderGroup.Name="AudioGroup" - Service.Name="Audiosrv"
      LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="avast! Antivirus"
      LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
      LoadOrderGroup.Name="COM Infrastructure" - Service.Name="BrokerInfrastructure"
      LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="CscService"
      LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
      LoadOrderGroup.Name="PlugPlay" - Service.Name="DeviceInstall"
      LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
      LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
      LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
      LoadOrderGroup.Name="Event Log" - Service.Name="EventLog"
      LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
      LoadOrderGroup.Name="TDI" - Service.Name="icssvc"
      LoadOrderGroup.Name="TDI" - Service.Name="irmon"
      LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
      LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
      LoadOrderGroup.Name="COM Infrastructure" - Service.Name="LSM"
      LoadOrderGroup.Name="NetworkService" - Service.Name="MapsBroker"
      LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
      LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
      LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
      LoadOrderGroup.Name="Cryptography" - Service.Name="NgcCtnrSvc"
      LoadOrderGroup.Name="Cryptography" - Service.Name="NgcSvc"
      LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
      LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
      LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
      LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
      LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
      LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
      LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
      LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
      LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
      LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
      LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
      LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="UevAgentService"
      LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
      LoadOrderGroup.Name="TDI" - Service.Name="Wcmsvc"
      LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
      LoadOrderGroup.Name="TDI" - Service.Name="WlanSvc"
      LoadOrderGroup.Name="LocalService" - Service.Name="workfolderssvc"
      LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
      LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="3ware"
      LoadOrderGroup.Name="Core" - SystemDriver.Name="ACPI"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AcpiDev"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="acpiex"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="acpitime"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ADP80XX"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
      LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdag"
      LoadOrderGroup.Name="Video" - SystemDriver.Name="amdkmdap"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsbs"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
      LoadOrderGroup.Name="FSFilter HSM" - SystemDriver.Name="AppvStrm"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AppvVemgr"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="AppvVfs"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
      LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="aswMonFlt"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="aswRdr"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="aswRvrt"
      LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="aswSnx"
      LoadOrderGroup.Name="FSFilter Security Enhancer" - SystemDriver.Name="aswSP"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="aswStm"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="aswVmm"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="b06bdrv"
      LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicDisplay"
      LoadOrderGroup.Name="Video" - SystemDriver.Name="BasicRender"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="bcmfn2"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthAvrcpTg"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="BthHFEnum"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
      LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="cht4iscsi"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cht4vbd"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
      LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
      LoadOrderGroup.Name="base" - SystemDriver.Name="clreg"
      LoadOrderGroup.Name="Core" - SystemDriver.Name="CNG"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="cnghwassist"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="condrv"
      LoadOrderGroup.Name="network" - SystemDriver.Name="CSC"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="Dfsc"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="dg_ssudbus"
      LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="e1iexpress"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="ebdrv"
      LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorClass"
      LoadOrderGroup.Name="SCSI Class" - SystemDriver.Name="EhStorTcgDrv"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
      LoadOrderGroup.Name="FSFilter Encryption" - SystemDriver.Name="FileCrypt"
      LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
      LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
      LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="FsDepends"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="genericusbfn"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="GPIOClx0101"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
      LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidi2c"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hidinterrupt"
      LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
      LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hvservice"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hyperkbd"
      LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="iai2c"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSS2i_GPIO2"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSS2i_I2C"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="iaLPSSi_GPIO"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="iaLPSSi_I2C"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="iaStorAV"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="ibbus"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="IndirectKmd"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
      LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="intelpep"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="iorate"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="irda"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="kdnic"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
      LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
      LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2i"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS3i"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SSS"
      LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas2i"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasr"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MEIx64"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="mlx4_bus"
      LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
      LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsBridge"
      LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="msgpiowin32"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidumdf"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="MsLldp"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="MsSecFlt"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="mvumis"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
      LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ndfltr"
      LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisTapi"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="ndiswanlegacy"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ndproxy"
      LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
      LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="NTFS"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
      LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
      LoadOrderGroup.Name="System Reserved" - SystemDriver.Name="pcw"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pdc"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas2i"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="percsas3i"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="PSVolAcc"
      LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="ReFSv1"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Revoflt"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
      LoadOrderGroup.Name="Video" - SystemDriver.Name="s3cap"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="sdbus"
      LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
      LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
      LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="spaceport"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
      LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="storahci"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="storflt"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stornvme"
      LoadOrderGroup.Name="FSFilter Quota Management" - SystemDriver.Name="storqosflt"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="storvsc"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="swenum"
      LoadOrderGroup.Name="Video Init" - SystemDriver.Name="Synth3dVsc"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="terminpt"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="TPM"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="tsusbhub"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmCx0101"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UcmTcpciCx0101"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="Ucx01000"
      LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
      LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="UevAgentDriver"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Ufx01000"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="UfxChipidea"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="ufxsynopsys"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsChipidea"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="UrsCx01000"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="UrsSynopsys"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="USBHUB3"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
      LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
      LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
      LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="VerifierExt"
      LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="vhf"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vmbus"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="VMBusHID"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
      LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="vpci"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
      LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="VSTXRAID"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarp"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="wanarpv6"
      LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="wcifs"
      LoadOrderGroup.Name="FSFilter Top" - SystemDriver.Name="wcnfs"
      LoadOrderGroup.Name="_Early-Launch" - SystemDriver.Name="WdBoot"
      LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
      LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="WdFilter"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="WFPLWFS"
      LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
      LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRT"
      LoadOrderGroup.Name="Core Security Extensions" - SystemDriver.Name="WindowsTrustedRTProxy"
      LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinMad"
      LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="WinVerbs"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
      LoadOrderGroup.Name="FSFilter Compression" - SystemDriver.Name="Wof"
      LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="WpdUpFltr"
      LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WSDPrintDevice"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="WSDScan"
      LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"
      LoadOrderGroup.Name="base" - SystemDriver.Name="WUDFRd"
      LoadOrderGroup.Name="NDIS" - SystemDriver.Name="xboxgip"
      LoadOrderGroup.Name="Base" - SystemDriver.Name="xinputhid"
      LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="XtuAcpiDriver"
      LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="MBAMSwissArmy" ---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service S0 - [Kernel Driver] - 3ware () -> System32\drivers\3ware.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - ACPI (@acpi.inf,%ACPI.SvcDesc%;Microsoft ACPI Driver) -> System32\drivers\ACPI.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - acpiex (Microsoft ACPIEx Driver) -> System32\Drivers\acpiex.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - ADP80XX () -> System32\drivers\ADP80XX.SYS - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - amdsata () -> System32\drivers\amdsata.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - amdsbs () -> System32\drivers\amdsbs.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - amdxata () -> System32\drivers\amdxata.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - arcsas (@arcsas.inf,%arcsas_ServiceName%;Adaptec SAS/SATA-II RAID Storport's Miniport Driver) -> System32\drivers\arcsas.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - aswRvrt (avast! Revert) -> (?) - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - aswVmm (avast! VM Monitor) -> (?) - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - atapi (@mshdc.inf,%idechannel.DeviceDesc%;IDE Channel) -> System32\drivers\atapi.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - b06bdrv (@netbvbda.inf,%vbd_srv_desc%;QLogic Network Adapter VBD) -> System32\drivers\bxvbda.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - CLFS (@%SystemRoot%\system32\drivers\clfs.sys,-100) -> System32\drivers\CLFS.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - CNG () -> System32\Drivers\cng.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - disk (@disk.inf,%disk_ServiceDesc%;Disk Driver) -> System32\drivers\disk.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - ebdrv (@netevbda.inf,%vbd_srv_desc%;QLogic 10 Gigabit Ethernet Adapter VBD) -> System32\drivers\evbda.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - EhStorClass (@%SystemRoot%\system32\drivers\EhStorClass.sys,-100) -> System32\drivers\EhStorClass.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - EhStorTcgDrv (@EhStorTcgDrv.inf,%EhStorTcgDrv.Desc%;Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols) -> System32\drivers\EhStorTcgDrv.sys - AcceptPause: False - AcceptStop: False
      R0 - [File System Driver] - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> System32\drivers\fileinfo.sys - AcceptPause: False - AcceptStop: True
      R0 - [File System Driver] - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - HpSAMD () -> System32\drivers\HpSAMD.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - iaStorAV (@iastorav.inf,%iaStorAV.DeviceDesc%;Intel(R) SATA RAID Controller Windows) -> System32\drivers\iaStorAV.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - iaStorV (@iastorv.inf,%*PNP0600.DeviceDesc%;Intel RAID Controller Windows 7) -> System32\drivers\iaStorV.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - intelide () -> System32\drivers\intelide.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - intelpep (@intelpep.inf,%INTELPEP.SVCDESC%;Intel(R) Power Engine Plug-in Driver) -> System32\drivers\intelpep.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - iorate (@%SystemRoot%\system32\drivers\iorate.sys,-100) -> system32\drivers\iorate.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - isapnp () -> System32\drivers\isapnp.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - KSecDD () -> System32\Drivers\ksecdd.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - KSecPkg () -> System32\Drivers\ksecpkg.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - LSI_SAS () -> System32\drivers\lsi_sas.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - LSI_SAS2i () -> System32\drivers\lsi_sas2i.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - LSI_SAS3i () -> System32\drivers\lsi_sas3i.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - LSI_SSS () -> System32\drivers\lsi_sss.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - megasas () -> System32\drivers\megasas.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - megasas2i () -> System32\drivers\MegaSas2i.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - megasr () -> System32\drivers\megasr.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - msisadrv () -> System32\drivers\msisadrv.sys - AcceptPause: False - AcceptStop: True
      R0 - [File System Driver] - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - mvumis () -> System32\drivers\mvumis.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - nvraid () -> System32\drivers\nvraid.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - nvstor () -> System32\drivers\nvstor.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - pci (@pci.inf,%pci_svcdesc%;PCI Bus Driver) -> System32\drivers\pci.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - pciide () -> System32\drivers\pciide.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - pcmcia () -> System32\drivers\pcmcia.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - pdc (@%SystemRoot%\system32\drivers\pdc.sys,-100) -> system32\drivers\pdc.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - percsas2i () -> System32\drivers\percsas2i.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - percsas3i () -> System32\drivers\percsas3i.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - sbp2port (@sbp2.inf,%sbp2_ServiceDesc%;SBP-2 Transport/Protocol Bus Driver) -> System32\drivers\sbp2port.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - scmbus (@scmbus.inf,%scmbus.SvcDesc%;Microsoft Storage Class Memory Bus Driver) -> System32\drivers\scmbus.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - SiSRaid2 () -> System32\drivers\SiSRaid2.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - SiSRaid4 () -> System32\drivers\sisraid4.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - spaceport (@spaceport.inf,%Spaceport_ServiceDesc%;Storage Spaces Driver) -> System32\drivers\spaceport.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - stexstor () -> System32\drivers\stexstor.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - storahci (@mshdc.inf,%storahci_ServiceDescription%;Microsoft Standard SATA AHCI Driver) -> System32\drivers\storahci.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - storflt (@wstorflt.inf,%service_desc%;Microsoft Hyper-V Storage Accelerator) -> System32\drivers\vmstorfl.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - stornvme (@stornvme.inf,%StorNVMe_ServiceDesc%;Microsoft Standard NVM Express Driver) -> System32\drivers\stornvme.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - storufs (@storufs.inf,%UfsServiceDesc%;Microsoft Universal Flash Storage (UFS) Driver) -> System32\drivers\storufs.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - storvsc () -> System32\drivers\storvsc.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - vdrvroot (@vdrvroot.inf,%vdrvroot_svcdesc%;Microsoft Virtual Drive Enumerator) -> System32\drivers\vdrvroot.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - vmbus (@wvmbus.inf,%vmbus.SVCDESC%;Virtual Machine Bus) -> System32\drivers\vmbus.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - volmgr (@volmgr.inf,%volmgr_svcdesc%;Volume Manager Driver) -> System32\drivers\volmgr.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - volsnap (@%SystemRoot%\system32\drivers\volsnap.sys,-100) -> System32\drivers\volsnap.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - volume (@volume.inf,%VolumeServiceDesc%;Volume driver) -> System32\drivers\volume.sys - AcceptPause: False - AcceptStop: True
      S0 - [Kernel Driver] - vsmraid () -> System32\drivers\vsmraid.sys - AcceptPause: False - AcceptStop: False
      S0 - [Kernel Driver] - VSTXRAID (@vstxraid.inf,%Driver.DeviceDesc%;VIA StorX Storage RAID Controller Windows Driver) -> System32\drivers\vstxraid.sys - AcceptPause: False - AcceptStop: False
      R0 - [Kernel Driver] - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - WFPLWFS (@%SystemRoot%\System32\drivers\wfplwfs.sys,-6000) -> System32\drivers\wfplwfs.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - WindowsTrustedRT (Windows Trusted Execution Environment Class Extension) -> system32\drivers\WindowsTrustedRT.sys - AcceptPause: False - AcceptStop: True
      R0 - [Kernel Driver] - WindowsTrustedRTProxy (@WindowsTrustedRTProxy.inf,%WindowsTrustedRTProxy.SVCDESC%;Microsoft Windows Trusted Runtime Secure Service) -> System32\drivers\WindowsTrustedRTProxy.sys - AcceptPause: False - AcceptStop: True
      R0 - [File System Driver] - Wof (Windows Overlay File System Filter Driver) -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - ahcache (@%systemroot%\system32\drivers\ahcache.sys,-102) -> system32\DRIVERS\ahcache.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - aswRdr (aswRdr) -> \SystemRoot\system32\drivers\aswRdr2.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - aswSnx (aswSnx) -> \SystemRoot\system32\drivers\aswSnx.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - aswSP (aswSP) -> \SystemRoot\system32\drivers\aswSP.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - BasicDisplay () -> \SystemRoot\System32\drivers\BasicDisplay.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - BasicRender () -> \SystemRoot\System32\drivers\BasicRender.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - Beep (Beep) -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - cdrom (@cdrom.inf,%cdrom_ServiceDesc%;CD-ROM Driver) -> \SystemRoot\System32\drivers\cdrom.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - CSC (@%systemroot%\system32\cscsvc.dll,-202) -> system32\drivers\csc.sys - AcceptPause: False - AcceptStop: True
      S1 - [Kernel Driver] - dam (@%SystemRoot%\system32\drivers\dam.sys,-100) -> system32\drivers\dam.sys - AcceptPause: False - AcceptStop: False
      R1 - [File System Driver] - Dfsc (@%systemroot%\system32\wkssvc.dll,-1008) -> System32\Drivers\dfsc.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - FileCrypt (@%systemroot%\system32\drivers\filecrypt.sys,-100) -> system32\drivers\filecrypt.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - GpuEnergyDrv (@%SystemRoot%\system32\drivers\gpuenergydrv.sys,-100) -> System32\drivers\gpuenergydrv.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - Msfs () -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - mssmbios (@mssmbios.inf,%mssmbios_svcdesc%;Microsoft System Management BIOS Driver) -> \SystemRoot\System32\drivers\mssmbios.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - NetBIOS (@%windir%\system32\drivers\netbios.sys,-503) -> system32\drivers\netbios.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - Npfs () -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - npsvctrig (@npsvctrig.inf,%NPSVCTRIG.SvcDisplayName%;Named pipe service trigger provider) -> \SystemRoot\System32\drivers\npsvctrig.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - Null () -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - Psched (@%windir%\System32\drivers\pacer.sys,-101) -> System32\drivers\pacer.sys - AcceptPause: False - AcceptStop: True
      R1 - [File System Driver] - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - SCDEmu (SCDEmu) -> (?) - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> \SystemRoot\system32\DRIVERS\tdx.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - vwififlt (@%SystemRoot%\System32\drivers\vwififlt.sys,-259) -> System32\drivers\vwififlt.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - ZAM (ZAM Helper Driver) -> \??\C:\Windows\System32\drivers\zam64.sys - AcceptPause: False - AcceptStop: True
      R1 - [Kernel Driver] - ZAM_Guard (ZAM Guard Driver) -> \??\C:\Windows\System32\drivers\zamguard64.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - aswMonFlt (aswMonFlt) -> \SystemRoot\system32\drivers\aswMonFlt.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - aswStm (aswStm) -> \SystemRoot\system32\drivers\aswStm.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - clreg (@%SystemRoot%\system32\drivers\registry.sys,-100) -> \SystemRoot\System32\drivers\registry.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - lltdio (@%SystemRoot%\system32\lltdres.dll,-6) -> system32\drivers\lltdio.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - mi2c (mi2c) -> \??\C:\Windows\system32\drivers\mi2c.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - MMCSS (@%systemroot%\system32\drivers\mmcss.sys,-100) -> \SystemRoot\system32\drivers\mmcss.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - MsLldp (@%SystemRoot%\system32\drivers\mslldp.sys,-200) -> system32\drivers\mslldp.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - Ndu (@%SystemRoot%\system32\drivers\Ndu.sys,-10001) -> system32\drivers\Ndu.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - rspndr (@%SystemRoot%\system32\lltdres.dll,-5) -> system32\drivers\rspndr.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - storqosflt (@%SystemRoot%\System32\drivers\storqosflt.sys,-101) -> system32\drivers\storqosflt.sys - AcceptPause: False - AcceptStop: True
      R2 - [Kernel Driver] - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - wcifs (@%systemroot%\system32\drivers\wcifs.sys,-100) -> \SystemRoot\system32\drivers\wcifs.sys - AcceptPause: False - AcceptStop: True
      R2 - [File System Driver] - wcnfs (@%systemroot%\system32\drivers\wcnfs.sys,-100) -> \SystemRoot\system32\drivers\wcnfs.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - 1394ohci (@1394.inf,%PCI\CC_0C0010.DeviceDesc%;1394 OHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\1394ohci.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - AcpiDev (@acpidev.inf,%AcpiDev.SvcDesc%;ACPI Devices driver) -> \SystemRoot\System32\drivers\AcpiDev.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - acpipagr (@acpipagr.inf,%SvcDesc%;ACPI Processor Aggregator Driver) -> \SystemRoot\System32\drivers\acpipagr.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - AcpiPmi (@acpipmi.inf,%AcpiPmi.SvcDesc%;ACPI Power Meter Driver) -> \SystemRoot\System32\drivers\acpipmi.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - acpitime (@acpitime.inf,%AcpiTime.SvcDesc%;ACPI Wake Alarm Driver) -> \SystemRoot\System32\drivers\acpitime.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - AmdK8 (@cpu.inf,%AmdK8.SvcDesc%;AMD K8 Processor Driver) -> \SystemRoot\System32\drivers\amdk8.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - amdkmdag () -> \SystemRoot\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmdag.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - amdkmdap () -> \SystemRoot\System32\DriverStore\FileRepository\c0307259.inf_amd64_e75a0a5e82450920\atikmpag.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - AmdPPM (@cpu.inf,%AmdPPM.SvcDesc%;AMD Processor Driver) -> \SystemRoot\System32\drivers\amdppm.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - AppID (@%systemroot%\system32\srpapi.dll,-100) -> system32\drivers\appid.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - applockerfltr (@%systemroot%\system32\srpapi.dll,-102) -> system32\drivers\applockerfltr.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - AppvStrm (@%systemroot%\system32\drivers\AppvStrm.sys,-101) -> \SystemRoot\system32\drivers\AppvStrm.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - AppvVemgr (@%systemroot%\system32\drivers\AppvVemgr.sys,-101) -> \SystemRoot\system32\drivers\AppvVemgr.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - AppvVfs (@%systemroot%\system32\drivers\AppvVfs.sys,-101) -> \SystemRoot\system32\drivers\AppvVfs.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - aswHwid (avast! HardwareID) -> \SystemRoot\system32\drivers\aswHwid.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - AsyncMac (@%systemroot%\system32\mprmsg.dll,-32000) -> \SystemRoot\System32\drivers\asyncmac.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - AtiHDAudioService (@oem11.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service) -> \SystemRoot\system32\drivers\AtihdWT6.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - bcmfn (@bcmfn.inf,%bcmfn.SVCDESC%;bcmfn Service) -> \SystemRoot\System32\drivers\bcmfn.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - bcmfn2 (@bcmfn2.inf,%bcmfn2.SVCDESC%;bcmfn2 Service) -> \SystemRoot\System32\drivers\bcmfn2.sys - AcceptPause: False - AcceptStop: False
      R3 - [File System Driver] - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - BthAvrcpTg (@bthaudhid.inf,%BthAvrcpTg_SvcDesc%;Bluetooth Audio/Video Remote Control HID) -> \SystemRoot\System32\drivers\BthAvrcpTg.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - BthHFEnum (@bthhfenum.inf,%BthHFEnum.SVCDESC%;Bluetooth Hands-Free Audio and Call Control HID Enumerator) -> \SystemRoot\System32\drivers\bthhfenum.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - bthhfhid (@bthaudhid.inf,%BthAudioHFHid.SVCDESC%;Bluetooth Hands-Free Call Control HID) -> \SystemRoot\System32\drivers\BthHFHid.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - BTHMODEM (@mdmbtmdm.inf,%BthModem.DisplayName%;Bluetooth Modem Communications Driver) -> \SystemRoot\System32\drivers\bthmodem.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - buttonconverter (@buttonconverter.inf,%btnconv.SvcDesc%;Service for Portable Device Control devices) -> \SystemRoot\System32\drivers\buttonconverter.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - CapImg (@capimg.inf,%CapImgHid_Service%;HID driver for CapImg touch screen) -> \SystemRoot\System32\drivers\capimg.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - cht4iscsi () -> System32\drivers\cht4sx64.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - cht4vbd (@cht4vx64.inf,%cht4vbd.generic%;Chelsio Virtual Bus Driver) -> \SystemRoot\System32\drivers\cht4vx64.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - circlass (@circlass.inf,%circlass.SVCDESC%;Consumer IR Devices) -> \SystemRoot\System32\drivers\circlass.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - CmBatt (@cmbatt.inf,%CmBatt.SvcDesc%;Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\System32\drivers\CmBatt.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - cmudaxp (@oem8.inf,%CMUDA.SvcDesc%;ASUS Xonar Essence STX Audio Interface) -> \SystemRoot\system32\drivers\cmudaxp.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - CompositeBus (@compositebus.inf,%CompositeBus.SVCDESC%;Composite Bus Enumerator Driver) -> \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - condrv (Console Driver) -> System32\drivers\condrv.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - dg_ssudbus (@oem0.inf,%ssud.Service.DeviceDesc%;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudbus.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - dmvsc () -> \SystemRoot\System32\drivers\dmvsc.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - drmkaud (@wdmaudio.inf,%drmkaud.SvcDesc%;Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\DRIVERS\drmkaud.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - e1iexpress (@net1ic64.inf,%e1iExpress.Service.DispName%;Intel(R) PRO/1000 PCI Express Network Connection Driver I) -> \SystemRoot\System32\drivers\e1i63x64.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - ErrDev (@errdev.inf,%ERRDEV.SvcDesc%;Microsoft Hardware Error Device Driver) -> \SystemRoot\System32\drivers\errdev.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - exfat (exFAT File System Driver) -> (?) - AcceptPause: False - AcceptStop: False
      R3 - [File System Driver] - fastfat (FAT12/16/32 File System Driver) -> (?) - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - fdc (@fdc.inf,%fdc_ServiceDesc%;Floppy Disk Controller Driver) -> \SystemRoot\System32\drivers\fdc.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - flpydisk (@flpydisk.inf,%floppy_ServiceDesc%;Floppy Disk Driver) -> \SystemRoot\System32\drivers\flpydisk.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - gencounter (@wgencounter.inf,%GenCounter.SVCDESC%;Microsoft Hyper-V Generation Counter) -> \SystemRoot\System32\drivers\vmgencounter.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - genericusbfn (@genericusbfn.inf,%genericusbfn.ServiceName%;Generic USB Function Class) -> \SystemRoot\System32\drivers\genericusbfn.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - GPIOClx0101 (Microsoft GPIO Class Extension Driver) -> System32\Drivers\msgpioclx.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - HDAudBus (@hdaudbus.inf,%HDAudBus.SVCDESC%;Microsoft UAA Bus Driver for High Definition Audio) -> \SystemRoot\System32\drivers\HDAudBus.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - HidBatt (@hidbatt.inf,%HidBatt.SvcDesc%;HID UPS Battery Driver) -> \SystemRoot\System32\drivers\HidBatt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - HidBth (@hidbth.inf,%HIDBTH.SvcDesc%;Microsoft Bluetooth HID Miniport) -> \SystemRoot\System32\drivers\hidbth.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - hidi2c (@hidi2c.inf,%hidi2c.SVCDESC%;Microsoft I2C HID Miniport Driver) -> \SystemRoot\System32\drivers\hidi2c.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - hidinterrupt (@hidinterrupt.inf,%HID_Interrupt.SvcDesc%;Common Driver for HID Buttons implemented with interrupts) -> \SystemRoot\System32\drivers\hidinterrupt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - HidIr (@hidir.inf,%HIDIR.SvcDesc%;Microsoft Infrared HID Driver) -> \SystemRoot\System32\drivers\hidir.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - HidUsb (@input.inf,%HID.SvcDesc%;Microsoft HID Class Driver) -> \SystemRoot\System32\drivers\hidusb.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - hvservice (@%SystemRoot%\system32\drivers\hvservice.sys,-16) -> system32\drivers\hvservice.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - hyperkbd () -> \SystemRoot\System32\drivers\hyperkbd.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - i8042prt (@keyboard.inf,%i8042prt.SvcDesc%;i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\System32\drivers\i8042prt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iagpio (@iagpio.inf,%iagpio.SVCDESC%;Intel Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iagpio.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iai2c (@iai2c.inf,%iai2c.SVCDESC%;Intel(R) Serial IO I2C Host Controller) -> \SystemRoot\System32\drivers\iai2c.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iaLPSS2i_GPIO2 (@iaLPSS2i_GPIO2_SKL.inf,%iaLPSS2i_GPIO2.SVCDESC%;Intel(R) Serial IO GPIO Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_GPIO2.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iaLPSS2i_I2C (@iaLPSS2i_I2C_SKL.inf,%iaLPSS2i_I2C.SVCDESC%;Intel(R) Serial IO I2C Driver v2) -> \SystemRoot\System32\drivers\iaLPSS2i_I2C.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iaLPSSi_GPIO (@ialpssi_gpio.inf,%iaLPSSi_GPIO.SVCDESC%;Intel(R) Serial IO GPIO Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_GPIO.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iaLPSSi_I2C (@ialpssi_i2c.inf,%iaLPSSi_I2C.SVCDESC%;Intel(R) Serial IO I2C Controller Driver) -> \SystemRoot\System32\drivers\iaLPSSi_I2C.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - ibbus (@mlx4_bus.inf,%Ibbus.ServiceDesc%;Mellanox InfiniBand Bus/AL (Filter Driver)) -> \SystemRoot\System32\drivers\ibbus.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - IndirectKmd (@%SystemRoot%\system32\drivers\IndirectKmd.sys,-100) -> \SystemRoot\System32\drivers\IndirectKmd.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - intelppm (@cpu.inf,%IntelPPM.SvcDesc%;Intel Processor Driver) -> \SystemRoot\System32\drivers\intelppm.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - IpFilterDriver (@%systemroot%\system32\mprmsg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - IPMIDRV () -> \SystemRoot\System32\drivers\IPMIDrv.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - irda (IrDA) -> \SystemRoot\system32\drivers\irda.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - iScsiPrt (@iscsi.inf,%iScsiPortName%;iScsiPort Driver) -> \SystemRoot\System32\drivers\msiscsi.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - kbdclass (@keyboard.inf,%kbdclass.SvcDesc%;Keyboard Class Driver) -> \SystemRoot\System32\drivers\kbdclass.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - kbdhid (@keyboard.inf,%KBDHID.SvcDesc%;Keyboard HID Driver) -> \SystemRoot\System32\drivers\kbdhid.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - kdnic (@kdnic.inf,%KdNic.Service.DispName%;Microsoft Kernel Debug Network Miniport (NDIS 6.20)) -> \SystemRoot\System32\drivers\kdnic.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - lvrs64 (@oem20.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver) -> \SystemRoot\system32\DRIVERS\lvrs64.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - LVUVC64 (@oem18.inf,%PID_0825_DD%(UVC);Logitech HD Webcam C270(UVC)) -> \SystemRoot\system32\DRIVERS\lvuvc64.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - MEIx64 (@oem21.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface) -> \SystemRoot\System32\drivers\TeeDriverW8x64.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - mlx4_bus (@mlx4_bus.inf,%MLX4BUS.ServiceDesc%;Mellanox ConnectX Bus Enumerator) -> \SystemRoot\System32\drivers\mlx4_bus.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Modem () -> system32\drivers\modem.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - monitor (@oem3.inf,%Monitor.SVCDESC%;Microsoft Monitor Class Function Driver Service) -> \SystemRoot\System32\drivers\monitor.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - mouclass (@msmouse.inf,%mouclass.SvcDesc%;Mouse Class Driver) -> \SystemRoot\System32\drivers\mouclass.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - mouhid (@msmouse.inf,%MOUHID.SvcDesc%;Mouse HID Driver) -> \SystemRoot\System32\drivers\mouhid.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - mpsdrv (@%SystemRoot%\system32\drivers\mpsdrv.sys,-23092) -> System32\drivers\mpsdrv.sys - AcceptPause: False - AcceptStop: True
      S3 - [File System Driver] - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys - AcceptPause: False - AcceptStop: False
      R3 - [File System Driver] - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys - AcceptPause: False - AcceptStop: True
      R3 - [File System Driver] - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - MsBridge (@%SystemRoot%\system32\bridgeres.dll,-1) -> System32\drivers\bridge.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - msgpiowin32 (@msgpiowin32.inf,%GPIO.SvcDesc%;Common Driver for Buttons, DockMode and Laptop/Slate Indicator) -> \SystemRoot\System32\drivers\msgpiowin32.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - mshidumdf (@%SystemRoot%\system32\drivers\mshidumdf.sys,-100) -> \SystemRoot\System32\drivers\mshidumdf.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MSKSSRV (@ksfilter.inf,%MSKSSRV.DeviceDesc%;Microsoft Streaming Service Proxy) -> \SystemRoot\system32\DRIVERS\MSKSSRV.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MSPCLOCK (@ksfilter.inf,%MSPCLOCK.DeviceDesc%;Microsoft Streaming Clock Proxy) -> \SystemRoot\system32\DRIVERS\MSPCLOCK.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MSPQM (@ksfilter.inf,%MSPQM.DeviceDesc%;Microsoft Streaming Quality Manager Proxy) -> \SystemRoot\system32\DRIVERS\MSPQM.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MsRPC () -> (?) - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - MsSecFlt (@%SystemRoot%\System32\Drivers\mssecflt.sys,-1001) -> system32\drivers\mssecflt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MSTEE (@ksfilter.inf,%MSTEE.DeviceDesc%;Microsoft Streaming Tee/Sink-to-Sink Converter) -> \SystemRoot\system32\DRIVERS\MSTEE.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - MTConfig (@mtconfig.inf,%MTConfig.SVCDESC%;Microsoft Input Configuration Driver) -> \SystemRoot\System32\drivers\MTConfig.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - NativeWifiP (@%SystemRoot%\System32\drivers\nwifi.sys,-101) -> system32\DRIVERS\nwifi.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - ndfltr (@mlx4_bus.inf,%ndfltr.ServiceDesc%;NetworkDirect Service) -> \SystemRoot\System32\drivers\ndfltr.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - NdisCap (@%SystemRoot%\System32\drivers\ndiscap.sys,-5000) -> System32\drivers\ndiscap.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - NdisImPlatform (@%SystemRoot%\System32\drivers\ndisimplatform.sys,-501) -> System32\drivers\NdisImPlatform.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - NdisTapi (@%systemroot%\system32\mprmsg.dll,-32001) -> System32\DRIVERS\ndistapi.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Ndisuio (NDIS Usermode I/O Protocol) -> system32\drivers\ndisuio.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - NdisVirtualBus (@%SystemRoot%\System32\drivers\NdisVirtualBus.sys,-200) -> \SystemRoot\System32\drivers\NdisVirtualBus.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - NdisWan (@%systemroot%\system32\mprmsg.dll,-32002) -> \SystemRoot\System32\drivers\ndiswan.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - ndiswanlegacy (@%systemroot%\system32\mprmsg.dll,-32014) -> System32\DRIVERS\ndiswan.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - ndproxy (@%SystemRoot%\system32\drivers\todo.sys,-101;NDIS Proxy) -> System32\DRIVERS\NDProxy.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - NetAdapterCx (Network Adapter Wdf Class Extension Library) -> system32\drivers\NetAdapterCx.sys - AcceptPause: False - AcceptStop: False
      R3 - [File System Driver] - NTFS () -> (?) - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - Parport (@msports.inf,%Parport.SVCDESC%;Parallel port driver) -> \SystemRoot\System32\drivers\parport.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - PptpMiniport (@%systemroot%\system32\mprmsg.dll,-32006) -> \SystemRoot\System32\drivers\raspptp.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Processor (@cpu.inf,%Processor.SvcDesc%;Processor Driver) -> \SystemRoot\System32\drivers\processr.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - PSMounterEx (Macrium Reflect Image Explorer Driver) -> \??\C:\Windows\system32\drivers\psmounterex.sys - AcceptPause: False - AcceptStop: True
      R3 - [File System Driver] - PSVolAcc (PSVolAcc) -> (?) - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - RasAgileVpn (@netavpna.inf,%Svc-Mp-AgileVpn-DispName%;WAN Miniport (IKEv2)) -> \SystemRoot\System32\drivers\AgileVpn.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Rasl2tp (@%systemroot%\system32\mprmsg.dll,-32005) -> \SystemRoot\System32\drivers\rasl2tp.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - RasPppoe (@%systemroot%\system32\mprmsg.dll,-32007) -> System32\DRIVERS\raspppoe.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> \SystemRoot\System32\drivers\rassstp.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - rdpbus (@rdpbus.inf,%rdpbus_svcdesc%;Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\System32\drivers\rdpbus.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - RDPDR (@%SystemRoot%\System32\DRIVERS\rdpdr.sys,-100) -> System32\drivers\rdpdr.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - RdpVideoMiniport (Remote Desktop Video Miniport Driver) -> System32\drivers\rdpvideominiport.sys - AcceptPause: False - AcceptStop: True
      S3 - [File System Driver] - ReFSv1 () -> (?) - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - Revoflt (Revoflt) -> system32\DRIVERS\revoflt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - s3cap () -> \SystemRoot\System32\drivers\vms3cap.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - scmdisk0101 (@scmdisk0101.inf,%scmdisk0101.SvcDesc%;Microsoft NVDIMM-N disk driver) -> \SystemRoot\System32\drivers\scmdisk0101.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - sdbus () -> \SystemRoot\System32\drivers\sdbus.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - sdstor (@sdstor.inf,%sdstor_ServiceDesc%;SD Storage Port Driver) -> \SystemRoot\System32\drivers\sdstor.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - SerCx (Serial UART Support Library) -> system32\drivers\SerCx.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - SerCx2 (Serial UART Support Library) -> system32\drivers\SerCx2.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - Serenum (@msports.inf,%Serenum.SVCDESC%;Serenum Filter Driver) -> \SystemRoot\System32\drivers\serenum.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - Serial (@msports.inf,%Serial.SVCDESC%;Serial port driver) -> \SystemRoot\System32\drivers\serial.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - sermouse (@msmouse.inf,%sermouse.SvcDesc%;Serial Mouse Driver) -> \SystemRoot\System32\drivers\sermouse.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - sfloppy (@flpydisk.inf,%sfloppy_devdesc%;High-Capacity Floppy Disk Drive) -> \SystemRoot\System32\drivers\sfloppy.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - SpbCx (Simple Peripheral Bus Support Library) -> system32\drivers\SpbCx.sys - AcceptPause: False - AcceptStop: False
      R3 - [File System Driver] - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys - AcceptPause: False - AcceptStop: True
      R3 - [File System Driver] - srvnet () -> System32\DRIVERS\srvnet.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - ssudmdm (@oem34.inf,%ssud.Service.Name%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)) -> \SystemRoot\system32\DRIVERS\ssudmdm.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - swenum (@swenum.inf,%SWENUM.SVCDESC%;Software Bus Driver) -> \SystemRoot\System32\drivers\swenum.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - Synth3dVsc () -> \SystemRoot\System32\drivers\Synth3dVsc.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Tcpip6 (@todo.dll,-100;Microsoft IPv6 Protocol Driver) -> System32\drivers\tcpip.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - terminpt (@termmou.inf,%TermInpt.SVCDESC%;Microsoft Remote Desktop Input Driver) -> \SystemRoot\System32\drivers\terminpt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - TPM (@tpm.inf,%TPM%;TPM) -> \SystemRoot\System32\drivers\tpm.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - tsusbflt (@%SystemRoot%\system32\drivers\tsusbflt.sys,-1000) -> System32\drivers\TsUsbFlt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - TsUsbGD (@tsgenericusbdriver.inf,%TsUsbGD.DeviceDesc.Generic%;Remote Desktop Generic USB Device) -> \SystemRoot\System32\drivers\TsUsbGD.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - tsusbhub (@%SystemRoot%\system32\drivers\tsusbhub.sys,-1) -> system32\drivers\tsusbhub.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - tunnel (@nettun.inf,%TUNNEL.Service.DisplayName%;Microsoft Tunnel Miniport Adapter Driver) -> \SystemRoot\System32\drivers\tunnel.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - UASPStor (@uaspstor.inf,%UASPortName%;USB Attached SCSI (UAS) Driver) -> \SystemRoot\System32\drivers\uaspstor.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UcmCx0101 (USB Connector Manager KMDF Class Extension) -> System32\Drivers\UcmCx.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UcmTcpciCx0101 (UCM-TCPCI KMDF Class Extension) -> System32\Drivers\UcmTcpciCx.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UcmUcsi (@UcmUcsi.inf,%UcmUcsi.ServiceName%;USB Connector Manager UCSI Client) -> \SystemRoot\System32\drivers\UcmUcsi.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - Ucx01000 (USB Host Support Library) -> system32\drivers\ucx01000.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - UdeCx (USB Device Emulation Support Library) -> system32\drivers\udecx.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UEFI (@uefi.inf,%UEFI.SvcDesc%;Microsoft UEFI Driver) -> \SystemRoot\System32\drivers\UEFI.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - Ufx01000 (USB Function Class Extension) -> system32\drivers\ufx01000.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UfxChipidea (@ufxchipidea.inf,%UfxChipidea.ServiceName%;USB Chipidea Controller) -> \SystemRoot\System32\drivers\UfxChipidea.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - ufxsynopsys (@ufxsynopsys.inf,%ufxsynopsys.ServiceName%;USB Synopsys Controller) -> \SystemRoot\System32\drivers\ufxsynopsys.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - umbus (@umbus.inf,%umbus.SVCDESC%;UMBus Enumerator Driver) -> \SystemRoot\System32\drivers\umbus.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - UmPass (@umpass.inf,%UmPass.SVCDESC%;Microsoft UMPass Driver) -> \SystemRoot\System32\drivers\umpass.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UrsChipidea (@urschipidea.inf,%UrsChipidea.ServiceName%;Chipidea USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urschipidea.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UrsCx01000 (USB Role-Switch Support Library) -> system32\drivers\urscx01000.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - UrsSynopsys (@urssynopsys.inf,%UrsSynopsys.ServiceName%;Synopsys USB Role-Switch Driver) -> \SystemRoot\System32\drivers\urssynopsys.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - usbaudio (@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM)) -> \SystemRoot\system32\drivers\usbaudio.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - usbccgp (@usb.inf,%GenericParent.SvcDesc%;Microsoft USB Generic Parent Driver) -> \SystemRoot\System32\drivers\usbccgp.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - usbcir (@usbcir.inf,%usbcir.SVCDESC%;eHome Infrared Receiver (USBCIR)) -> \SystemRoot\System32\drivers\usbcir.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - usbehci (@usbport.inf,%EHCIMP.SvcDesc%;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbehci.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - usbhub (@usbport.inf,%ROOTHUB.SvcDesc%;Microsoft USB Standard Hub Driver) -> \SystemRoot\System32\drivers\usbhub.sys - AcceptPause: False - AcceptStop: True
      R3 - [Kernel Driver] - USBHUB3 (@usbhub3.inf,%UsbHub3.SVCDESC%;SuperSpeed Hub) -> \SystemRoot\System32\drivers\UsbHub3.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - usbohci (@usbport.inf,%OHCIMP.SvcDesc%;Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbohci.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - usbprint (@usbprint.inf,%USBPRINT.SvcDesc%;Microsoft USB PRINTER Class) -> \SystemRoot\System32\drivers\usbprint.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - usbser (@usbser.inf,%UsbSerial.DriverDesc%;Microsoft USB Serial Driver) -> \SystemRoot\System32\drivers\usbser.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - USBSTOR (@usbstor.inf,%USBSTOR.SvcDesc%;USB Mass Storage Driver) -> \SystemRoot\System32\drivers\USBSTOR.SYS - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - usbuhci (@usbport.inf,%UHCIMP.SvcDesc%;Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\System32\drivers\usbuhci.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - USBXHCI (@usbxhci.inf,%PCI\CC_0C0330.DeviceDesc%;USB xHCI Compliant Host Controller) -> \SystemRoot\System32\drivers\USBXHCI.SYS - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - VerifierExt (@%SystemRoot%\system32\drivers\VerifierExt.sys,-1000) -> system32\drivers\VerifierExt.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - vhdmp () -> \SystemRoot\System32\drivers\vhdmp.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - vhf (@%SystemRoot%\system32\drivers\vhf.sys,-100) -> \SystemRoot\System32\drivers\vhf.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - VMBusHID () -> \SystemRoot\System32\drivers\VMBusHID.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - vmgid (@wvmgid.inf,%VmGid.SVCDESC%;Microsoft Hyper-V Guest Infrastructure Driver) -> \SystemRoot\System32\drivers\vmgid.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - vpci (@wvpci.inf,%vpci.SVCDESC%;Microsoft Hyper-V Virtual PCI Bus) -> \SystemRoot\System32\drivers\vpci.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - vwifibus (@%SystemRoot%\System32\drivers\vwifibus.sys,-257) -> \SystemRoot\System32\drivers\vwifibus.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WacomPen (@hiddigi.inf,%WacomPen.SVCDESC%;Wacom Serial Pen HID Driver) -> \SystemRoot\System32\drivers\wacompen.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - wanarp (@%systemroot%\system32\mprmsg.dll,-32011) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - wanarpv6 (@%systemroot%\system32\mprmsg.dll,-32012) -> System32\DRIVERS\wanarp.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WdBoot (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-390) -> \SystemRoot\system32\drivers\WdBoot.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - WdFilter (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-330) -> \SystemRoot\system32\drivers\WdFilter.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - wdiwifi (WDI Driver Framework) -> system32\DRIVERS\wdiwifi.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WdNisDrv (@%ProgramFiles%\Windows Defender\MpAsDesc.dll,-370) -> system32\Drivers\WdNisDrv.sys - AcceptPause: False - AcceptStop: False
      S3 - [File System Driver] - WIMMount (@%SystemRoot%\system32\drivers\wimmount.sys,-101) -> system32\drivers\wimmount.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WinMad (@mlx4_bus.inf,%WinMad.ServiceDesc%;WinMad Service) -> \SystemRoot\System32\drivers\winmad.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WINUSB (@winusb.inf,%WINUSB_SvcDesc%;WinUsb Driver) -> \SystemRoot\System32\drivers\WinUSB.SYS - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WinVerbs (@mlx4_bus.inf,%WinVerbs.ServiceDesc%;WinVerbs Service) -> \SystemRoot\System32\drivers\winverbs.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - WmiAcpi (@wmiacpi.inf,%WMIMAP.SvcDesc%;Microsoft Windows Management Interface for ACPI) -> \SystemRoot\System32\drivers\wmiacpi.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - WpdUpFltr (@%systemroot%\System32\drivers\WpdUpFltr.sys,-100) -> System32\drivers\WpdUpFltr.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WSDPrintDevice (@wsdprint.inf,%WSDPrintDevice.SVCDESC%;WSD Print Support) -> \SystemRoot\System32\drivers\WSDPrint.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WSDScan (@sti.inf,%WSDScan.SvcDesc%;WSD Scan Support) -> \SystemRoot\system32\DRIVERS\WSDScan.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys - AcceptPause: False - AcceptStop: True
      S3 - [Kernel Driver] - WUDFRd (@%SystemRoot%\system32\drivers\WudfRd.sys,-1000) -> system32\drivers\WudfRd.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WUDFWpdFs () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - WUDFWpdMtp () -> \SystemRoot\system32\DRIVERS\WUDFRd.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - xboxgip (@xboxgip.inf,%XBOXGIP_Desc%;Xbox Game Input Protocol Driver) -> \SystemRoot\System32\drivers\xboxgip.sys - AcceptPause: False - AcceptStop: False
      S3 - [Kernel Driver] - xinputhid (@xinputhid.inf,%xinputhid.SvcDesc%;XINPUT HID Filter Driver) -> \SystemRoot\System32\drivers\xinputhid.sys - AcceptPause: False - AcceptStop: False
      R3 - [Kernel Driver] - XtuAcpiDriver (@oem32.inf,%XtuAcpiDriver.SVCDESC%;Intel(R) Extreme Tuning Utility Service) -> \SystemRoot\System32\drivers\XtuAcpiDriver.sys - AcceptPause: False - AcceptStop: True
      R3 - [File System Driver] - MBAMSwissArmy (MBAMSwissArmy) -> \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys - AcceptPause: False - AcceptStop: True
      S4 - [File System Driver] - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys - AcceptPause: False - AcceptStop: False
      S4 - [Kernel Driver] - cnghwassist (@%SystemRoot%\system32\drivers\cnghwassist.sys,-100) -> System32\DRIVERS\cnghwassist.sys - AcceptPause: False - AcceptStop: False
      S4 - [File System Driver] - udfs (udfs) -> system32\DRIVERS\udfs.sys - AcceptPause: False - AcceptStop: False
      S4 - [File System Driver] - UevAgentDriver (@%systemroot%\system32\drivers\UevAgentDriver.sys,-101) -> \SystemRoot\system32\drivers\UevAgentDriver.sys - AcceptPause: False - AcceptStop: False
      S4 - [Kernel Driver] - ws2ifsl (@%systemroot%\System32\drivers\ws2ifsl.sys,-1000) -> \SystemRoot\system32\drivers\ws2ifsl.sys - AcceptPause: False - AcceptStop: False ---------- | System files (Microsoft Files whitelisted) [MD5.EE1CCC54F75C24727A218F98FC5349DA] - [16/07/2016 22:41:53] - (.Copyright (c) 2011 LSI - LSI 3ware SCSI Storport Driver.) - [104.84 Ko] - (5.1.0.51) - C:\WINDOWS\System32\Drivers\3ware.sys
      [MD5.49B9DB97AFC85DCCBDACDAB2E90085B7] - [16/07/2016 22:41:53] - (.Copyright (C) PMC-Sierra 2001-2014 - PMC-Sierra Storport  Driver For SPC8x6G SAS/SATA controller.) - [1108.84 Ko] - (1.3.0.10769) - C:\WINDOWS\System32\Drivers\adp80xx.sys
      [MD5.74FFBC43B4B899C9A8CA06A892F2CE73] - [16/07/2016 22:41:53] - (.Copyright © 2008-2015 AMD, Inc. - AHCI 1.3 Device Driver.) - [81.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdsata.sys
      [MD5.AAB0F1D8D7E54761ABAB13AF161F1680] - [16/07/2016 22:41:53] - (.2012 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [253.34 Ko] - (3.7.1540.43) - C:\WINDOWS\System32\Drivers\amdsbs.sys
      [MD5.F91BAAC4237C40352A807000F3B716F9] - [16/07/2016 22:41:53] - (.Copyright © 2008-2015 AMD, Inc. - Storage Filter Driver.) - [26.34 Ko] - (1.1.3.277) - C:\WINDOWS\System32\Drivers\amdxata.sys
      [MD5.E6AB1F0B4C3D4E0D2A88332D76FECD03] - [16/07/2016 22:41:53] - (.Copyright 2014 PMC-Sierra, Inc. - Adaptec SAS RAID WS03 Driver.) - [128.84 Ko] - (7.5.0.32048) - C:\WINDOWS\System32\Drivers\arcsas.sys
      [MD5.9B480B472D6826E7257C90E2D0EE2954] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! HWID.) - [36.77 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswHwid.sys
      [MD5.1BB00571CC2C78463ABD7E9C32970758] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! File System Minifilter for Windows 2003/Vista.) - [106.27 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswMonFlt.sys
      [MD5.7010B57D708DA5C9686A5923EE621776] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! WFP Redirect Driver.) - [100.65 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRdr2.sys
      [MD5.937885085BFE5BD08EC1BC0245DD203B] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! Revert.) - [72.8 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswRvrt.sys
      [MD5.0B6352251C5D84130DF4252D33D266C2] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! Virtualization Driver.) - [946.47 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsnx.sys
      [MD5.28213B34725B18387CC1B8C3D73858A1] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! self protection module.) - [501.59 Ko] - (12.3.3154.8) - C:\WINDOWS\System32\Drivers\aswsp.sys
      [MD5.9C58B6E9663D0A76D00D83E43C765BDF] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - Stream Filter.) - [159.59 Ko] - (12.3.3154.0) - C:\WINDOWS\System32\Drivers\aswStm.sys
      [MD5.D60D9201739400F0FBDB9E36A3212D91] - [15/07/2016 16:05:40] - (.Copyright (c) 2014 AVAST Software - avast! VM Monitor.) - [286.48 Ko] - (12.3.3154.16) - C:\WINDOWS\System32\Drivers\aswvmm.sys
      [MD5.7FFB1E6F81C7BFD5B64D02A5B344B1D2] - [12/02/2016 00:17:18] - (.© Advanced Micro Devices. - AMD High Definition Audio Function Driver.) - [108.52 Ko] - (10.0.0.2) - C:\WINDOWS\System32\Drivers\AtihdWT6.sys
      [MD5.3F5523DCEFE42B385659C5CB46A6B810] - [16/07/2016 22:41:53] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9477.0) - C:\WINDOWS\System32\Drivers\bcmfn.sys
      [MD5.0B750A6A6D847E73CA48ADD7A0F5A393] - [16/07/2016 22:41:53] - (.© Broadcom Corporation. - BCM Function 2  Device Driver.) - [9.5 Ko] - (6.3.9391.6) - C:\WINDOWS\System32\Drivers\bcmfn2.sys
      [MD5.61BAC67048CA5C1D08C48FCC8012B613] - [16/07/2016 22:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic Gigabit Ethernet VBD.) - [521.34 Ko] - (7.12.31.105) - C:\WINDOWS\System32\Drivers\bxvbda.sys
      [MD5.48BC8B59BF348BD8C8702B93171008F2] - [16/07/2016 22:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI Crash Dump Driver.) - [100.34 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4dx64.sys
      [MD5.0AED948DA8D5F08B3D6F12E4E2089736] - [16/07/2016 22:41:53] - (.Copyright © 2016 Chelsio Communications. - Chelsio iSCSI VMiniport Driver.) - [338.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4sx64.sys
      [MD5.0002A0FDE087C1657AB31CE73077539C] - [16/07/2016 22:41:53] - (.Copyright © 2010 Chelsio Communications. - Virtual Bus Driver for Chelsio ® T4 Chipset.) - [2054.84 Ko] - (6.1.14.200) - C:\WINDOWS\System32\Drivers\cht4vx64.sys
      [MD5.12145BABD827F3B68B27A4F73B7284CD] - [03/06/2015 11:23:06] - (.Copyright (C) C-Media Inc. 1998-2015 - C-Media Audio WDM Driver.) - [2671.5 Ko] - (0.0.8.1823) - C:\WINDOWS\System32\Drivers\cmudaxp.sys
      [MD5.83E4A14F851341C933C3235BFB882ECA] - [16/07/2016 22:41:54] - (.Copyright(C) 2013, Intel Corporation. - Intel(R) Gigabit Adapter NDIS 6.x driver.) - [512.5 Ko] - (12.15.22.6) - C:\WINDOWS\System32\Drivers\e1i63x64.sys
      [MD5.7EC6FC0266D74BD47ABB130A328B70EC] - [16/07/2016 22:41:52] - (.(c) COPYRIGHT 2014-2016 QLogic Corporation - QLogic 10 GigE VBD.) - [3338.84 Ko] - (7.13.65.105) - C:\WINDOWS\System32\Drivers\evbda.sys
      [MD5.F5CA18197B4646E04DB9EB2D6642CC4D] - [16/07/2016 22:41:53] - (.Copyright (c) 2004-2011 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [62.84 Ko] - (8.0.4.0) - C:\WINDOWS\System32\Drivers\HpSAMD.sys
      [MD5.C6B8743B213F06AA60943D8366FE968F] - [16/07/2016 22:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO GPIO Controller Driver.) - [32.5 Ko] - (604.10146.3023.12819) - C:\WINDOWS\System32\Drivers\iagpio.sys
      [MD5.9A2A2F3C69B9A30B6E78536F6D258BAD] - [16/07/2016 22:41:54] - (.Copyright (C) 2013. - Intel(R) Serial IO I2C Driver.) - [79.5 Ko] - (604.10146.2643.2818) - C:\WINDOWS\System32\Drivers\iai2c.sys
      [MD5.5A0E850F8CD17791A3E6A3CF81D0CA28] - [16/07/2016 22:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Driver v2.) - [63 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_GPIO2.sys
      [MD5.7508F1096803385D6376BFD0BD473AC4] - [16/07/2016 22:41:54] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Driver v2.) - [172.25 Ko] - (30.63.1610.8) - C:\WINDOWS\System32\Drivers\iaLPSS2i_I2C.sys
      [MD5.16A10CCEDCF5AC4CAAE43DC9FC40392F] - [16/07/2016 22:41:52] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO GPIO Controller Driver.) - [37.23 Ko] - (1.1.250.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_GPIO.sys
      [MD5.EB82A11613326691508D9ED9A4FE29E7] - [16/07/2016 22:41:50] - (.Copyright © 2015, Intel Corporation. - Intel(R) Serial IO I2C Controller Driver.) - [110.5 Ko] - (1.1.253.0) - C:\WINDOWS\System32\Drivers\iaLPSSi_I2C.sys
      [MD5.97E553D03219D3D51705C7235D9EAEBD] - [16/07/2016 22:41:53] - (.Copyright (C), Intel Corporation. - Intel(R) Rapid Storage Technology driver (inbox) - x64.) - [657.34 Ko] - (13.2.0.1022) - C:\WINDOWS\System32\Drivers\iaStorAV.sys
      [MD5.8350FE3BCDE3428BC040877BB7E9EAEB] - [16/07/2016 22:41:53] - (.Copyright(C) Intel Corporation 1994-2008 - Intel Matrix Storage Manager driver - x64.) - [402.34 Ko] - (8.6.2.1019) - C:\WINDOWS\System32\Drivers\iaStorV.sys
      [MD5.3BA03F7C7700DDF4C383DDE9252F5817] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - InfiniBand Fabric Bus Driver.) - [513.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ibbus.sys
      [MD5.8E1B0946948CCC0BC1FA3CB70374A795] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2010 - LSI Fusion-MPT SAS Driver (StorPort).) - [106.34 Ko] - (1.34.3.83) - C:\WINDOWS\System32\Drivers\lsi_sas.sys
      [MD5.4F68163FC04C973500DC4DA0946917B0] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2012 - LSI SAS Gen2 Driver (StorPort).) - [103.34 Ko] - (2.0.79.80) - C:\WINDOWS\System32\Drivers\lsi_sas2i.sys
      [MD5.E5AC5F2815938651CDCC27F425474673] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies 2015 - Avago SAS Gen3 Driver (StorPort).) - [98.84 Ko] - (2.51.12.80) - C:\WINDOWS\System32\Drivers\lsi_sas3i.sys
      [MD5.CCF6EC9FB9B8F18E05B4253E81013E48] - [16/07/2016 22:41:53] - (.Copyright © LSI Corporation 2012 - LSI SSS PCIe/Flash Driver (StorPort).) - [80.84 Ko] - (2.10.61.81) - C:\WINDOWS\System32\Drivers\lsi_sss.sys
      [MD5.A0A527569856B9814E8920F52EBB67F5] - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech Kernel Audio Improvement Filter Driver.) - [343.28 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvrs64.sys
      [MD5.415E344294D1C0D04627B29146F68481] - [27/10/2012 10:42:22] - (.(c) 1996-2012 Logitech. - Logitech USB Video Class Driver.) - [4646.66 Ko] - (13.80.853.0) - C:\WINDOWS\System32\Drivers\lvuvc64.sys
      [MD5.047244823B2EA707E1F6076CA20DEF90] - [18/12/2016 10:09:53] - (.-.) - [75.59 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\mbae64.sys
      [MD5.ABB371D9AEF728B0489B0E6872B4A1C0] - [18/12/2016 10:09:55] - (.(C) Malwarebytes. - Malwarebytes SwissArmy.) - [244.94 Ko] - (4.2.0.101) - C:\WINDOWS\System32\Drivers\MBAMSwissArmy.sys
      [MD5.C3CDCCF07486BD2616A7B82946E07AC0] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [58.34 Ko] - (6.706.6.0) - C:\WINDOWS\System32\Drivers\megasas.sys
      [MD5.2CF0CB2A0ED68C5455371E84C16F9627] - [11/11/2016 11:04:52] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [62.84 Ko] - (6.711.10.11) - C:\WINDOWS\System32\Drivers\MegaSas2i.sys
      [MD5.FADB2FE017E69EECE0E1BA78661C2E8C] - [16/07/2016 22:41:53] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [562.34 Ko] - (15.2.2013.129) - C:\WINDOWS\System32\Drivers\megasr.sys
      [MD5.8EA880DC2E0F8D93A943C25EF17E18FC] - [17/07/2016 16:11:57] - (.©2006-2011, Nicomsoft Ltd. - WINI2C-DDC Kernel Mode Driver.) - [20.3 Ko] - (3.8.0.0) - C:\WINDOWS\System32\Drivers\mi2c.sys
      [MD5.FD60818B66B2E8A5415EA840E99A9D8F] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - MLX4 Bus Driver.) - [822.84 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\mlx4_bus.sys
      [MD5.3D2C5B4995CA0751D32DEA0DE9FDFE44] - [16/07/2016 22:41:53] - (.Copyright (c) Marvell Semiconductor, Inc. - Marvell Flash Controller Driver.) - [62.34 Ko] - (1.0.5.1016) - C:\WINDOWS\System32\Drivers\mvumis.sys
      [MD5.629CB21AC49C8867E0F29DF1C16DB7B4] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - NetworkDirect Support Filter Driver.) - [106.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\ndfltr.sys
      [MD5.6C76780A01FC2B885BD6E957B5C36B02] - [16/07/2016 22:42:03] - (.-.) - [88.5 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\NetAdapterCx.sys
      [MD5.D261DF41F0840F734856A2B4F5E072C7] - [16/07/2016 22:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [146.84 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvraid.sys
      [MD5.23B702B555EB0436B9DAA0BC63DA65CE] - [16/07/2016 22:41:53] - (.Copyright(C) 2001-2011 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.34 Ko] - (10.6.0.23) - C:\WINDOWS\System32\Drivers\nvstor.sys
      [MD5.540116170E2135FCD5DDE77702166B67] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [57.34 Ko] - (6.805.3.0) - C:\WINDOWS\System32\Drivers\percsas2i.sys
      [MD5.8356F87553BF49C703CF382033815898] - [16/07/2016 22:41:53] - (.Copyright © Avago Technologies2013 - MEGASAS RAID Controller Driver for Windows.) - [60.34 Ko] - (6.603.6.0) - C:\WINDOWS\System32\Drivers\percsas3i.sys
      [MD5.8E78AB9B9709BAFB11695A0A6EDDEFF9] - [05/11/2016 15:37:13] - (.Copyright (C) M. Russinovich 1996-2011 - Process Explorer.) - [34.88 Ko] - (15.0.0.0) - C:\WINDOWS\System32\Drivers\PROCEXP152.SYS
      [MD5.D06C8A05ABD8B3D0EDCEC1B632396143] - [12/10/2015 16:39:20] - (.Copyright (C) 2014 Paramount Software UK Ltd - Paramount Software Image Mounting Driver.) - [165.01 Ko] - (6.1.865.0) - C:\WINDOWS\System32\Drivers\psmounterex.sys
      [MD5.436E1F795F0495B2715116A4EC176803] - [21/07/2014 13:36:48] - (.(c) Paramount Software UK Ltd 2010 - Volume Access driver.) - [12.46 Ko] - (1.0.0.1) - C:\WINDOWS\System32\Drivers\PSVolAcc.sys
      [MD5.9C3AC71A9934B884FAC567A8807E9C4D] - [16/07/2016 10:25:45] - (.© VS Revo Group, Ltd. - Revo Uninstaller Minifilter.) - [31.05 Ko] - (1.0.0.4) - C:\WINDOWS\System32\Drivers\revoflt.sys
      [MD5.81912490882BE0F971B582AD1C33CA57] - [18/07/2016 13:55:33] - (.Copyright (C) 2004-2016 - PowerISO Virtual Drive.) - [134.06 Ko] - (6.6.0.0) - C:\WINDOWS\System32\Drivers\scdemu.sys
      [MD5.A34CE1830E45DA98932295FDE4B7908A] - [16/07/2016 22:41:53] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [43.84 Ko] - (5.1.1039.2600) - C:\WINDOWS\System32\Drivers\sisraid2.sys
      [MD5.A7B5C670770E908DA5FEF5BF1136E933] - [16/07/2016 22:41:53] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [79.84 Ko] - (5.1.1039.3600) - C:\WINDOWS\System32\Drivers\sisraid4.sys
      [MD5.9593475FBC857A05D93BFF4FA7323C2B] - [05/09/2016 05:47:06] - (.Copyright ⓒ SAMSUNG - SAMSUNG USB Composite Device Driver.) - [128.63 Ko] - (2.12.4.0) - C:\WINDOWS\System32\Drivers\ssudbus.sys
      [MD5.5252D7BC56E5E0ED715AEA8FE173A455] - [22/01/2014 08:52:10] - (.Copyright (c) DEVGURU 2002-2008. (www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) - [201.25 Ko] - (2.11.7.0) - C:\WINDOWS\System32\Drivers\ssudmdm.sys
      [MD5.29D26E1347AE1BBD4201014E19880B2C] - [16/07/2016 22:41:53] - (.© Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) - [30.34 Ko] - (5.1.0.10) - C:\WINDOWS\System32\Drivers\stexstor.sys
      [MD5.6D1671CB2E5402F01D2F13ECF764CAA1] - [20/01/2016 16:50:38] - (.Copyright © 2006-2015, Intel Corporation. - Intel(R) Management Engine Interface.) - [197.3 Ko] - (11.0.0.1157) - C:\WINDOWS\System32\Drivers\TeeDriverW8x64.sys
      [MD5.FD9BCB8920973CEAD4D49DC7A6D8A618] - [16/07/2016 22:41:53] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [162.84 Ko] - (7.0.9600.6352) - C:\WINDOWS\System32\Drivers\vsmraid.sys
      [MD5.0C111F220798CCE80484026E06822379] - [16/07/2016 22:41:53] - (.Copyright (C) 2008 VIA Corporation - VIA StorX RAID Controller Driver.) - [298.34 Ko] - (8.0.9200.8110) - C:\WINDOWS\System32\Drivers\VSTXRAID.SYS
      [MD5.F95DE20312ACCA7761446DE152BD1F7C] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinMad.) - [31.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winmad.sys
      [MD5.8B9AFF5F08E66A6F1F1063DEC9457FB6] - [16/07/2016 22:41:53] - (.Copyright© 2009 Mellanox Technologies Ltd - Kernel WinVerbs.) - [63.34 Ko] - (5.1.11548.0) - C:\WINDOWS\System32\Drivers\winverbs.sys
      [MD5.DCF1C283860C3CAB0BF0A71528A0136C] - [06/06/2015 05:16:54] - (.Copyright(C) 2012 Intel Corporation. - Intel(R) Acpi Control Driver.) - [62.34 Ko] - (4.0.0.1) - C:\WINDOWS\System32\Drivers\XtuAcpiDriver.sys
      [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [16/07/2016 12:45:48] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zam64.sys
      [MD5.21E13F2CB269DEFEAE5E1D09887D47BB] - [16/07/2016 12:45:47] - (.Zemana Ltd. - ZAM.) - [198.91 Ko] - (0.0.0.0) - C:\WINDOWS\System32\Drivers\zamguard64.sys ---------- | Uninstall [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\EPSON WF-3640 Series] : (EPSON WF-3640 Series Printer Uninstall.-.SEIKO EPSON Corporation) -> C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YINSKDE.EXE /R /APD /P:"EPSON WF-3640 Series"
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MacriumReflect] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> C:\Program Files\Macrium\Reflect\xReflect.exe
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PotPlayer64] : (Potplayer-64 bit.-.Kakao Corp.) -> "C:\Program Files\DAUM\PotPlayer\uninstall.exe"
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PROSetDX] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VueScan x64] : (VueScan x64.-.) -> "C:\Program Files\VueScan\vuescan.exe" /remove
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WUCCCApp] : (AMD Settings.-.Advanced Micro Devices, Inc.) -> "C:\AMD\WU-CCC2\ccc2_install\WULaunchApp.exe" -uninstall
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1CEAC85D-2590-4760-800F-8DE5E91F3700}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> "C:\ProgramData\Intel\Package Cache\{1CEAC85D-2590-4760-800F-8DE5E91F3700}\Setup.exe" -uninstall
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26567561-DFB2-2B63-9BA8-6A490ED37016}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1] : (Inpaint 6.2.-.Teorex) -> "C:\Program Files\Inpaint\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{2F544F46-5F6E-97BB-3550-A0242A3C5754}] : (Catalyst Control Center Next Localization DA.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1] : (Malwarebytes version 3.0.4.1269.-.Malwarebytes) -> "C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{383BB30A-B4A7-4666-9A83-22CFA8640097}] : (Classic Shell.-.IvoSoft) -> MsiExec.exe /X{383BB30A-B4A7-4666-9A83-22CFA8640097}
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3AF70346-52C7-0334-606F-118D1C1CB7A2}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}] : (Catalyst Control Center Next Localization IT.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{51F85784-6799-5CA3-97B2-2E5904FC3E58}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}] : (AMD Settings.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{53AE8AC7-5213-67AF-0DC0-CED696B77643}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}] : (Catalyst Control Center Next Localization BR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{59D2664C-949B-7FA7-9880-ECB993B6616A}] : (Catalyst Control Center Next Localization NO.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5EFB52C0-4EC9-46B4-80EB-8432C6599641}_is1] : (Cyberfox Web Browser.-.8pecxstudios) -> "C:\Program Files\Cyberfox\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5FD706FF-6AD8-E372-A35A-879409982655}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{5FEACE78-C338-9AED-FF05-7DE7E273C774}] : (Catalyst Control Center Next Localization ES.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{60DC6F22-D268-44F0-8720-200033508384}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> MsiExec.exe /I{60DC6F22-D268-44F0-8720-200033508384}
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{638A518B-0D2E-4143-ACF8-F3D83D822E85}] : (Intel(R) Network Connections 20.2.4001.0.-.Intel) -> MsiExec.exe /i{638A518B-0D2E-4143-ACF8-F3D83D822E85} ARPREMOVE=1
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1] : (Revo Uninstaller Pro 3.1.7.-.VS Revo Group, Ltd.) -> "C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}] : (Macrium Reflect Free Edition.-.Paramount Software (UK) Ltd.) -> MsiExec.exe /I{6E9A87FE-8050-4714-BBDF-1A096B8CB288}
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{713690A5-53D0-2627-5ABE-55DA9B3E8BDE}] : (.-.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}] : (Catalyst Control Center Next Localization TR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}] : (Catalyst Control Center Next Localization CHS.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{918989F1-06FC-BFAC-FC46-6C2479AC0C0E}] : (.-.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{970A40CA-46AB-986C-1798-976ED0EA00FA}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}] : (Catalyst Control Center Next Localization NL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{A50C89BC-8D8E-8828-824A-7171F6D583D5}] : (Catalyst Control Center Next Localization TH.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AC85CF50-9A55-0103-ADBF-365C37603AA4}] : (Catalyst Control Center Next Localization FI.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{AD28960A-6190-C991-C964-308B86EAA2E2}] : (Catalyst Control Center Next Localization CHT.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B349892D-B015-033C-4CA8-3635E6B655D7}] : (Catalyst Control Center Next Localization FR.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29}] : (Intel(R) Chipset Device Software.-.Intel Corporation) -> MsiExec.exe /I{B685D0AD-42A8-4A39-9BFE-8C063FA9AF29}
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}] : (Catalyst Control Center Next Localization HU.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C14A3A5B-8A86-C239-37D7-158211778C54}] : (Catalyst Control Center Next Localization SV.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}] : (Catalyst Control Center Next Localization RU.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{C3EE628C-7394-FE2C-0C90-C05284EB528D}] : (Catalyst Control Center Next Localization CS.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}] : (Catalyst Control Center Next Localization JA.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D4B3454F-7529-4F5F-851D-2C36933F7D64}] : (.-.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DAB44116-0266-C65B-B643-AC11217C3041}] : (Catalyst Control Center Next Localization KO.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}] : (AMD Start Now.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}] : (Catalyst Control Center Next Localization PL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{DF17C0DB-76D8-4A45-B26E-674F8455B803}] : (Intel(R) ME UninstallLegacy.-.Intel Corporation) -> MsiExec.exe /I{DF17C0DB-76D8-4A45-B26E-674F8455B803}
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}] : (Catalyst Control Center Next Localization EL.-.Advanced Micro Devices, Inc.) ->
      ##########[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{FC4086D6-E345-5F43-08BB-280FB57DAF49}] : (Catalyst Control Center Next Localization DE.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{PBR27112011-M1447-7KS6-C3E2-1X8374W715U4}_is1] : (Hekasoft Backup & Restore 0.53.-.Hekasoft) -> "C:\Program Files\Hekasoft Backup & Restore\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\4K Video Downloader_is1] : (4K Video Downloader 4.1.-.Open Media LLC) -> "C:\Program Files (x86)\4KDownload\4kvideodownloader\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 24 NPAPI.-.Adobe Systems Incorporated) -> C:\WINDOWS\SysWoW64\Macromed\Flash\FlashUtil32_24_0_0_194_Plugin.exe -maintain plugin
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ALA] : (ALA (Ache Logfile Analyzer).-.) -> "C:\Program Files (x86)\ALA\ALAuninst.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Audacity®_is1] : (Audacity 2.1.2.-.Audacity Team) -> "C:\Program Files (x86)\Audacity\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Avast] : (Avast Free Antivirus.-.AVAST Software) -> C:\Program Files\AVAST Software\Avast\Setup\Instup.exe /control_panel
      ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\FreeFileSync_is1] : (FreeFileSync 8.8.-.www.FreeFileSync.org) -> "C:\Program Files\FreeFileSync\Uninstall\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MediaMonkey_is1] : (MediaMonkey 4.1.-.Ventis Media Inc.) -> "C:\Program Files (x86)\MediaMonkey\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Thunderbird 45.6.0 (x86 en-US)] : (Mozilla Thunderbird 45.6.0 (x86 en-US).-.Mozilla) -> C:\Program Files (x86)\Mozilla Thunderbird\uninstall\helper.exe
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OpenAL] : (OpenAL.-.) -> "C:\Program Files (x86)\OpenAL\openalweax.exe" /U
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PowerISO] : (PowerISO.-.Power Software Ltd) -> "C:\Program Files\PowerISO\uninstall.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Stardock Fences 3] : (Stardock Fences 3.-.Stardock Software, Inc.) -> "C:\Program Files (x86)\Stardock\Fences\uninstall.exe" "/U:C:\Program Files (x86)\Stardock\Fences\Uninstall\uninstall.xml"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.) -> "C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VideoReDo4_is1] : (VideoReDo TVSuite Version 4.20.7.629.-.DRD Systems, Inc.) -> "C:\Program Files (x86)\VideoReDoTVSuite4\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\VTUploader] : (VirusTotal Uploader 2.2.-.) -> "C:\Program Files (x86)\VirusTotalUploader2\uninstall.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0121C0BD-363C-4B1D-8B64-FE7681A37D0A}_is1] : (i-Menu version 4.3.1.-.AOC) -> "C:\Program Files (x86)\i-Menu\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}] : (Foxit PhantomPDF Business.-.Foxit Software Inc.) -> MsiExec.exe /I{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6657DA03-A39B-472C-8458-6292E128A3D9}] : (MailWasherPro.-.Firetrust) -> MsiExec.exe /X{6657DA03-A39B-472C-8458-6292E128A3D9}
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{71B53BA8-4BE3-49AF-BC3E-07F392008788}] : (ASUS Xonar Essence STX Audio.-.ASUSTeK Computer Inc.) -> "C:\Program Files (x86)\InstallShield Installation Information\{71B53BA8-4BE3-49AF-BC3E-07F392008788}\Setup.exe" -runfromtemp -l0x0409 -removeonly /Cmicheck
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{899B0A57-C6BA-6FAB-DF06-D095CFBC60EC}] : (.-.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1] : (Zemana AntiMalware.-.Zemana Ltd.) -> "C:\Program Files (x86)\Zemana AntiMalware\unins000.exe"
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{91B33C97-A730-69CE-7A4F-4ADF378BB993}_is1] : (Ashampoo Burning Studio 16.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}] : (Intel(R) Chipset Device Software.-.Intel(R) Corporation) -> "C:\ProgramData\Package Cache\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}\SetupChipset.exe"  /uninstall
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{C92AB6F1-616B-A905-B3D2-3B7C238851DC}_is1] : (Ashampoo Photo Commander 14.-.Ashampoo GmbH & Co. KG) -> "C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 14\unins000.exe"
      ##########[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E29B4E12-2EB0-93F6-8556-3ED42722D653}] : (AMD Settings.-.Advanced Micro Devices, Inc.) ->
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}] : (CyberPower PowerPanel Personal Edition 1.6.1.-.Cyber Power Systems, Inc.) -> MsiExec.exe /I{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}
      [HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] : (Skype™ 7.30.-.Skype Technologies S.A.) -> MsiExec.exe /X{FC965A47-4839-40CA-B618-18F486F042C6} ---------- | Ports
      ---------- | Microsoft Specifications CheckID: SetupControllerFiles0{90140000-00A1-0409-1000-0000000FF1CE} - CLICK2RUN -> SetupControllerFiles ---------- | CLSID
      ---------- | Installer [HKCR\Installer\Products\035EBE8F5D4A15FB6F3273786E8B8A87] : Catalyst Control Center Next Localization EL -> C:\Windows\Installer\{F8EBE530-A4D5-BF51-F623-3787E6B8A878}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\05FC58CA55A93010DAFB63C57306A34A] : Catalyst Control Center Next Localization FI -> C:\Windows\Installer\{AC85CF50-9A55-0103-ADBF-365C37603AA4}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\0F3365B0514C80F276E1C4E9F2AADC54] : Catalyst Control Center Next Localization TR -> C:\Windows\Installer\{0B5633F0-C415-2F08-671E-4C9E2FAACD45}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\165765622BFD36B2B98AA694E03D0761] : Catalyst Control Center Next Localization IT -> C:\Windows\Installer\{26567561-DFB2-2B63-9BA8-6A490ED37016}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\1BA6D8EB9403C0F276AF000C5A3D123A] : Catalyst Control Center Next Localization HU -> C:\Windows\Installer\{BE8D6AB1-3049-2F0C-67FA-00C0A5D321A3}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\1CEF908068FE9E152801CDB1B1BD7654] : Catalyst Control Center Next Localization JA -> C:\Windows\Installer\{0809FEC1-EF86-51E9-8210-DC1B1BDB6745}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\21E4B92E0BE26F395865E34D72226D35] : AMD Settings -> C:\WINDOWS\Installer\{E29B4E12-2EB0-93F6-8556-3ED42722D653}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\22F6CD06862D0F447802020033053848] : Intel(R) Management Engine Components
      [HKCR\Installer\Products\2703D7E182D1A33E99FD589D7FCE0DE6] : Catalyst Control Center Next Localization DE -> C:\WINDOWS\Installer\{1E7D3072-1D28-E33A-99DF-85D9F7ECD06E}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\2955F6E8E7DE05C947CAFB14B7F12E19] : Catalyst Control Center Next Localization CHS -> C:\WINDOWS\Installer\{8E6F5592-ED7E-9C50-74AC-BF417B1FE291}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\2A2FFE1CA4FD1D6F9BC9E11D49EAE987] : Catalyst Control Center Next Localization RU -> C:\WINDOWS\Installer\{C1EFF2A2-DF4A-F6D1-B99C-1ED194AE9E78}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\2BAEA5633FC4BBC7D0CA9E1EB486E856] : Catalyst Control Center Next Localization CHS -> C:\Windows\Installer\{365AEAB2-4CF3-7CBB-0DAC-E9E14B688E65}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\30AD7566B93AC274488526291E823A9D] : MailWasherPro
      [HKCR\Installer\Products\38D6CBA7E61884D66ED50BECDD92E4E4] : Catalyst Control Center Next Localization CHT -> C:\Windows\Installer\{7ABC6D83-816E-6D48-E65D-B0CEDD294E4E}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\48758F1599763AC5792BE29540CFE385] : Catalyst Control Center Next Localization BR -> C:\WINDOWS\Installer\{51F85784-6799-5CA3-97B2-2E5904FC3E58}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\57670CADFA1A1F94FD7B161BA56DC1A9] : AMD Start Now -> C:\WINDOWS\Installer\{DAC07675-A1AF-49F1-DFB7-61B15AD61C9A}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\5C2F3C482B7F80F2DC4F97FEC75CD547] : Catalyst Control Center Next Localization CS -> C:\WINDOWS\Installer\{84C3F2C5-F7B2-2F08-CDF4-79EF7CC55D74}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\5CD401BE9D83A6D47B0008BEA4E90B5F] : CyberPower PowerPanel Personal Edition 1.6.1 -> C:\Windows\Installer\{EB104DC5-38D9-4D6A-B700-80EB4A9EB0F5}\pppe.exe
      [HKCR\Installer\Products\61144BAD6620B56C6B34CA1112C70314] : Catalyst Control Center Next Localization KO -> C:\WINDOWS\Installer\{DAB44116-0266-C65B-B643-AC11217C3041}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\64307FA37C25433006F611D8C1C17B2A] : Catalyst Control Center Next Localization NL -> C:\WINDOWS\Installer\{3AF70346-52C7-0334-606F-118D1C1CB7A2}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\64F445F2E6F5BB7953050A42A2C37545] : Catalyst Control Center Next Localization DA -> C:\Windows\Installer\{2F544F46-5F6E-97BB-3550-A0242A3C5754}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\670F1A988B911B2A5D3A8E42E7AF1F75] : Catalyst Control Center Next Localization TR -> C:\WINDOWS\Installer\{89A1F076-19B8-A2B1-D5A3-E8247EFAF157}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\6D6804CF543E34F580BB82F05BD7FA94] : Catalyst Control Center Next Localization DE -> C:\Windows\Installer\{FC4086D6-E345-5F43-08BB-280FB57DAF49}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\71B3A8E0306D6B1B2C506158BEDD329E] : Catalyst Control Center Next Localization DA -> C:\WINDOWS\Installer\{0E8A3B17-D603-B1B6-C205-1685EBDD23E9}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\74A569CF9384AC046B81814F680F246C] : Skype™ 7.30 -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe
      [HKCR\Installer\Products\776FC82B8C2EAC2125BB916B0F663DA6] : Catalyst Control Center Next Localization HU -> C:\WINDOWS\Installer\{B28CF677-E2C8-12CA-52BB-19B6F066D36A}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\7CA8EA353125FA76D00CEC6D697B6734] : Catalyst Control Center Next Localization NO -> C:\WINDOWS\Installer\{53AE8AC7-5213-67AF-0DC0-CED696B77643}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\8255973A275F41364C3EEED9FAF0FB20] : Catalyst Control Center Next Localization FI -> C:\WINDOWS\Installer\{A3795528-F572-6314-C4E3-EE9DAF0FBF02}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\87ECAEF5833CDEA9FF50D77E2E377C47] : Catalyst Control Center Next Localization ES -> C:\WINDOWS\Installer\{5FEACE78-C338-9AED-FF05-7DE7E273C774}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\A03BB3837A4B6664A93822FC8A460079] : Classic Shell -> C:\Windows\Installer\{383BB30A-B4A7-4666-9A83-22CFA8640097}\icon.ico
      [HKCR\Installer\Products\A06982DA0916199C9C4603B868AE2A2E] : Catalyst Control Center Next Localization CHT -> C:\WINDOWS\Installer\{AD28960A-6190-C991-C964-308B86EAA2E2}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\AC04A079BA64C689718979E60DAE00AF] : Catalyst Control Center Next Localization PL -> C:\Windows\Installer\{970A40CA-46AB-986C-1798-976ED0EA00FA}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\B134E6A734FCE3CEDFE7A0A0BAB152CF] : Catalyst Control Center Next Localization TH -> C:\WINDOWS\Installer\{7A6E431B-CF43-EC3E-FD7E-0A0AAB1B25FC}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\B22D6F349E0E09EEB926C1F55C1DA555] : Catalyst Control Center Next Localization IT -> C:\WINDOWS\Installer\{43F6D22B-E0E9-EE90-9B62-1C5FC5D15A55}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\B5A3A41C68A8932C737D51281177C845] : Catalyst Control Center Next Localization SV -> C:\Windows\Installer\{C14A3A5B-8A86-C239-37D7-158211778C54}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\B815A836E2D03414CA8F3F8DD328E258] : -> C:\Windows\Installer\{638A518B-0D2E-4143-ACF8-F3D83D822E85}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\BA3D4A55FD8C2B62988AE7611E4E7000] : Catalyst Control Center Next Localization BR -> C:\Windows\Installer\{55A4D3AB-C8DF-26B2-89A8-7E16E1E40700}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\BD0C71FD8D6754A42BE676F448558B30] : Intel(R) ME UninstallLegacy
      [HKCR\Installer\Products\C07B62ABC8D341D2142212F13B6E6F19] : Catalyst Control Center Next Localization EL -> C:\WINDOWS\Installer\{BA26B70C-3D8C-2D14-4122-211FB3E6F691}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\C0AC7E4ABE4892E5F240604C4E97C0F2] : Catalyst Control Center Next Localization NL -> C:\Windows\Installer\{A4E7CA0C-84EB-5E29-2F04-06C4E4790C2F}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\C4662D95B9497AF78908CE9B396B16A6] : Catalyst Control Center Next Localization NO -> C:\Windows\Installer\{59D2664C-949B-7FA7-9880-ECB993B6616A}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\C826EE3C4937C2EFC0090C2548BE25D8] : Catalyst Control Center Next Localization CS -> C:\Windows\Installer\{C3EE628C-7394-FE2C-0C90-C05284EB528D}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\CB98C05AE8D8828828A417176F5D385D] : Catalyst Control Center Next Localization TH -> C:\Windows\Installer\{A50C89BC-8D8E-8828-824A-7171F6D583D5}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\CCBD7E255BAECFED3B1CBB255598375C] : AMD Settings -> C:\WINDOWS\Installer\{52E7DBCC-EAB5-DEFC-B3C1-BB52558973C5}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\CFBC70744DE8E364F09FED684F7A349E] : Catalyst Control Center Next Localization RU -> C:\Windows\Installer\{4707CBFC-8ED4-463E-0FF9-DE86F4A743E9}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\D298943B510BC330C48A63536E6B557D] : Catalyst Control Center Next Localization FR -> C:\Windows\Installer\{B349892D-B015-033C-4CA8-3635E6B655D7}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\D65A35841397B80AB57AE8D21640D39F] : Catalyst Control Center Next Localization FR -> C:\WINDOWS\Installer\{4853A56D-7931-A08B-5BA7-8E2D61043DF9}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\DA0D586B8A2493A4B9EFC860F39AFA92] : Intel(R) Chipset Device Software
      [HKCR\Installer\Products\EB86BE64CAA8B2C82748D8DE6E5BDCA2] : Catalyst Control Center Next Localization SV -> C:\WINDOWS\Installer\{46EB68BE-8AAC-8C2B-7284-8DEDE6B5CD2A}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\EF78A9E605084174BBFDA190B6C82B88] : Macrium Reflect Free Edition -> C:\Windows\Installer\{6E9A87FE-8050-4714-BBDF-1A096B8CB288}\Reflect.ico
      [HKCR\Installer\Products\F0E0944DB7E879015BA667347CF5C182] : Catalyst Control Center Next Localization JA -> C:\WINDOWS\Installer\{D4490E0F-8E7B-1097-B56A-7643C75F1C28}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\F34DBF2435EDD4D615433E9CB354BCFE] : Catalyst Control Center Next Localization ES -> C:\Windows\Installer\{42FBD43F-DE53-6D4D-5134-E3C93B45CBEF}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\FBCFD9CDAD78C298161599CCE94FE6E3] : Catalyst Control Center Next Localization PL -> C:\WINDOWS\Installer\{DC9DFCBF-87DA-892C-6151-99CC9EF46E3E}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\FF607DF58DA6273E3AA5784990896255] : Catalyst Control Center Next Localization KO -> C:\Windows\Installer\{5FD706FF-6AD8-E372-A35A-879409982655}\ARPPRODUCTICON.exe
      [HKCR\Installer\Products\FF98B0C16FBB7BD4CB7998ACD8D5F045] : Foxit PhantomPDF Business -> C:\Windows\Installer\{1C0B89FF-BBF6-4DB7-BC97-89CA8D5D0F54}\IconName.exe ---------- | ADS
      ---------- | Drives  Disk: 0   Size=477G
       Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
       --- ------ ---------- ---- ------ ---- ------------ ------------
        0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295 ---------- | MBR Windows Version:        Professional
      Windows Information:         (build 9200), 64-bit
      Base Board Manufacturer:    Gigabyte Technology Co., Ltd.
      BIOS Manufacturer:        American Megatrends Inc.
      System Manufacturer:        Gigabyte Technology Co., Ltd.
      System Product Name:        Z97X-UD5H-BK
      Logical Drives Mask:        0x0000003c Analysis of file "C:\QuickDiag\MBR.bin":
      Unknown MBR code 64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin ---------- | 20 LastEventLog Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details:
      AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error:
      Access is denied.
      .
      ------------ Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
      . This is often caused by incorrect security settings in either the writer or requestor process. Operation:
         Gathering Writer Data Context:
         Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
         Writer Name: System Writer
         Writer Instance ID: {9c67d02a-d6eb-474f-bf17-5d36fad1c1ef}
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca
      Exception code: 0xc000041d
      Fault offset: 0x00003e82
      Faulting process id: 0x974
      Faulting application start time: 0x01d275c65d1b5e1b
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\System32\GDI32.dll
      Report Id: b7191ee2-753d-4ae9-b906-2889a7f82097
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95
      Exception code: 0xc0000005
      Fault offset: 0x00044f9e
      Faulting process id: 0x974
      Faulting application start time: 0x01d275c65d1b5e1b
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
      Report Id: ae8566d4-40e7-499e-af31-1b8451c32103
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
      ------------ Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
      ------------ The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ The Open Procedure for service "Lsa" in DLL "C:\Windows\System32\Secur32.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ The Open Procedure for service "ESENT" in DLL "C:\WINDOWS\system32\esentprf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca
      Exception code: 0xc000041d
      Fault offset: 0x00003e82
      Faulting process id: 0x1890
      Faulting application start time: 0x01d2750ec32f562e
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\System32\GDI32.dll
      Report Id: c582a33e-6195-4abc-b5df-68da8a8ab8b3
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95
      Exception code: 0xc0000005
      Fault offset: 0x00044f9e
      Faulting process id: 0x1890
      Faulting application start time: 0x01d2750ec32f562e
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
      Report Id: ec5a4010-2e89-46ef-b391-ece291f6d537
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: GDI32.dll, version: 10.0.14393.206, time stamp: 0x57dad2ca
      Exception code: 0xc000041d
      Fault offset: 0x00003e82
      Faulting process id: 0xb28
      Faulting application start time: 0x01d27509096f4304
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\System32\GDI32.dll
      Report Id: 7b7975c7-18b6-4c29-a667-ffcf0a7d5cd9
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ Faulting application name: uTorrent.exe, version: 2.2.0.24683, time stamp: 0x4d59d618
      Faulting module name: ntdll.dll, version: 10.0.14393.447, time stamp: 0x5819be95
      Exception code: 0xc0000005
      Fault offset: 0x00044f9e
      Faulting process id: 0xb28
      Faulting application start time: 0x01d27509096f4304
      Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
      Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
      Report Id: bdc0e890-122c-4514-a37d-f0920ba01915
      Faulting package full name:
      Faulting package-relative application ID:
      ------------ The Open Procedure for service "WmiApRpl" in DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------ Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
      ------------ Unable to open the Server service performance object. The first four bytes (DWORD) of the Data section contains the status code.
      ------------ The Open Procedure for service "MSDTC" in DLL "C:\WINDOWS\system32\msdtcuiu.DLL" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      ------------
      ----------( EOF)---------- - 6521 | 14:13:08  
    • Not seeing any real malware, lets take a deeper look to be sure.   Quick Diag Scan.   Download Quick Diag to your desktop. Disable your Antivirus/Antispyware prior to scanning. Right Click Run as Administrator. Select the Extended Scan. Post the log that is generated in your next post.

WindowsInstructed Forums

Welcome on the WindowsInstructed Forums. If you have any Windows question or Malware related question then this is the place to be. All your connections are securely encrypted with our server so your privacy is protected as well!