Welcome to WindowsInstructed Forums

Welcome to the WindowsInstructed Forums

Sign-up for an account today to receive free malware removal help. Personal Windows help and much more. Or continue as a guest and ask any question you would like to ask us! Please do remember that being a member you get advantages like notifications of replies and faster replies from most members. Also members don't see ads ;) 

We hope to help you with your issues.

The WindowsInstructed Forums Staff

sambone1122

Looking for help regarding low performance on high end pc

116 posts in this topic

I am able to run a lot of games at max settings and even if i get 60+ fps on maximum settings on a game that should look great, the graphics just look super bad. There is jaggedness to lines, everything is kind of shakey and flickers a little bit, it just looks like im running the game on a really bad graphics card but i have no fps problems. It is not an internet issue, and its not a overheating issue or an issue with my drivers. It seems like more of a hardware problem but i cant figure out what is wrong at all. I've ran malwarebytes but couldnt find anything. Im thinking there might be some type of issue with a driver or my bios but it seems kind of complicated

I have a nvidia gtx 760 that is stock overclocked with a intel i-5 processor, 8 gb ram and windows 7. If anyone can help me troubleshoot this super annoying issue that i have been trying to solve for a month then i would very much appreciate it.

Kris likes this

Share this post


Link to post
Share on other sites

Please download and save FRST 64bit or FRST 32 bit to your DESKTOP.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

x3KSmSt.jpg

  1. Make sure that Addition option is checked.
  2. Press Scan button.

kf4A5XR.jpg

  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste contents of the log back here.
  • The first time the tool is run, or Additions.txt is selected in the options it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste contents of that log along with the FRST.txt into your reply.

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-07-2016
Ran by Sambone (administrator) on SAMBONE-PC (26-07-2016 14:44:59)
Running from C:\Users\Sambone\Downloads
Loaded Profiles: Sambone (Available Profiles: Sambone)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Spotify Ltd) C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BitTorrent Inc.) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
(Flux Software LLC) C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
(BitTorrent Inc.) C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(BitTorrent Inc.) C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
(Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
(Electronic Arts) C:\Program Files (x86)\Origin\OriginClientService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-07-21] (Plays.tv, LLC)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll",DllRegisterServer
HKLM-x32\...\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll] => "C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run: [Spotify Web Helper] => C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1554032 2016-07-11] (Spotify Ltd)
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run: [uTorrent] => C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe [2133504 2016-05-17] (BitTorrent Inc.)
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run: [f.lux] => C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\RunOnce: [Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\RunOnce: [Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\RunOnce: [Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\RunOnce: [Uninstall C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\SysWOW64\lol.scr
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-03-11] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}: [DhcpNameServer] 192.168.1.1
ManualProxies: 

Internet Explorer:
==================
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2847832888-1738266169-4025173231-1000 -> {4798622D-93EB-4618-A8D2-9FCBA81CC42B} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-06-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-07-26] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-06-14] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-07-26] (Oracle Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2016-06-14] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2847832888-1738266169-4025173231-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-11-09] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-26] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-11-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-03-04] (DivX, LLC)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-07-10] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @raidcall.en/RCplugin -> C:\Users\Sambone\AppData\Roaming\raidcall\plugins\nprcplugin.dll [2014-05-27] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-2847832888-1738266169-4025173231-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Extension: Oasis Space 1.0.1 - C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default\extensions\{7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}.xpi [2015-11-10] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Data Compression Proxy) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep [2016-05-04]
CHR Extension: (Google Docs) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-29]
CHR Extension: (Google Search) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Search for YouTube™) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\jobehlihkogkaopjdeomandehpjiljjn [2015-05-28]
CHR Extension: (Skype) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-05-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2015-09-19] (BitRaider, LLC)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-02] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [243984 2016-02-29] (EasyAntiCheat Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-14] (NVIDIA Corporation)
S4 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S4 MSI_Trigger_Service; C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [30240 2013-09-26] (MICRO-STAR INTERNATIONAL CO., LTD.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-14] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-06-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-07-23] (Electronic Arts)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-07-21] (Plays.tv, LLC)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2016-07-24] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2016-07-23] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [188072 2015-11-04] ()
R2 RzSurroundVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe [4255232 2016-02-15] (A-Volute) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2016-06-29] (REALiX(tm))
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
S3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-04-13] (NVIDIA Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-09-22] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
R3 RZSURROUNDVADService; C:\Windows\System32\drivers\RzSurroundVAD.sys [40640 2016-02-15] (Windows (R) Win 7 DDK provider)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Sambone\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 14:44 - 2016-07-26 14:45 - 00027650 _____ C:\Users\Sambone\Downloads\FRST.txt
2016-07-26 14:44 - 2016-07-26 14:44 - 02394112 _____ (Farbar) C:\Users\Sambone\Downloads\FRST64.exe
2016-07-26 14:44 - 2016-07-26 14:44 - 00000000 ____D C:\FRST
2016-07-26 14:43 - 2016-07-26 14:43 - 00000000 _____ C:\Windows\SysWOW64\RENF92D.tmp
2016-07-26 14:41 - 2016-07-26 14:41 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-07-26 14:41 - 2016-07-26 14:41 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Sun
2016-07-26 14:41 - 2016-07-26 14:41 - 00000000 ____D C:\Users\Sambone\.oracle_jre_usage
2016-07-26 14:41 - 2016-07-26 14:41 - 00000000 ____D C:\Program Files\Java
2016-07-26 14:36 - 2016-07-26 14:38 - 62041152 _____ (Oracle Corporation) C:\Users\Sambone\Downloads\jre-8u101-windows-x64.exe
2016-07-26 14:22 - 2016-07-10 15:36 - 00127424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-07-26 14:21 - 2016-07-26 14:21 - 00000000 ____D C:\Windows\LastGood
2016-07-26 14:21 - 2016-07-10 19:13 - 39977920 _____ C:\Windows\system32\nvcompiler.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 35115968 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 31640512 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 25414080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 17321352 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 13581880 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2016-07-26 14:21 - 2016-07-10 19:13 - 10691632 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 10234336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 03542072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 03099072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 01001016 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00930360 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00909880 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00852024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00544120 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00490744 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00459320 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00444472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00406064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00394808 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00177952 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00155768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00153416 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2016-07-26 14:21 - 2016-07-10 19:13 - 00131584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2016-07-26 13:40 - 2016-07-26 13:42 - 357682568 _____ (NVIDIA Corporation) C:\Users\Sambone\Downloads\368.81-desktop-win8-win7-winvista-64bit-international-whql (2).exe
2016-07-25 23:55 - 2016-07-10 19:13 - 01887800 _____ (NVIDIA Corporation) C:\Windows\system32\NvCamera64.dll
2016-07-25 23:55 - 2016-07-10 19:13 - 01595840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvCamera32.dll
2016-07-25 23:54 - 2016-07-10 16:17 - 00547896 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-07-25 23:54 - 2016-07-10 16:17 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 10656112 _____ C:\Windows\system32\nvptxJitCompiler.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 08742360 _____ C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 01939000 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436881.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 01571776 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436881.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 00694672 _____ C:\Windows\system32\nvfatbinaryLoader.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 00583736 _____ C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-07-25 23:53 - 2016-07-10 19:13 - 00000594 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-07-25 23:53 - 2016-07-10 19:13 - 00000594 _____ C:\Windows\system32\nv-vk64.json
2016-07-25 23:44 - 2016-07-26 14:22 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-25 23:43 - 2016-07-10 16:17 - 06384064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-07-25 23:43 - 2016-07-10 16:17 - 02465848 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-07-25 23:43 - 2016-07-10 16:17 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-07-25 23:43 - 2016-07-10 16:17 - 01364536 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2016-07-25 23:43 - 2016-07-10 16:17 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-07-25 23:43 - 2016-07-10 16:17 - 00071224 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-07-25 23:43 - 2016-07-07 10:03 - 07211925 _____ C:\Windows\system32\nvcoproc.bin
2016-07-25 23:42 - 2016-07-10 19:13 - 00213952 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-07-25 23:42 - 2016-07-10 19:13 - 00203320 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-07-25 23:32 - 2016-07-25 23:33 - 357682568 _____ (NVIDIA Corporation) C:\Users\Sambone\Downloads\368.81-desktop-win8-win7-winvista-64bit-international-whql (1).exe
2016-07-25 23:28 - 2016-07-25 23:29 - 291100304 _____ (NVIDIA Corporation) C:\Users\Sambone\Downloads\368.81-desktop-win8-win7-winvista-32bit-international-whql (1).exe
2016-07-25 23:25 - 2016-07-25 23:25 - 00000000 ____D C:\NVIDIA
2016-07-25 23:23 - 2016-07-25 23:24 - 357682568 _____ (NVIDIA Corporation) C:\Users\Sambone\Downloads\368.81-desktop-win8-win7-winvista-64bit-international-whql.exe
2016-07-25 23:16 - 2016-07-26 11:57 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\NVIDIA
2016-07-25 23:05 - 2016-05-03 19:23 - 00129824 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-07-25 23:05 - 2016-05-03 19:22 - 00130848 _____ C:\Windows\system32\vulkan-1.dll
2016-07-25 23:05 - 2016-05-03 19:22 - 00045344 _____ C:\Windows\system32\vulkaninfo.exe
2016-07-25 23:05 - 2016-05-03 19:22 - 00040224 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-07-25 15:11 - 2016-07-25 15:11 - 00000000 ____D C:\Users\Sambone\Downloads\PBE_Client_Shell (2)
2016-07-25 12:10 - 2016-07-25 12:10 - 00000000 ____D C:\Users\Sambone\Downloads\PBE_Client_Shell
2016-07-24 21:13 - 2016-07-24 21:13 - 00000000 ____D C:\Users\Sambone\AppData\Local\Futuremark_Corporation
2016-07-24 21:12 - 2016-07-24 21:13 - 00000000 ____D C:\Users\Sambone\Documents\PCMark 7
2016-07-24 21:12 - 2016-07-24 21:12 - 00000000 ____D C:\Users\Sambone\AppData\Local\IsolatedStorage
2016-07-24 21:11 - 2016-07-24 21:11 - 00001042 _____ C:\Users\Public\Desktop\PCMark 7.lnk
2016-07-24 21:11 - 2016-07-24 21:11 - 00000000 ____D C:\ProgramData\Futuremark
2016-07-24 21:11 - 2016-07-24 21:11 - 00000000 ____D C:\Program Files (x86)\Futuremark
2016-07-24 21:10 - 2016-07-24 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
2016-07-24 21:10 - 2016-07-24 21:10 - 00000000 ____D C:\Program Files\Futuremark
2016-07-24 21:05 - 2016-07-24 21:07 - 321391880 _____ (Futuremark) C:\Users\Sambone\Downloads\PCMark_7_v140_installer.exe
2016-07-24 14:56 - 2016-07-25 22:52 - 00000000 ____D C:\Users\Sambone\Documents\STAR WARS Battlefront
2016-07-24 14:52 - 2016-07-24 14:52 - 00001316 _____ C:\Users\Public\Desktop\STAR WARS Battlefront.lnk
2016-07-24 14:52 - 2016-07-24 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront
2016-07-24 11:26 - 2016-07-15 11:15 - 01579976 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-07-24 11:26 - 2016-07-15 11:15 - 00214592 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-07-24 11:26 - 2016-07-15 11:15 - 00046016 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-07-24 11:04 - 2016-07-24 11:04 - 00076152 _____ C:\Windows\system32\PnkBstrA.exe
2016-07-24 10:19 - 2016-07-24 10:19 - 00000000 ____D C:\Users\Sambone\AppData\Local\PunkBuster
2016-07-23 21:56 - 2016-07-23 22:01 - 00000000 ____D C:\Users\Sambone\Documents\Battlefield 4
2016-07-23 21:47 - 2016-07-23 21:47 - 00001240 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
2016-07-23 21:45 - 2016-07-26 00:04 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2016-07-23 21:45 - 2016-07-23 21:46 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2016-07-23 15:40 - 2016-07-23 15:43 - 300672000 _____ C:\Users\Sambone\Downloads\PS4UPDATE.PUP
2016-07-22 18:18 - 2016-07-22 18:18 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Middle Earth - Shadow of Mordor
2016-07-22 18:18 - 2016-07-22 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-07-22 15:13 - 2016-07-22 16:17 - 00000000 ____D C:\Users\Sambone\Downloads\[R.G. Mechanics] Middle Earth - Shadow of Mordor
2016-07-21 15:20 - 2016-07-21 15:20 - 00000000 _____ C:\Users\Sambone\Desktop\kled.htm
2016-07-20 19:43 - 2016-07-20 19:43 - 00000000 ____D C:\Users\Sambone\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2016-07-20 19:39 - 2016-07-20 19:39 - 03889464 _____ (Crystal Dew World ) C:\Users\Sambone\Downloads\CrystalDiskInfo7_0_0-en.exe
2016-07-20 19:39 - 2016-07-20 19:39 - 00001204 _____ C:\Users\Sambone\Desktop\CrystalDiskInfo.lnk
2016-07-20 19:39 - 2016-07-20 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2016-07-20 19:39 - 2016-07-20 19:39 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo
2016-07-20 19:37 - 2016-07-20 19:37 - 03802051 _____ C:\Users\Sambone\Downloads\CrystalDiskMark3_0_4Shizuku.zip
2016-07-20 19:36 - 2016-07-20 19:36 - 00000000 ____D C:\Users\Sambone\Documents\OCCT
2016-07-20 19:31 - 2016-07-20 19:31 - 00000971 _____ C:\Users\Sambone\Desktop\OCCT.lnk
2016-07-20 19:31 - 2016-07-20 19:31 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
2016-07-20 19:31 - 2016-07-20 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
2016-07-20 19:31 - 2016-07-20 19:31 - 00000000 ____D C:\Program Files (x86)\OCCTPT
2016-07-20 19:29 - 2016-07-20 19:30 - 06938939 _____ C:\Users\Sambone\Downloads\OCCTPT4.4.2.exe
2016-07-20 19:26 - 2016-07-20 19:27 - 291100304 _____ (NVIDIA Corporation) C:\Users\Sambone\Downloads\368.81-desktop-win8-win7-winvista-32bit-international-whql.exe
2016-07-20 11:33 - 2016-07-20 11:33 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Device Doctor
2016-07-20 11:33 - 2016-07-20 11:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
2016-07-20 11:33 - 2016-07-20 11:33 - 00000000 ____D C:\Program Files (x86)\Device Doctor
2016-07-20 11:32 - 2016-07-20 11:32 - 01481976 _____ (Device Doctor Software Inc. ) C:\Users\Sambone\Downloads\DeviceDoctor_Bundle.exe
2016-07-13 11:55 - 2016-07-13 11:55 - 00001133 _____ C:\Users\Public\Desktop\Overwatch Test.lnk
2016-07-13 11:55 - 2016-07-13 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
2016-07-13 11:31 - 2016-07-21 13:58 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2016-07-12 20:13 - 2016-07-12 20:13 - 00597304 _____ C:\Users\Sambone\Downloads\flux-setup.exe
2016-07-12 20:13 - 2016-07-12 20:13 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-07-12 20:13 - 2016-07-12 20:13 - 00000000 ____D C:\Users\Sambone\AppData\Local\FluxSoftware
2016-07-12 13:08 - 2016-07-12 13:09 - 00000000 ____D C:\Users\Sambone\Downloads\Ori and the Blind Forest [R.G. Catalyst]
2016-07-12 12:55 - 2016-07-12 12:56 - 00000000 ____D C:\Users\Sambone\Downloads\God.Of.War.3.PS3-DUPLEX
2016-07-09 14:44 - 2016-07-09 14:44 - 00000000 ____D C:\Users\Sambone\Downloads\Warcraft.2016.HC.HDRip.XViD.AC3-ETRG
2016-06-30 19:25 - 2016-06-30 19:25 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-06-30 19:25 - 2016-06-30 19:25 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-06-29 16:10 - 2016-06-29 16:10 - 00000000 ____D C:\Users\Sambone\AppData\LocalLow\Sony Online Entertainment
2016-06-29 16:05 - 2016-07-25 23:21 - 00002912 _____ C:\Windows\System32\Tasks\Uninstaller_SkipUac_Sambone
2016-06-29 16:05 - 2016-06-29 16:05 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\ProductData
2016-06-29 16:04 - 2016-06-29 16:04 - 00001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2016-06-29 16:04 - 2016-06-29 16:04 - 00001358 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-06-29 16:04 - 2016-06-29 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-06-29 16:03 - 2016-06-29 16:04 - 13361952 _____ (IObit) C:\Users\Sambone\Downloads\iobituninstaller.exe
2016-06-29 16:00 - 2016-07-22 11:11 - 00000000 ____D C:\ProgramData\ProductData
2016-06-29 16:00 - 2016-06-29 16:00 - 00000000 ____D C:\Windows\IObit
2016-06-29 15:59 - 2016-06-29 18:23 - 00000000 ____D C:\ProgramData\IObit
2016-06-29 15:59 - 2016-06-29 16:11 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-29 15:59 - 2016-06-29 16:07 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\IObit
2016-06-29 15:59 - 2016-06-29 16:04 - 00000000 ____D C:\Users\Sambone\AppData\LocalLow\IObit
2016-06-29 15:59 - 2016-06-29 15:59 - 00027552 _____ (REALiX(tm)) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2016-06-29 15:58 - 2016-06-29 15:59 - 15853632 _____ (IObit ) C:\Users\Sambone\Downloads\driver_booster_setup_cnet.exe
2016-06-29 15:46 - 2016-06-03 00:38 - 01581624 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2016-06-29 15:42 - 2016-06-29 15:42 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-06-29 15:42 - 2016-06-29 15:42 - 00001945 _____ C:\Windows\epplauncher.mif
2016-06-29 15:42 - 2016-06-29 15:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-06-29 15:41 - 2016-06-29 15:41 - 14324408 _____ (Microsoft Corporation) C:\Users\Sambone\Downloads\mseinstall (1).exe
2016-06-29 15:40 - 2016-06-29 15:40 - 11640664 _____ (Microsoft Corporation) C:\Users\Sambone\Downloads\mseinstall.exe
2016-06-29 14:58 - 2016-06-29 14:58 - 01224080 _____ ( ) C:\Users\Sambone\Downloads\hwmonitor_1.29.exe
2016-06-29 14:58 - 2016-06-29 14:58 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-06-29 14:50 - 2016-06-29 14:50 - 00003188 _____ C:\Windows\System32\Tasks\{278A3952-B920-4C94-94E5-134C86B35600}
2016-06-29 14:41 - 2016-06-29 14:41 - 03887328 _____ (Husdawg, LLC) C:\Users\Sambone\Downloads\Detection (1).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-26 14:44 - 2014-05-18 10:33 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\uTorrent
2016-07-26 14:43 - 2014-07-26 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-07-26 14:41 - 2014-05-15 13:26 - 00000000 ____D C:\Users\Sambone
2016-07-26 14:25 - 2016-06-19 20:21 - 00000000 _____ C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
2016-07-26 14:22 - 2015-10-06 23:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-07-26 14:22 - 2014-05-12 13:17 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-07-26 14:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-26 14:21 - 2014-05-12 13:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-07-26 14:18 - 2014-12-27 11:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-26 14:17 - 2014-05-12 13:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-26 14:08 - 2009-07-13 21:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-26 14:08 - 2009-07-13 21:45 - 00028944 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-26 14:02 - 2015-10-06 15:07 - 00000000 ____D C:\ProgramData\Origin
2016-07-26 14:00 - 2013-06-17 10:17 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-26 13:58 - 2016-04-07 10:33 - 00000000 ____D C:\Users\Sambone\AppData\LocalLow\uTorrent
2016-07-26 13:58 - 2016-03-21 13:17 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\PlaysTV
2016-07-26 13:58 - 2014-05-12 13:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-26 13:56 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-26 13:44 - 2014-06-10 15:40 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-07-26 13:09 - 2014-07-23 09:24 - 00000000 ____D C:\Users\Sambone\AppData\Local\Battle.net
2016-07-26 13:07 - 2014-07-23 09:24 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-07-26 11:55 - 2014-10-07 20:50 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA.job
2016-07-25 23:55 - 2014-05-12 13:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-07-25 23:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\Help
2016-07-25 23:37 - 2009-07-13 22:08 - 00032576 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-07-25 22:54 - 2014-05-26 16:24 - 00000000 ____D C:\Users\Sambone\AppData\Local\CrashDumps
2016-07-25 20:55 - 2014-10-07 20:50 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core.job
2016-07-25 20:23 - 2014-05-15 14:18 - 00000000 ____D C:\Program Files (x86)\Steam
2016-07-25 15:06 - 2014-07-28 13:44 - 00000000 ____D C:\Users\Sambone\AppData\Local\Spotify
2016-07-25 12:23 - 2014-07-28 13:44 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Spotify
2016-07-25 12:10 - 2011-04-06 19:26 - 00090112 _____ C:\Users\Sambone\Desktop\pbe.exe
2016-07-24 21:11 - 2014-05-12 12:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-07-24 16:50 - 2015-11-07 17:13 - 00226168 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2016-07-24 14:52 - 2009-07-13 22:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-07-24 11:18 - 2015-10-06 15:16 - 00000000 ____D C:\Program Files (x86)\Origin Games
2016-07-23 21:56 - 2015-10-06 15:14 - 00000000 ____D C:\Users\Sambone\AppData\Local\Origin
2016-07-23 21:47 - 2015-11-07 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
2016-07-23 21:47 - 2015-11-07 17:14 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2016-07-23 21:46 - 2014-08-29 18:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-23 19:58 - 2015-10-06 15:14 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Origin
2016-07-23 19:57 - 2015-10-06 15:07 - 00000000 ____D C:\Program Files (x86)\Origin
2016-07-23 19:06 - 2015-04-09 14:51 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-07-22 20:56 - 2014-05-15 14:20 - 00000000 ____D C:\Program Files (x86)\World of Warcraft Public Test
2016-07-22 18:18 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-07-22 16:26 - 2015-10-10 02:13 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2016-07-22 11:37 - 2014-05-15 13:28 - 00000000 ____D C:\Users\Sambone\AppData\Local\Google
2016-07-21 12:58 - 2016-04-15 09:55 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-07-20 20:43 - 2016-05-14 16:01 - 00000000 ____D C:\Fraps
2016-07-20 19:31 - 2014-05-18 11:47 - 00000000 ___HD C:\Windows\msdownld.tmp
2016-07-20 19:31 - 2014-05-18 11:47 - 00000000 ____D C:\Windows\SysWOW64\directx
2016-07-13 11:30 - 2014-08-20 16:54 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2016-07-12 22:00 - 2014-05-15 14:42 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\Skype
2016-07-10 19:13 - 2015-04-17 11:30 - 19220352 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 16790552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 14371384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 09020656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 08615336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 03840096 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 03393576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-07-10 19:13 - 2015-04-17 11:30 - 00039124 _____ C:\Windows\system32\nvinfo.pb
2016-07-06 17:39 - 2010-11-20 20:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-30 19:25 - 2014-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Google
2016-06-29 17:10 - 2015-11-12 10:55 - 00000000 ____D C:\Program Files (x86)\baidu
2016-06-29 16:10 - 2015-10-06 23:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront Beta
2016-06-29 16:09 - 2015-12-21 01:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2016-06-29 15:42 - 2014-05-18 19:39 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-06-29 15:28 - 2016-05-15 11:29 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-06-29 15:13 - 2014-05-15 14:08 - 00000000 ____D C:\Riot Games
2016-06-29 15:12 - 2015-10-10 03:05 - 00000000 ____D C:\Users\Sambone\AppData\Local\SKIDROW
2016-06-29 15:11 - 2015-10-24 03:14 - 00000000 ____D C:\Games
2016-06-29 15:11 - 2014-09-19 12:05 - 00000000 ____D C:\Users\Sambone\AppData\Local\Glyph
2016-06-29 15:10 - 2014-05-18 11:48 - 00000000 ____D C:\Users\Sambone\Documents\My Games
2016-06-29 14:56 - 2015-02-24 23:44 - 00007597 _____ C:\Users\Sambone\AppData\Local\Resmon.ResmonCfg

==================== Files in the root of some directories =======

2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\1eQ772tSssuvdlKFwNwJCiresrK
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\8rAKqhI1z48LkzA1WEzfRa
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\9JTm1ZjzU33938K4jwcz8Ca
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\CfbNsuvmntfrcUGi
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnX
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\tDPRZCgZ8WaZeCaNXn6LrRssF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\Wi2CZNmYTcHbg8b
2015-02-24 23:44 - 2016-06-29 14:56 - 0007597 _____ () C:\Users\Sambone\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
C:\Users\Sambone\AppData\Local\Temp\mpam-98ad3a1.exe
C:\Users\Sambone\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Sambone\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Sambone\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Sambone\AppData\Local\Temp\nvStInst.exe
C:\Users\Sambone\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sambone\AppData\Local\Temp\sonarinst.exe
C:\Users\Sambone\AppData\Local\Temp\Uninstaller-5708.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-20 14:44

==================== End of FRST.txt ============================

Share this post


Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by Sambone (2016-07-26 14:46:02)
Running from C:\Users\Sambone\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-05-15 20:26:32)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2847832888-1738266169-4025173231-500 - Administrator - Disabled)
Guest (S-1-5-21-2847832888-1738266169-4025173231-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2847832888-1738266169-4025173231-1002 - Limited - Enabled)
Sambone (S-1-5-21-2847832888-1738266169-4025173231-1000 - Administrator - Enabled) => C:\Users\Sambone

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\uTorrent) (Version: 3.4.7.42330 - BitTorrent Inc.)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Ansel (Version: 368.81 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BitRaider Streaming Client (HKLM-x32\...\BitRaider Streaming Client) (Version: 1.3.3.4098 - BitRaider, LLC)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.29 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
CrystalDiskInfo 7.0.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.0.0 - Crystal Dew World)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Device Doctor v3.1 (HKLM-x32\...\Device Doctor_is1) (Version: 3.1 - Device Doctor Software Inc.)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.8.0.18 - DivX, LLC)
Enter the Gungeon (HKLM\...\Steam App 311690) (Version:  - Dodge Roll)
Epic Games Launcher (HKLM-x32\...\{4620A9CA-A0D7-4F15-BA89-4545B5372345}) (Version: 1.1.60.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
f.lux (HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout 4 (HKLM-x32\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.15.0 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.106 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
InputMapper (HKLM-x32\...\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}) (Version: 1.5.31.0 - DSDCS)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.4.0.119 - IObit)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 101 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
Launcher Prerequisites (x64) (x32 Version: 1.0.0.0 - Epic Games, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version:  - Valve)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software 8.58 (HKLM\...\Logitech Gaming Software) (Version: 8.58.183 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.163.2 - McAfee, Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4841.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Middle Earth - Shadow of Mordor (HKLM-x32\...\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Mozilla Firefox 37.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 en-US)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Mumble 1.2.8 (HKLM-x32\...\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}) (Version: 1.2.8 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 368.81 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 368.81 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 368.81 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.15 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
OCCT 4.4.2 (HKLM-x32\...\OCCT) (Version: 4.4.2 - Ocbase.com)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4833.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4841.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
Overwatch Test (HKLM-x32\...\Overwatch Test) (Version:  - Blizzard Entertainment)
PCMark 7 (HKLM-x32\...\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}) (Version: 1.4.0 - Futuremark)
PlanetSide 2 (HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\DGC-PlanetSide 2) (Version: 1.0.3.191 - Daybreak Game Company)
PlaysTV (HKLM-x32\...\PlaysTV) (Version: 1.12.4-r114636-release - Plays.tv, LLC)
Potplayer-64 Bits (HKLM\...\PotPlayer64) (Version:  - Kakao Corp.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
RaidCall (HKLM-x32\...\RaidCall) (Version: 7.3.6-1.0.12972.94 - raidcall.com)
Razer Surround (HKLM-x32\...\Razer Surround) (Version: 1.05.19 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.20.15.29263 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.92.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version:  - Volition)
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Spotify) (Version: 1.0.33.106.g60b5d1f0 - Spotify AB)
Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 8.0.0.28 - Bioware/EA)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
STAR WARS™ Battlefront™ (HKLM-x32\...\{E402D891-4E45-4ce9-B41F-DD35864EF170}) (Version: 1.0.5.56688 - Electronic Arts)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
System Requirements Lab CYRI (HKLM-x32\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
System Requirements Lab Detection (HKLM-x32\...\{F2AC2743-7D6D-48A8-9F8C-0876FDC5C58B}) (Version: 6.1.6.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
The Culling (HKLM-x32\...\Steam App 437220) (Version:  - Xaviant)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
VGA Boost (HKLM-x32\...\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1) (Version: 1.0.0.7 - MSI)
Vulkan Run Time Libraries 1.0.11.1 (HKLM\...\VulkanRT1.0.11.1-2) (Version: 1.0.11.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.11.1 (Version: 1.0.11.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft Beta (HKLM-x32\...\World of Warcraft Beta) (Version:  - Blizzard Entertainment)
World of Warcraft Classic (HKLM-x32\...\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1) (Version: 1.12.1.5875 - Blizzard Entertainment)
World of Warcraft Public Test (HKLM-x32\...\World of Warcraft Public Test) (Version:  - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04701652-9D78-4721-BA9F-C2B09BEAD714} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
Task: {06D9DD6B-34A4-4BCA-BB67-AC14E2B20FCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0830916F-F1B2-4E92-B902-B21F4882BBB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1AF09285-58B8-4034-81B5-890C5CFBAE50} - System32\Tasks\{6FEF0ED7-D904-41B8-9CE6-5D7D54ABDF90} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {23562593-2E8D-433C-8032-E86BFF783C29} - System32\Tasks\{2DF1622A-D1E5-41BF-B53C-F4062EEF80E5} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
Task: {3D98C458-22C6-4BF6-82CF-1F02071A959C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {4C2CAB56-6E84-4E9C-9C8C-C37702ABB39F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-07] (Facebook Inc.)
Task: {50927979-D8A0-4940-B759-078355CA8AC7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6B995526-1943-4A49-B7EA-B748E25D830F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-06-14] (Microsoft Corporation)
Task: {7EFBC4CE-A2EC-40C6-8078-22EA72B02744} - System32\Tasks\{278A3952-B920-4C94-94E5-134C86B35600} => pcalua.exe -a "C:\Program Files (x86)\BlackDesertOnlineCBT1\Black Desert Online Launcher.exe" -c /uninstall
Task: {7FF4620C-0BDD-45A9-9781-842D837EE3BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-07] (Facebook Inc.)
Task: {8725BBC5-D94C-4E41-A1C7-C50A4F98605B} - System32\Tasks\Uninstaller_SkipUac_Sambone => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-01] (IObit)
Task: {9556329A-BF4C-4EBC-AB0B-A12E89EEB703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {AD52B37C-52D9-4C70-941E-281F57C15CDC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B5CFB873-62FC-4F2B-BC01-F92D4F3BDD3B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core.job => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA.job => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GqSoeYrk5fnXwEWpc7MtD.job => C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD.exe <==== ATTENTION

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Sambone\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\2\Blizzard Technical Support.lnk -> hxxp://us.blizzard.com/support/
Shortcut: C:\Users\Sambone\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\1\Account Billing.lnk -> hxxp://signup.worldofwarcraft.com/
Shortcut: C:\Users\Sambone\AppData\Local\Microsoft\Windows\GameExplorer\{21C35C68-A6C5-4A75-8FFD-DB503CE6F67B}\SupportTasks\0\Mists of Pandaria - Manual.lnk -> hxxp://enus.nydus.battle.net/wow/enUS/installer/manual

==================== Loaded Modules (Whitelisted) ==============

2016-07-26 13:42 - 2016-05-24 09:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 06:45 - 2015-10-13 06:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-09 09:30 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 00367552 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\libprotobuf.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 03611584 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
2016-03-18 15:57 - 2016-06-14 13:03 - 00288192 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2016-07-24 11:04 - 2016-07-24 11:04 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-11-04 16:11 - 2015-11-04 16:12 - 00188072 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-05-05 10:38 - 2016-06-14 13:03 - 02665920 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvMdnsPlugin.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 01988544 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\NvPortForwardPlugin.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 01840576 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Plugins\NSS\RtspPlugin.dll
2016-03-18 15:57 - 2016-06-14 13:03 - 00207296 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\RtspServer.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 00034240 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_system-vc120-mt-1_58.dll
2016-05-05 10:38 - 2016-06-14 13:03 - 00920000 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\boost_regex-vc120-mt-1_58.dll
2016-07-25 23:43 - 2016-07-10 16:17 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-12 13:17 - 2016-07-06 18:01 - 31541952 _____ () C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\PepperFlash\22.0.0.209\pepflashplayer.dll
2015-10-06 23:16 - 2016-06-14 13:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00028160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\servicemanager.pyd
2015-11-24 13:46 - 2015-11-24 13:46 - 00110592 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pywintypes26.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00041472 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32service.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00096256 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32api.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00356864 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_hashlib.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00017920 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32event.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00019968 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32evtlog.pyd
2015-11-24 13:48 - 2015-11-24 13:48 - 00036352 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32process.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00043008 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_socket.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00805376 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ssl.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00087040 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_ctypes.pyd
2015-11-24 13:46 - 2015-11-24 13:46 - 00354304 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\pythoncom26.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00167936 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32gui.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 01980928 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtGui.pyd
2015-12-07 13:57 - 2015-12-07 13:57 - 00077824 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sip.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 01862144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtCore.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00516608 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtNetwork.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 04060160 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWidgets.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00010240 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\select.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00044544 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\_sqlite3.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00387072 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\sqlite3.dll
2015-10-21 13:29 - 2015-10-21 13:29 - 00113171 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlc.dll
2015-10-21 13:29 - 2015-10-21 13:29 - 02396691 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\libvlccore.dll
2015-11-24 13:48 - 2015-11-24 13:48 - 00111104 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32file.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00216064 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKitWidgets.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00118784 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWebKit.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00199680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtPrintSupport.pyd
2015-11-24 13:47 - 2015-11-24 13:47 - 00263168 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\win32com.shell.shell.pyd
2015-11-24 13:43 - 2015-11-24 13:43 - 00583680 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\unicodedata.pyd
2015-10-21 13:29 - 2015-10-21 13:29 - 00027667 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libdirectsound_plugin.dll
2015-10-21 13:29 - 2015-10-21 13:29 - 00031251 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\audio_output\libwaveout_plugin.dll
2015-10-21 13:29 - 2015-10-21 13:29 - 00066579 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\plugins\video_output\libdirectdraw_plugin.dll
2016-07-20 17:08 - 2016-07-20 17:08 - 02619144 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\ltc_host_ex.DLL
2015-11-24 13:47 - 2015-11-24 13:47 - 00089600 _____ () C:\Program Files (x86)\Raptr Inc\PlaysTV\PyQt5.QtWinExtras.pyd
2016-06-29 16:04 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-06-29 16:04 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-06-29 16:04 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-06-30 20:40 - 2016-06-30 20:40 - 00268800 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NVIDIA.UpdateService\c50375ee0d61e55eb497210f92989b7f\NVIDIA.UpdateService.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00140800 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NVIDIA.Settings\d2d9efbf4dfd579f23d0808066a51ad3\NVIDIA.Settings.ni.dll
2016-04-11 16:27 - 2016-04-11 16:27 - 00785408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI\9ad52bd33264db3ad61286d39e14b380\ReactiveUI.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00040960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NVIDIA.Settdff9733c#\11a26c5db15f43d6fd2df83d507d5f9f\NVIDIA.Settings.Properties.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00280576 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\NVIDIA.Win32Api\d6222649f1787224339f030965975ba2\NVIDIA.Win32Api.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00295936 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\GFExperience95b16d9#\f9b3b67916836858098dfa7fbdc7839c\GFExperience.WebService.ni.dll
2016-04-11 16:28 - 2016-04-11 16:28 - 01017856 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\1849f56ed55986a8279618c07c3c065e\System.ComponentModel.Composition.ni.dll
2016-04-11 16:28 - 2016-04-11 16:28 - 00306176 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\ReactiveUI.Xaml\49a98440250bebdd828c0c37d4281253\ReactiveUI.Xaml.ni.dll
2016-04-11 16:28 - 2016-04-11 16:28 - 00146944 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp7dda8007#\6fb28e73c6ccfc9759510a1b3cb5acae\System.ComponentModel.Composition.Registration.ni.dll
2016-04-11 16:28 - 2016-04-11 16:28 - 00190976 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Reflc3377498#\bfd8b20f8191f0685bd99b01d1e86d15\System.Reflection.Context.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00178688 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Touchstone.b3560170#\d406145186cbb083ebc1fa99a2f20297\Touchstone.ExternalAuthentication.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00128000 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Nvidia.Gameb4c2a2f9#\d6db2ff5c2709181d2fdef05e62c37ac\Nvidia.GameServices.Contracts.ni.dll
2016-04-11 16:27 - 2016-04-11 16:27 - 04079104 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\MsgPack\e509cf4a8a2f3b1f1b3c39a145a112ec\MsgPack.ni.dll
2016-06-30 20:40 - 2016-06-30 20:40 - 00593408 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Nvidia.GameServices\4111def2244a54614b0c2aac4e206aa0\Nvidia.GameServices.ni.dll
2016-05-05 10:38 - 2016-06-14 13:02 - 01917888 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\Nvidia.GameServices.dll
2016-05-05 10:38 - 2016-06-14 13:02 - 00031680 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\boost_system-vc120-mt-1_58.dll
2016-05-05 10:38 - 2016-06-14 13:02 - 00749504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\boost_regex-vc120-mt-1_58.dll
2016-05-05 10:38 - 2016-06-14 13:02 - 00015808 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\icudt53.dll
2015-10-06 15:13 - 2016-07-23 19:57 - 01016832 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00028160 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00029696 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00256000 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00346112 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
2015-10-06 15:13 - 2016-07-23 19:56 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
2015-10-06 15:13 - 2016-07-23 19:57 - 00243200 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-11-09 01:32 - 00000854 ____A C:\Windows\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: HiPatchService => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: ISCTAgent => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MSI_Trigger_Service => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: plsapp => 2
MSCONFIG\Services: PlsvcV1 => 2
MSCONFIG\Services: PlsvcV2 => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ISCTSystray.lnk => C:\Windows\pss\ISCTSystray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sambone^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: Facebook Update => "C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: GoogleChromeAutoLaunch_057DB5F917DE23991EB93D0512613AB4 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Launch LCore => C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
MSCONFIG\startupreg: MBCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: OneDrive => "C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
MSCONFIG\startupreg: PlaysTV => "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup
MSCONFIG\startupreg: PureLeads Tray => "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"
MSCONFIG\startupreg: RaidCall => C:\Program Files (x86)\RaidCall\raidcall.exe
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: Search Protection => "C:\Users\Sambone\AppData\Roaming\Search Protection\SP.EXE" /autostart
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Sound Blaster Cinema => "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
MSCONFIG\startupreg: Spotify => "C:\Users\Sambone\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: UpdReg => C:\Windows\UpdReg.EXE
MSCONFIG\startupreg: USB3MON => "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
MSCONFIG\startupreg: uTorrent => "C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00C6F89E-1A0C-4B25-8558-C4EA86A65440}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E7807964-8CDA-491E-AF91-5CC58BF2C503}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{706A95E7-83C4-4C78-A4DB-6CCF91EE9C17}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{23ADA3F1-41DE-40E1-9366-1F5CDAC8919B}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{8D126557-5568-4334-A10C-DEF895414415}C:\program files (x86)\hearthstone\hearthstone.exe] => (Block) C:\program files (x86)\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{D4E40978-3110-420F-B9EA-E0292C0BE257}C:\users\sambone\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sambone\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{54B1DE12-F6A1-4984-80E1-963F68FDD92A}C:\users\sambone\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sambone\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{9969EC0A-156E-4561-82BE-FA057F8DD445}C:\users\sambone\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sambone\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{312E5A86-0FE9-4B59-BD28-69F2C6063469}C:\users\sambone\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\sambone\appdata\roaming\spotify\spotify.exe
FirewallRules: [{007D3D0B-D9D2-4B49-ADCC-1CDFCBD5BD44}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{049F40BF-5077-4568-A62B-96A2A5BE9FB5}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{F8CD52E4-0A22-4F1D-B30E-2EDE36CCB3CF}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{A6EB1629-BC93-43D5-AA16-3F3F1D043D29}] => (Allow) C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{EBDAAB0A-C7B1-4692-914C-AFFD189D34D8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E71102F9-65E3-40E5-AE9D-AB9BD4B2A4D5}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{62E69404-017C-4FBE-B010-553A2EBFFE9F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20E024B4-9D06-46FC-B952-8F4083523E24}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{48169BF2-256F-4251-ADA6-75D5549F9998}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{44AC5B41-B3C5-495A-A0A8-5E4D12D92F17}] => (Allow) C:\Program Files (x86)\StarCraft II\StarCraft II.exe
FirewallRules: [{41E15F21-C2CF-4510-8643-65691A03C4B0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{81856CC8-966D-4D8A-978F-FD03AF8A095F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{66CAFA4B-D4C8-4410-B7F8-E770D57E2D0F}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{99A8A08F-D63C-4E98-91C8-8BA59FDACFCF}] => (Allow) C:\Program Files\Logitech Gaming Software\LCore.exe
FirewallRules: [{BB9A078E-36F8-45C6-8AD2-38054037DC87}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{BFDD0AF4-5D3D-4E47-9AE5-9D18166C4AB2}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{6944EAC0-21B7-4380-A203-B1FBF4EC156F}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{1592719F-7725-4E31-B302-EFCACDA4AE53}] => (Allow) C:\Program Files (x86)\Electronic Arts\BioWare\Star Wars - The Old Republic\launcher.exe
FirewallRules: [{D2773160-5F31-4601-812B-CD2F3F3396CE}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9158DFB5-BECC-4C8B-B13C-27C4E5C8DEA6}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{407507F2-98B7-46C4-9911-61926D6E0742}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{766018DD-B63F-4EB6-AB2B-008AEBB68BFF}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F91264D6-7BCB-4A68-BF98-800A9A3E8690}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5636DD1C-E783-46F5-B08C-278BF1FB99C9}] => (Allow) C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{8FF6D688-C4C4-4C72-B99B-D9CE8FE08434}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C2F6E5F7-9879-48E5-AF07-562D8AA856CF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D1DBDD72-E734-4C57-BC3A-791F0AB80697}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{3983AD67-416C-409C-8D90-6B838026C2B4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{4D6D686C-8005-4A86-9D73-38541E6333C5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{F108FD4B-6E31-4951-A606-E3EA07627712}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{69500B7B-FCFC-41CC-AA07-1B213A11146C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C95F3571-0D7A-4857-9DF8-394EAEC932B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{BD6D215E-375B-42E0-814C-EF94CE7955F8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\left 4 dead\left4dead.exe
FirewallRules: [{2EF0DA45-0008-4F8B-BE00-462DCA131456}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{A4990FFF-E5D1-455A-8B24-60BB69072B2C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{7684B419-2D2F-4AFC-8D86-D139965D0B65}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{640F481D-D6F7-4EC6-9202-7CD1B9EB3C99}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{F2577856-34A6-4ED8-8AFD-B170863756C3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{165D6CCD-F064-4539-B065-A529C5C0BAB9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{52FF5322-8E60-4303-8996-BA2D947FE78F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{42F1BFA4-58AB-408C-9675-6598F00E6262}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39D05A69-691B-4CBF-94AB-C8DD4D6F6B28}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{D8FD8218-13E3-4A91-91DA-65AEB9C7ADBC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{38F8FB3F-2B6D-4437-84DA-CDCEF8946C5B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\rf4_launcher.exe
FirewallRules: [{2521D36B-860A-4A45-9E7C-CC9A8DA1990A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{F4B1BB28-9092-4871-8A95-2F46840B7F35}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\RedFactionArmageddon.exe
FirewallRules: [{DD665BC6-05DF-4B8E-B008-E4151A455982}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{7B7E401F-B483-453A-99DD-A811F66D8DB4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\red faction armageddon\RedFactionArmageddon_DX11.exe
FirewallRules: [{B687B820-8BD9-43F8-8783-1E86ABB45A4A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{9B081AA3-A1FC-406E-BF94-A5D28FFA2089}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{8AD89669-C2D1-4524-852C-2EAB8D8D468A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{E298CA93-4BF4-480C-952A-DA2AF8A7680B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\TheCulling\TheCulling_Launcher.exe
FirewallRules: [{0686EC1E-D73F-46C2-84FA-CED73C1D672D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [{2B6CC068-AF7B-4450-A6A7-E5223B842EBD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Enter the Gungeon\EtG.exe
FirewallRules: [TCP Query User{1B747E69-A9D0-4490-A21A-FD44615EDC4B}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C4B06F99-BA77-4D7B-AC71-84E3B7F2D162}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{80E86682-9CBC-434B-8C11-02684EE66297}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{42FB2C75-CBA5-4354-BFB2-C1A9E0075D19}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{6B3C2E88-F7D0-4078-8982-4F8CA95A15FC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{A2E17D52-3336-4DEB-BA47-31A71B4B6D81}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{48214268-B511-4497-BB9F-06DDD833C5F7}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{BDEA76ED-37C6-464A-B902-1A1A0C19C3EB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9602290C-A959-474E-9D31-8238DEF3EB14}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{13DC4BA8-B6B9-4717-8BE1-14E385848132}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{78F5F257-29D1-43E4-A9D3-01910494585D}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{88CAF2F9-F1F8-4D08-9B04-05265A31284F}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{20F537BE-33CD-4732-91B9-492B53004011}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{EF420DEE-A76F-40DE-A66D-09E1DDB98502}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{DC7B0AE8-EC1F-4E4F-BD01-B62B516C6A43}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
FirewallRules: [{7DBA86D6-2C59-4671-ABAC-ADF07E488A3F}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
FirewallRules: [{495AF9C3-2810-452A-8C14-AE5298A90998}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe

==================== Restore Points =========================

24-07-2016 14:51:54 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
24-07-2016 19:00:09 Windows Backup
24-07-2016 21:09:15 Installed PCMark 7
25-07-2016 12:04:38 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2016 01:59:45 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Office 15 Click-to-Run Localization Component -- Error 1704. An installation for Office 15 Click-to-Run Licensing Component is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?

Error: (07/26/2016 01:58:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2016 01:48:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/26/2016 01:27:54 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 11:48:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program GFExperience.exe version 2.11.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1114

Start Time: 01d1e709665bd455

Termination Time: 27

Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe

Report Id: e8fe55fe-52fc-11e6-9408-448a5b877319

Error: (07/25/2016 11:46:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 11:39:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 11:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 11:10:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/25/2016 10:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: starwarsbattlefronttrial.exe, version: 1.0.5.56688, time stamp: 0x5784bcde
Faulting module name: ltc_game64-114622.dll_unloaded, version: 0.0.0.0, time stamp: 0x57901209
Exception code: 0xc0000005
Fault offset: 0x000007fee9e036b0
Faulting process id: 0x468
Faulting application start time: 0xstarwarsbattlefronttrial.exe0
Faulting application path: starwarsbattlefronttrial.exe1
Faulting module path: starwarsbattlefronttrial.exe2
Report Id: starwarsbattlefronttrial.exe3


System errors:
=============
Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Network List Service service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50 = The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Diagnostic Service Host service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50 = The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Microsoft Network Inspection service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The NisSrv service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: 
%%50 = The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Server service failed to start due to the following error: 
%%1115 = A system shutdown is in progress.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: 
%%1115 = A system shutdown is in progress.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Distributed Link Tracking Client service failed to start due to the following error: 
%%1115 = A system shutdown is in progress.


Error: (07/26/2016 01:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Image Acquisition (WIA) service failed to start due to the following error: 
%%1069 = The service did not start due to a logon failure.

CodeIntegrity:
===================================
  Date: 2015-11-12 10:13:06.673
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:13:06.650
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:59.252
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:57.286
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:57.256
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:56.813
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:56.761
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:56.701
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:56.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-11-12 10:12:48.339
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Sound+\SoundP.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 46%
Total physical RAM: 8127.28 MB
Available physical RAM: 4352.1 MB
Total Virtual: 16252.75 MB
Available Virtual: 12041.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931 GB) (Free:303.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Share this post


Link to post
Share on other sites

Hello :)

 

you're infected

 

Disable Windows Defender & Antivirus Prior To Running This Tool!!

Save Ads Fix to your desktop. downloaded from this link => https://toolslib.net/downloads/viewdownload/20-adsfix/

 

AdsFix1-1.png

 

 

Right Click & Run As Administrator.

You will then be prompted to install Certificates. read the instructions

Install then click OK.

Right Click & Run As Administrator Again.

Click Options then select Unlock the deletion.

Then click on clean.

Let the tool work and don't use the computer while scanning

Post the log created named AdsFix_date_hour.txt which will appear on your desktop after the reboot

 

Kris and vger like this

Share this post


Link to post
Share on other sites

---------- | AdsFix | g3n-h@ckm@n | 3_26.07.2016.3

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 15:30:03 - 26/07/2016

update on : 26/07/2016 | 21.20 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Sambone\Downloads\adsfix_3_26.07.2016.3.exe
Boot: Normal boot
[Sambone (Administrator)] - [SAMBONE-PC] -  (United States [0409])
SID = S-1-5-21-2847832888-1738266169-4025173231-1000 || [53616d626f6e65205e5e]
PC : MSI - Z87-G41 PC Mate(MS-7850) - To be filled by O.E.M.
Processor : X64 - 3400 - Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Bios : American Megatrends Inc. - 02/19/2014 - V.V1.6B3
CoreTemp : 29.8 C


System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8322 | Free (MB) : 6123
Pagefile = Total (MB) : 16643 | Free (MB) : 14201
Virtual = Total (MB) : 4194 | Free (MB) : 3960

C:\ -> [Fixed] | [] | Total : 931 Go | Free : 293.59 Go -> NTFS [SATA]

Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [26.07.2016 @ 15_30_01]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-03-18 23:55:05
Last downloaded : 2016-07-01 02:12:03
Last installation : 2016-07-01 01:35:24

---------- | Browsers

IE : 11.0.9600.17728     (© Microsoft Corporation. All rights reserved.)
FF : 37.0.1.5570     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 51.0.2704.106     (Copyright 2015 Google Inc. All rights reserved.)

---------- | Security (atcav : 3)

AV : Microsoft Security Essentials Disabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   (2.3.173.0)     [Update : 15/05/2016 11:29:34]
FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 21.0.0.242
Plugin : 19.0.0.226

---------- | Killed processes

1520 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe
1756 | [Owner : Sambone |Parent : 696(services.exe)] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
1932 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.34) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1220 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe
1416 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
1500 | [Owner : NETWORK SERVICE |Parent : 696(services.exe)] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
1900 | [Owner : Sambone |Parent : 2044()] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.6.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
2016 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4841.1001) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
2128 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.4.0) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
2264 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
2380 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
2736 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Plays.tv, LLC - Plays.tv Service.) - (1.0.0.0) = C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
2436 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.-.) - (0.0.0.0) = C:\Windows\System32\PnkBstrA.exe
2480 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.- GameScannerService.) - (1.0.6.2673) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2632 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.A-Volute - RazerSurround VAD Streaming Service.) - (1.1.61.0) = C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
2872 | [Owner : NETWORK SERVICE |Parent : 696(services.exe)] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
3832 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.Microsoft Corporation - XBoxStat.exe.) - (1.20.146.0) = C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
3840 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.9.218.0) = C:\Program Files\Microsoft Security Client\msseces.exe
3948 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.33.106) = C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe
3492 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.BitTorrent Inc. - µTorrent.) - (3.4.7.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe
1560 | [Owner : NETWORK SERVICE |Parent : 696(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4100 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.Flux Software LLC - f.lux.) - (3.10.0.1) = C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe
4556 | [Owner : Sambone |Parent : 4232()] - (.Plays.tv, LLC - Plays.tv Video Recorder by Raptr.) - (1.12.4.0) = C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe
4764 | [Owner : Sambone |Parent : 3492(uTorrent.exe)] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
3796 | [Owner : Sambone |Parent : 3492(uTorrent.exe)] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe
4372 | [Owner : Sambone |Parent : 2972()] - (.IObit - IObit Uninstaller 5 UninstallMontior.) - (5.2.0.30) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
5652 | [Owner : Sambone |Parent : 4556(playstv.exe)] - (.Raptr Inc. - Elevation Proxy.) - (1.0.0.1) = C:\PROGRA~2\RAPTRI~1\PlaysTV\plays_ep64.exe
5816 | [Owner : Sambone |Parent : 1824(explorer.exe)] - (.Electronic Arts - Origin.) - (9.12.2.60376) = C:\Program Files (x86)\Origin\Origin.exe
5756 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Electronic Arts - OriginClientService.) - (9.12.2.60376) = C:\Program Files (x86)\Origin\OriginClientService.exe
4656 | [Owner : SYSTEM |Parent : 2380()] - (.NVIDIA Corporation - NVIDIA Streamer User Agent.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
5264 | [Owner : SYSTEM |Parent : 596(csrss.exe)] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18798) = C:\Windows\System32\conhost.exe
4924 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 368.81.) - (8.17.13.6881) = C:\Windows\System32\nvvsvc.exe
3984 | [Owner : SYSTEM |Parent : 4924(nvvsvc.exe)] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
5840 | [Owner : Sambone |Parent : 3984(nvxdsync.exe)] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4880 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.6881) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
---------- | AdsFix | g3n-h@ckm@n | 3_26.07.2016.3

----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 15:31:01 - 26/07/2016

update on : 26/07/2016 | 21.20 by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFixAntiAdware
C:\Users\Sambone\Downloads\adsfix_3_26.07.2016.3.exe
Boot: Normal boot
[Sambone (Administrator)] - [SAMBONE-PC] -  (US [0409])
SID = S-1-5-21-2847832888-1738266169-4025173231-1000 || [53616d626f6e65205e5e]
PC : MSI - Z87-G41 PC Mate(MS-7850) - To be filled by O.E.M.
Processor : X64 - 3400 - Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
Bios : American Megatrends Inc. - 02/19/2014 - V.V1.6B3
CoreTemp : 29.8 C


System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 8322 | Free (MB) : 6674
Pagefile = Total (MB) : 16643 | Free (MB) : 15094
Virtual = Total (MB) : 4194 | Free (MB) : 3999

C:\ -> [Fixed] | [] | Total : 931 Go | Free : 293.5 Go -> NTFS [SATA]

Registry saved, to restore :  Click on Options & Restore the register (C:\AdsFix\Save\Registry [26.07.2016 @ 15_30_59]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

---------- | Windows Updates

Last detection : 2016-03-18 23:55:05
Last downloaded : 2016-07-01 02:12:03
Last installation : 2016-07-01 01:35:24

---------- | Browsers

IE : 11.0.9600.17728     (© Microsoft Corporation. All rights reserved.)
FF : 37.0.1.5570     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 51.0.2704.106     (Copyright 2015 Google Inc. All rights reserved.)

---------- | Security (atcav : 0)

AV : Microsoft Security Essentials Disabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   (2.3.173.0)     [Update : 15/05/2016 11:29:34]
FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Started
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started

---------- | FlashPlayer

ActiveX : 21.0.0.242
Plugin : 19.0.0.226

---------- | Killed processes

1452 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4841.1001) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
5348 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.A-Volute - RazerSurround VAD Streaming Service.) - (1.1.61.0) = C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
5676 | [Owner : SYSTEM |Parent : 696(services.exe)] - (.- GameScannerService.) - (1.0.6.2673) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
5904 | [Owner : NETWORK SERVICE |Parent : 696(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

---------- | Tasks

Deleted successfully : Uninstaller_SkipUac_Sambone


---------- | Services


---------- | AppCertDlls | AppInit_DLLs


---------- | DNSapi.dll

C:\Windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts

---------- | Hosts


---------- | SafeBoot


---------- | Winsock


---------- | DNS


---------- | Register

Deleted successfully : HKLM\SOFTWARE\Classes\.sc2save : Blizzard.SC2Save     
Deleted successfully : HKLM\SOFTWARE\Classes\PlaysTV : URL:playstv protocol     "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" "%1"
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\protector_dll.DLL
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\SoftwareUpdate.exe
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{6A070EEA-E3F8-411E-9D3A-F3814ED6D1A8} : SoftwareUpdateApp
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} : protector_dll
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4f77-802C-5B295919C205} : PCProxy
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\AppID\SoftwareUpdateAdmin.DLL
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ads.revjet.com
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\DOMStorage\revjet.com
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{A9345A7F-B62E-4F8E-A91D-5728B8C83F63} : C:\Users\Sambone\AppData\Roaming\RHEng\BF401CD388844173B8B0BF05148B1CDF\dhh2782.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib\{AE1250CD-F527-4B55-BE4A-5CC211216C49} : C:\Windows\system32\RtlCPAPI64.dll
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{68C93223-1B9E-4BBC-9F32-AD4928C0ECAB} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP111
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{68C93223-1B9E-4BBC-9F32-AD4928C0ECAB} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP111
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{A24F60F4-39B8-461D-9DDB-DF42E7225ED7} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{A24F60F4-39B8-461D-9DDB-DF42E7225ED7} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{AA1F512C-85D2-4A68-9DC9-BD3B10E625BA} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP114
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{AA1F512C-85D2-4A68-9DC9-BD3B10E625BA} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP114
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{B8F5B4C2-444B-474C-B795-134A5D0239FB} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP110
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface\{B8F5B4C2-444B-474C-B795-134A5D0239FB} : {AE1250CD-F527-4B55-BE4A-5CC211216C49} # IRtlCP110
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Latency Optimizer_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Latency Optimizer_RASMANCS
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASAPI32
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PureLeads_RASMANCS
Deleted successfully : [HKU\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe]
Deleted successfully : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Users\Sambone\Downloads\playstv_installer.exe]
Deleted successfully : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]~[C:\Users\Sambone\AppData\Local\Temp\ICSW1.22\ICSW1.22_0I0O1S1L2Z0F0S1V0D0B1.22.exe]
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\ICSW1.22
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\ProductSetup
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Systweak
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\PureLeads
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Badosoft
Deleted successfully : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} : 1
Deleted successfully : HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} : 1
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158D6D9E3FE81fa428925F22ACB3A965 : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\Updater\Shutdown\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15E6C514FEFC09f45BAFAAE1D7546ED4 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\VersionCompareDigits
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DB42320A8525634AA089F0BEC86473B : C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22468B0D6050b2e46B9C4B67A8F59577 : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\PlatformVersion
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2251BF05A2F606d43BB064BD63CBD87E : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\InvokePath
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\235CDDD4FAA2BCE4C9E578A53866F91E : C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\tbnhlpr_x64.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3255D95681398614190EDF0A4F3F77DB : 02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ApnTBMon
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CDF313E9B28c944FBC7579CF4949414 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\754590DD06DE8d249B526503432F99D4 : C:\Program Files (x86)\AskPartnerNetwork\Toolbar\UpdateManager.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8036C72171EF4ba46856BF57969F6A36 : 01:\SOFTWARE\AskPartnerNetwork\Toolbar\Updater\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89BB7852687BDC34B9A81E01C7FF9173 : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\shared\TotalTBEverLanded
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CBC85D72B148084ABE8C2F072F781F4 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\CheckInterval
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CC5A38A64D6098468BC8395BA0EFF03 : C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8DF9A1AC557F56c49B56F6B83E293C15 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\LastCheckTimestamp
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A97C590397DCC454AA8923563BAB10E4 : 01:\SOFTWARE\AskPartnerNetwork\Toolbar\shared\EnableSA
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB9AD9C4759E4D24E940AD04A0AF85F9 : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\shared\osDetail
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D14A7F65792054F418578C78367D13F7 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\UpdateAllSubPackageToVersion
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DBDE540F68E9E1B45A14CA0E79A53EEB : C:\Program Files (x86)\AskPartnerNetwork\Toolbar\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DFE9F0BD163D827438CB6AD6B100EC48 : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\shared\
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F739A19A8327dc64C9A8B641A9E89646 : 02:\SOFTWARE\AskPartnerNetwork\PackageService\Register\ApnSetupV6\Version
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFF85BE02C628C348AE2B40EACDA218B : 02:\SOFTWARE\AskPartnerNetwork\Toolbar\shared\osArchitecture
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D2A425F405350054677A7A857BC03200 :     [C:\Windows\Installer\163c03.msi]
Deleted successfully : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon : "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
Deleted successfully : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PureLeads Tray : "C:\Program Files (x86)\PureLeads\PureLeadsTray.exe"

---------- | Folders | Files

Deleted successfully : C:\Program Files\Common Files\Tencent
Deleted successfully : C:\Program Files\Sound+
Deleted successfully : C:\Program Files (x86)\Device Doctor\SpeedUpPC.ico     (.-.)     
Deleted successfully : C:\Program Files (x86)\Device Doctor\SpeedUpPC.url     (.-.)     
Deleted successfully : C:\Program Files (x86)\globalUpdate
Deleted successfully : C:\Program Files (x86)\JZIP
Deleted successfully : C:\Program Files (x86)\Tencent
Deleted successfully : C:\Program Files (x86)\Common Files\Tencent
Deleted successfully : C:\Users\Sambone\AppData\Local\feca
Deleted successfully : C:\Users\Sambone\AppData\Local\globalUpdate
Deleted successfully : C:\Users\Sambone\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{6A1806CD-94D4-4689-BA73-E35EA1EA9990}.ico     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\1eQ772tSssuvdlKFwNwJCiresrK     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\8rAKqhI1z48LkzA1WEzfRa     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\9JTm1ZjzU33938K4jwcz8Ca     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\CfbNsuvmntfrcUGi     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnX     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\ProductData
Deleted successfully : C:\Users\Sambone\AppData\Roaming\RHEng
Deleted successfully : C:\Users\Sambone\AppData\Roaming\RPEng
Deleted successfully : C:\Users\Sambone\AppData\Roaming\tDPRZCgZ8WaZeCaNXn6LrRssF     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\Tencent
Deleted successfully : C:\Users\Sambone\AppData\Roaming\Wi2CZNmYTcHbg8b     (.-.)     
Deleted successfully : C:\Users\Sambone\Downloads\playstv_installer.exe     (.-.)     
Deleted successfully : C:\ProgramData\12db864551ae4c578eb17db1a9f5d3cf
Deleted successfully : C:\ProgramData\ProductData
Deleted successfully : C:\ProgramData\Tencent
Deleted successfully : C:\AI_RecycleBin
Deleted successfully : C:\Windows\Installer\163c03.msi     (.-.)    [Package Install]
Deleted successfully : C:\ProgramData\ntuser.dat{26051ea8-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000002.regtrans-ms     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat{26051ea8-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000001.regtrans-ms     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat{26051ea8-e4c7-11e4-ab37-448a5b877319}.TM.blf     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat{26051e9d-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000002.regtrans-ms     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat{26051e9d-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000001.regtrans-ms     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat{26051e9d-e4c7-11e4-ab37-448a5b877319}.TM.blf     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat.LOG2     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat.LOG1     (.-.)     
Deleted successfully : C:\ProgramData\ntuser.dat     (.-.)     
Deleted successfully : C:\ProgramData\APN
Deleted successfully : C:\END     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\IObit
Deleted successfully : C:\Program Files\McAfee Security Scan
Deleted successfully : C:\ProgramData\IObit
Deleted successfully : C:\ProgramData\McAfee Security Scan
Deleted successfully : C:\Program Files (x86)\IObit
Deleted successfully : C:\Windows\IObit
Deleted successfully : C:\Windows\System32\AI_RecycleBin
Deleted successfully : C:\Windows\System32\Config\Systemprofile\AppData\Roaming\tencent

---------- | .LNK


---------- | opening unknown extension


---------- | Proxy


---------- | Internet Explorer

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm -> C:\Windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] :  -> 2
Repaired : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] :  -> 1
Repaired : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonBadCertReceving] :  -> 1
Repaired : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet settings]~[WarNonHTTPSToHTTPRedirect] :  -> 1
Repaired : [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]~[Locked] : 1 -> 0

---------- | Yandex

---------- | Google Chrome

Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Web Data     (.-.)     Reseted successfully : SearchURL
Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Preferences     (.-.)     Reseted successfully : Preferences 
Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences     (.-.)     Reseted successfully : Preferences 
Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\ajfiodhbiellfpcjjedhmmmpeeaebmep =  permissions: [ webRequest webRequestBlocking declarativeWebRequest proxy *://*/* ]
Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddilifddb = (Changelog)
Deleted successfully : C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\jobehlihkogkaopjdeomandehpjiljjn = Search for YouTube™

C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf =  : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl =  :     Quickly access Skype for Web and Share on Skype through your browser -     Skype - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

---------- | Chromium


[Sambone] : lifbcibllhkdhoafpjfnlhfpfgnpldfl =  :     Skype Click to Call -     Skype Click to Call - https://clients2.google.com/service/update2/crx
[Sambone] : nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx

---------- | Comodo Dragon

---------- | Firefox

Deleted successfully : C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default\sessionstore.js     (.-.)     
Deleted successfully : C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default\extensions\{7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}.xpi     (.-.)= {7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}.xpi


---------- | SeaMonkey

---------- | Pale moon

---------- | Opera

---------- | Spark

---------- | StartMenuInternet

Repaired : [HKLM\SOFTWARE\Clients\StartMenuInternet\IExplore.exe\shell\open\command]~[] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

---------- | Javascript


---------- | Firewall

Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1


---------- | ADS


Other(s) report(s)


Analyzed : 379681 | Modified : 7 | Deleted : 127

---------- |EOF| ---------- | 17:42:17 | [32 Ko]

Share this post


Link to post
Share on other sites

fixlist.txt

 

 

Download attached fixlist.txt file and save it to the Desktop. NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

 

 

After this, please continue with @g3n-h@ckm@n and let us know how things are. :)

 

 

Share this post


Link to post
Share on other sites

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-07-2016
Ran by Sambone (2016-07-26 18:38:31) Run:1
Running from C:\Users\Sambone\Downloads
Loaded Profiles: Sambone (Available Profiles: Sambone)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [598552 2016-06-22] (Oracle Corporation)
Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}: [DhcpNameServer] 192.168.1.1
ManualProxies: 
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-us
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2847832888-1738266169-4025173231-1000 -> {4798622D-93EB-4618-A8D2-9FCBA81CC42B} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2847832888-1738266169-4025173231-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.)
Toolbar: HKU\S-1-5-21-2847832888-1738266169-4025173231-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960672 2016-05-27] (IObit)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.163\McCHSvc.exe [289256 2015-07-31] (McAfee, Inc.)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 cpuz138; \??\C:\Users\Sambone\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] 
2016-06-29 16:00 - 2016-06-29 16:00 - 00000000 ____D C:\Windows\IObit
2016-06-29 15:59 - 2016-06-29 18:23 - 00000000 ____D C:\ProgramData\IObit
2016-06-29 15:59 - 2016-06-29 16:11 - 00000000 ____D C:\Program Files (x86)\IObit
2016-06-29 15:59 - 2016-06-29 16:07 - 00000000 ____D C:\Users\Sambone\AppData\Roaming\IObit
2016-06-29 15:59 - 2016-06-29 16:04 - 00000000 ____D C:\Users\Sambone\AppData\LocalLow\IObit
2016-06-29 17:10 - 2015-11-12 10:55 - 00000000 ____D C:\Program Files (x86)\baidu
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\1eQ772tSssuvdlKFwNwJCiresrK
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\8rAKqhI1z48LkzA1WEzfRa
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\9JTm1ZjzU33938K4jwcz8Ca
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\CfbNsuvmntfrcUGi
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnX
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD
2015-04-19 05:20 - 2015-04-19 05:20 - 0005872 _____ () C:\Users\Sambone\AppData\Roaming\tDPRZCgZ8WaZeCaNXn6LrRssF
2015-04-14 09:28 - 2015-04-14 09:28 - 0004387 _____ () C:\Users\Sambone\AppData\Roaming\Wi2CZNmYTcHbg8b
2015-02-24 23:44 - 2016-06-29 14:56 - 0007597 _____ () C:\Users\Sambone\AppData\Local\Resmon.ResmonCfg 
Task: {04701652-9D78-4721-BA9F-C2B09BEAD714} - System32\Tasks\DivXUpdate => C:\Program Files (x86)\Common Files\DivX Shared\Qt4.8\DivXUpdate.exe [2016-03-01] (DivX, LLC)
Task: {06D9DD6B-34A4-4BCA-BB67-AC14E2B20FCD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {0830916F-F1B2-4E92-B902-B21F4882BBB8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {1AF09285-58B8-4034-81B5-890C5CFBAE50} - System32\Tasks\{6FEF0ED7-D904-41B8-9CE6-5D7D54ABDF90} => pcalua.exe -a "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe" -d "C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2" -c /register
Task: {23562593-2E8D-433C-8032-E86BFF783C29} - System32\Tasks\{2DF1622A-D1E5-41BF-B53C-F4062EEF80E5} => pcalua.exe -a "C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe" -c uninstall=17
Task: {3D98C458-22C6-4BF6-82CF-1F02071A959C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation)
Task: {4C2CAB56-6E84-4E9C-9C8C-C37702ABB39F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-07] (Facebook Inc.)
Task: {50927979-D8A0-4940-B759-078355CA8AC7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {6B995526-1943-4A49-B7EA-B748E25D830F} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-06-14] (Microsoft Corporation)
Task: {7EFBC4CE-A2EC-40C6-8078-22EA72B02744} - System32\Tasks\{278A3952-B920-4C94-94E5-134C86B35600} => pcalua.exe -a "C:\Program Files (x86)\BlackDesertOnlineCBT1\Black Desert Online Launcher.exe" -c /uninstall
Task: {7FF4620C-0BDD-45A9-9781-842D837EE3BB} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-07] (Facebook Inc.)
Task: {8725BBC5-D94C-4E41-A1C7-C50A4F98605B} - System32\Tasks\Uninstaller_SkipUac_Sambone => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-06-01] (IObit)
Task: {9556329A-BF4C-4EBC-AB0B-A12E89EEB703} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-14] (Adobe Systems Incorporated)
Task: {AD52B37C-52D9-4C70-941E-281F57C15CDC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {B5CFB873-62FC-4F2B-BC01-F92D4F3BDD3B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-06-14] (Microsoft Corporation) 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core.job => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA.job => C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GqSoeYrk5fnXwEWpc7MtD.job => C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD.exe <==== ATTENTION 
C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD.exe 
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}\\NameServer => value removed successfully
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}\\DhcpNameServer => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value removed successfully
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
"HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4798622D-93EB-4618-A8D2-9FCBA81CC42B}" => key removed successfully
HKCR\CLSID\{4798622D-93EB-4618-A8D2-9FCBA81CC42B} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value removed successfully
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => key removed successfully
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value not found.
HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => key not found. 
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll => not found.
LiveUpdateSvc => service removed successfully
McComponentHostService => service removed successfully
BRDriver64_1_3_3_E02B25FC => service removed successfully
cpuz136 => service removed successfully
cpuz138 => service removed successfully
MSICDSetup => service removed successfully
NTIOLib_1_0_C => service removed successfully
xhunter1 => service removed successfully
"C:\Windows\IObit" => not found.
"C:\ProgramData\IObit" => not found.
"C:\Program Files (x86)\IObit" => not found.
"C:\Users\Sambone\AppData\Roaming\IObit" => not found.
C:\Users\Sambone\AppData\LocalLow\IObit => moved successfully
C:\Program Files (x86)\baidu => moved successfully
"C:\Users\Sambone\AppData\Roaming\1eQ772tSssuvdlKFwNwJCiresrK" => not found.
"C:\Users\Sambone\AppData\Roaming\8rAKqhI1z48LkzA1WEzfRa" => not found.
"C:\Users\Sambone\AppData\Roaming\9JTm1ZjzU33938K4jwcz8Ca" => not found.
"C:\Users\Sambone\AppData\Roaming\CfbNsuvmntfrcUGi" => not found.
"C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnX" => not found.
C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD => moved successfully
"C:\Users\Sambone\AppData\Roaming\tDPRZCgZ8WaZeCaNXn6LrRssF" => not found.
"C:\Users\Sambone\AppData\Roaming\Wi2CZNmYTcHbg8b" => not found.
C:\Users\Sambone\AppData\Local\Resmon.ResmonCfg => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04701652-9D78-4721-BA9F-C2B09BEAD714}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04701652-9D78-4721-BA9F-C2B09BEAD714}" => key removed successfully
C:\Windows\System32\Tasks\DivXUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DivXUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{06D9DD6B-34A4-4BCA-BB67-AC14E2B20FCD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{06D9DD6B-34A4-4BCA-BB67-AC14E2B20FCD}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0830916F-F1B2-4E92-B902-B21F4882BBB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0830916F-F1B2-4E92-B902-B21F4882BBB8}" => key removed successfully
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1AF09285-58B8-4034-81B5-890C5CFBAE50}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AF09285-58B8-4034-81B5-890C5CFBAE50}" => key removed successfully
C:\Windows\System32\Tasks\{6FEF0ED7-D904-41B8-9CE6-5D7D54ABDF90} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6FEF0ED7-D904-41B8-9CE6-5D7D54ABDF90}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{23562593-2E8D-433C-8032-E86BFF783C29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23562593-2E8D-433C-8032-E86BFF783C29}" => key removed successfully
C:\Windows\System32\Tasks\{2DF1622A-D1E5-41BF-B53C-F4062EEF80E5} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2DF1622A-D1E5-41BF-B53C-F4062EEF80E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D98C458-22C6-4BF6-82CF-1F02071A959C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D98C458-22C6-4BF6-82CF-1F02071A959C}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office ClickToRun Service Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4C2CAB56-6E84-4E9C-9C8C-C37702ABB39F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2CAB56-6E84-4E9C-9C8C-C37702ABB39F}" => key removed successfully
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{50927979-D8A0-4940-B759-078355CA8AC7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{50927979-D8A0-4940-B759-078355CA8AC7}" => key removed successfully
C:\Windows\System32\Tasks\Apple\AppleSoftwareUpdate => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6B995526-1943-4A49-B7EA-B748E25D830F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B995526-1943-4A49-B7EA-B748E25D830F}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Subscription Maintenance => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Subscription Maintenance" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7EFBC4CE-A2EC-40C6-8078-22EA72B02744}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7EFBC4CE-A2EC-40C6-8078-22EA72B02744}" => key removed successfully
C:\Windows\System32\Tasks\{278A3952-B920-4C94-94E5-134C86B35600} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{278A3952-B920-4C94-94E5-134C86B35600}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7FF4620C-0BDD-45A9-9781-842D837EE3BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7FF4620C-0BDD-45A9-9781-842D837EE3BB}" => key removed successfully
C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8725BBC5-D94C-4E41-A1C7-C50A4F98605B} => key not found. 
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Sambone => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Sambone => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9556329A-BF4C-4EBC-AB0B-A12E89EEB703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9556329A-BF4C-4EBC-AB0B-A12E89EEB703}" => key removed successfully
C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD52B37C-52D9-4C70-941E-281F57C15CDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD52B37C-52D9-4C70-941E-281F57C15CDC}" => key removed successfully
C:\Windows\System32\Tasks\CCleanerSkipUAC => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5CFB873-62FC-4F2B-BC01-F92D4F3BDD3B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5CFB873-62FC-4F2B-BC01-F92D4F3BDD3B}" => key removed successfully
C:\Windows\System32\Tasks\Microsoft\Office\Office Automatic Updates => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office Automatic Updates" => key removed successfully
C:\Windows\Tasks\Adobe Flash Player Updater.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000Core.job => moved successfully
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2847832888-1738266169-4025173231-1000UA.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\Windows\Tasks\GqSoeYrk5fnXwEWpc7MtD.job => moved successfully
"C:\Users\Sambone\AppData\Roaming\GqSoeYrk5fnXwEWpc7MtD.exe" => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.


========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End ofCMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End ofCMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End ofCMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End ofCMD: =========


========= netsh int ip reset c:\resetlog.txt =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End ofCMD: =========


========= ipconfig /release =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::5d67:4c60:66c1:5247%11
   Default Gateway . . . . . . . . . : 

Tunnel adapter isatap.{5519DE55-46DC-4524-984E-7F8FB9C4A811}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

========= End ofCMD: =========


========= ipconfig /renew =========


Windows IP Configuration


Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : 
   Link-local IPv6 Address . . . . . : fe80::5d67:4c60:66c1:5247%11
   IPv4 Address. . . . . . . . . . . : 192.168.1.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter isatap.{5519DE55-46DC-4524-984E-7F8FB9C4A811}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

========= End ofCMD: =========


========= netsh int ipv4 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End ofCMD: =========


========= netsh int ipv6 reset =========

There's no user specified settings to be reset.


========= End ofCMD: =========


========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {148B0777-7106-47A4-8345-CA85136A4F24}.
Unable to cancel {E52D676D-33A3-4052-A2AF-38E20CF857CC}.
Unable to cancel {60750D3F-BA1A-4B40-B1BD-EA5E604B0476}.
Unable to cancel {DCB4301D-77FD-4DAB-A318-057593A4AA70}.
Unable to cancel {4E6C6B65-A9C1-4F49-AF0A-FC90F737033F}.
Unable to cancel {70D6F8F4-4D82-43C1-A565-AD3E84B9E9B6}.
Unable to cancel {C4A305FD-6E05-4C9A-AE93-DFBCF1B7D79C}.
Unable to cancel {3AE5A4C9-23BF-45D8-A915-C1024324BBCF}.
Unable to cancel {9B5B8FEF-D1DE-4B60-93F4-B947F90259A1}.
Unable to cancel {D5AE5771-4EBA-448D-A7C9-2E193F929FBD}.
Unable to cancel {B1E9E011-BBDE-4E76-B175-4E60C2BBB999}.
Unable to cancel {4EC32452-F215-4A7F-8711-5D1D3676028B}.
Unable to cancel {AE3A1B9C-8D92-4943-90A9-94CE9B1C3AB6}.
Unable to cancel {A83EF31D-9B67-4554-8F86-4B7E25D054EC}.
Unable to cancel {C3A35257-503E-498A-BD41-5627BA5885FE}.
Unable to cancel {88F9DF36-C3D0-4516-9402-1E4F39C232F9}.
Unable to cancel {85ACDA14-ED27-4D8E-8BB9-613A309821AB}.
Unable to cancel {FB13B5A6-5835-4DD7-A5D2-CF8F4415B5D2}.
Unable to cancel {918E8F61-052C-4A60-A419-E70B333CCE46}.
Unable to cancel {01845E50-D368-4D54-B969-FA5E2AAC06D0}.
Unable to cancel {6A5D8968-425B-4CA2-B9C5-4A035E5994A2}.
Unable to cancel {E58F662B-9F7B-4DEB-B385-FADF9EC34998}.
Unable to cancel {04031300-F2AE-42BF-9DBA-C22810A99AE3}.
Unable to cancel {696C847B-1524-4C85-A8A6-0F6E3225DA50}.
Unable to cancel {8DF1C91C-377B-4DF9-A434-44DCB682DF2F}.
Unable to cancel {057AC7E9-0D7A-4763-8C4D-AA78D0021860}.
Unable to cancel {A16BC45E-CF02-407F-B346-AB5990CD9BDA}.
Unable to cancel {C969E785-BFD7-4F93-BBAE-3769F6A5FE6B}.
Unable to cancel {421A1A75-E372-4EDD-9363-3E5C120CD2D3}.
Unable to cancel {27A14C04-B187-4B18-A83E-53E30538D2CB}.
Unable to cancel {B2E4399C-EA36-4C0D-A044-0DB167D16A6F}.
Unable to cancel {FDB1D790-B384-4F50-A171-FC448DF586DF}.
Unable to cancel {7D42FE4B-3F53-47A2-8385-3E1EF8C445F2}.
Unable to cancel {AA9D9396-FA63-4610-85C6-034AE0EE372A}.
Unable to cancel {E32B3EBD-510A-4ED0-8ED5-B5F76BBB77C1}.
Unable to cancel {9FDCD7CF-64B9-4DB2-8499-8A95B458161C}.
Unable to cancel {205ACC6E-3CD2-42DE-A4E2-4050956E4BB7}.
Unable to cancel {DA6D2648-998A-4571-AC71-9457FEAA3291}.
Unable to cancel {00A8929A-2C9D-4E58-86B1-D03FC33632BA}.
Unable to cancel {AE049DA4-A63C-49B4-BE1B-620FF2834173}.
Unable to cancel {8F4CD936-4484-4E21-87CF-305DC7E6408E}.
Unable to cancel {88958B5E-4969-4C72-A670-0607C5855F44}.
Unable to cancel {C101E27D-F88F-4C21-9EB2-BFEC5A0CCD81}.
Unable to cancel {F45A3B1D-F584-432D-8FCB-7627149222AF}.
Unable to cancel {B3A03259-9E6D-446D-BDCC-A7D6C2637A78}.
Unable to cancel {2C1A7184-21E8-47F9-B396-A0A8594E877C}.
Unable to cancel {7CDAF844-383A-4D40-AEDA-71A8AB0FFAF5}.
Unable to cancel {9E18A45B-3E2B-4E08-90B7-4AFDAB863D6D}.
Unable to cancel {3CA19B3C-DFA8-41F5-BFE4-7CCA095669E6}.
Unable to cancel {CBB3E10C-2BC9-48EC-A269-8E4531BBC87F}.
Unable to cancel {74B53E26-2ED2-42AA-BA18-9C959466D355}.
Unable to cancel {F6B984FE-2816-4592-9777-DC75C74E4AF5}.
Unable to cancel {E3A7BD77-10D0-4368-BC19-B9A3FA9070F6}.
Unable to cancel {7628756F-AF58-4CE9-A23A-F5947C608560}.
Unable to cancel {CE4C568D-D388-4049-9D5E-8ECC8B62366B}.
0 out of 55 jobs canceled.

========= End ofCMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 23251286 B
Java, Flash, Steam htmlcache => 375878071 B
Windows/system/drivers => -73386 B
Edge => 0 B
Chrome => 787229441 B
Firefox => 3967622 B
Opera => 9754336 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 55381346 B
systemprofile32 => 12287156 B
LocalService => 0 B
NetworkService => 341740 B
Sambone => 226576865 B

RecycleBin => 0 B
EmptyTemp: => 1.4 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 18:40:48 ====

Share this post


Link to post
Share on other sites

All these steps have made my google chrome and computer overall faster, but has not impacted my performance in games whatsoever. The problem is still bad. I feel like its a hardware issue, like something with my psu or something idk.. 

Share this post


Link to post
Share on other sites

For example when i play overwatch and turn the settings up to the highest settings, ill be at 50 fps or so which should be very playable but its just soooo stuttery.

Share this post


Link to post
Share on other sites

hello ok , I'd like to have a deepest view of your system

 

Disable all your protections during the download and the use of the tool
Download Quickdiag from this link => https://toolslib.net/downloads/viewdownload/36-quickdiag/
Run the tool and click "Extended"
Scan ended, Attach the report here.

 

QuickDiag-1.png

 

If the report is too long , attach it on https://www.sendspace.com/ and give the link obtained in your answer

Share this post


Link to post
Share on other sites

Alright, i will do this first thing tomorrow. Quick question. Do you think this problem is most likely still just a virus of some sort? Would a virus cause these performance issues in game like stuttering and flickering textures and stuff?

Share this post


Link to post
Share on other sites

--------------- QuickDiag | g3n-h@ckm@n | 2_24.07.2016.1 ---------------

----- XP | Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- - Start 27/07/2016 01:16:39

Updated 24/07/2016 | 08.15 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/

Time Zone : (UTC-08:00) Pacific Time (US & Canada)
[Sambone (Administrator)] - [SAMBONE-PC] (S-1-5-21-2847832888-1738266169-4025173231-1000)

System: Microsoft Windows 7 Home Premium  - Service Pack 1 - (6.1.7601) -  BuildType: Multiprocessor Free - OSLanguage: 1033 (0409)
System: AutoReboot: False - DebugFilePath: %SystemRoot%\MEMORY.DMP - KernelDumpOnly: False - OverwriteExistingDebugFile: True - WriteDebugInfo: True - WriteToSystemLog: True
Boot : Microsoft Windows 7 Home Premium |C:\Windows|\Device\Harddisk0\Partition4
Boot : Normal boot
PC: MS-7850 - MSI - IdNumber: To be filled by O.E.M. - UUID: 00000000-0000-0000-0000-448A5B877319
Processor : X64 - 3400 Mhz - Intel(R) Core(TM) i5-4670K CPU @ 3.40GHz
BIOS Date: 02/19/14 11:08:45 Ver: 04.06.05 - en|US|iso8859-1 - American Megatrends Inc. - S/N: To be filled by O.E.M. - V1.6B3 - ALASKA - 1072009
CoreTemp : 29.8 Celsius

----------| Extended


---------- | SoundDevice

NVIDIA High Definition Audio - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10DE&DEV_0040&SUBSYS_38422765&REV_1001\5&13D1A0F7&0&0001
Realtek High Definition Audio - Status: OK - Manufacturer: Realtek - PNPDeviceID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1462D850&REV_1003\4&D5D6BC&0&0001
NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - Status: OK - Manufacturer: NVIDIA - PNPDeviceID: ROOT\UNNAMED_DEVICE\0000
Razer Surround Audio Controller - Status: OK - Manufacturer: Razer Inc - PNPDeviceID: ROOT\MEDIA\0000

---------- | Video

NVIDIA GeForce GTX 760 - Resolution: 1920x1080 - Colors: 4294967296 - RefreshRate: 60 - 32 Bits Per Pixel - DeviceID: VideoController1 - Drivers: nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um - PNPDeviceID: PCI\VEN_10DE&DEV_1187&SUBSYS_27653842&REV_A1\4&331D6FC6&0&0008 - AdapterCompatibility: NVIDIA - RAM: -2147483648
Inegrated Video Chipset DeviceName: NVIDIA GeForce GTX 760 - DriverVersion: 10.18.13.6881 - SpecificationVersion: 1025

---------- | Codecs

c:\windows\system32\msrle32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 16384 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msvidc32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 38912 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\imaadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 22016 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msg711.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msgsm32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 29184 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msadp32.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 24064 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\msyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 25600 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\iyuv_32.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 54272 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\tsbyuv.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 14848 -  Manufacturer: Microsoft Corporation - Status: OK
c:\windows\system32\l3codeca.acm - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 81408 -  Manufacturer: Fraunhofer Institut Integrierte Schaltungen IIS - Status: OK
c:\windows\system32\frapsv64.dll - ClassName: Win32_CodecFile - FSName: NTFS - FileSize: 105984 -  Manufacturer: Beepa P/L - Status: OK

---------- | CPU


---------- | Network


WAN Miniport (SSTP) -  - Microsoft - Status:  - PnPID : ROOT\MS_SSTPMINIPORT\0000
WAN Miniport (IKEv2) -  - Microsoft - Status:  - PnPID : ROOT\MS_AGILEVPNMINIPORT\0000
WAN Miniport (L2TP) -  - Microsoft - Status:  - PnPID : ROOT\MS_L2TPMINIPORT\0000
WAN Miniport (PPTP) -  - Microsoft - Status:  - PnPID : ROOT\MS_PPTPMINIPORT\0000
WAN Miniport (PPPOE) -  - Microsoft - Status:  - PnPID : ROOT\MS_PPPOEMINIPORT\0000
WAN Miniport (IPv6) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANIPV6\0000
WAN Miniport (Network Monitor) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANBH\0000
Realtek PCIe GBE Family Controller - Ethernet 802.3 - Realtek - Status:  - PnPID : PCI\VEN_10EC&DEV_8168&SUBSYS_78501462&REV_0C\4&2320F049&0&00E5
WAN Miniport (IP) -  - Microsoft - Status:  - PnPID : ROOT\MS_NDISWANIP\0000
Microsoft ISATAP Adapter - Tunnel - Microsoft - Status:  - PnPID : ROOT\*ISATAP\0000
RAS Async Adapter - Wide Area Network (WAN) - Microsoft - Status:  - PnPID : SW\{EEAB7790-C514-11D1-B42B-00805FC1270E}\ASYNCMAC
Teredo Tunneling Pseudo-Interface - Tunnel - Microsoft - Status:  - PnPID : ROOT\*TEREDO\0000

---------- | Memory

RAM = Total (MB) : 8322 | Free (MB) : 6399
Pagefile = Total (MB) : 16643 | Free (MB) : 14501
Virtual = Total (MB) : 4194 | Free (MB) : 3998

Physical Memory 0 : Capacity: 4294967296 - ChannelA-DIMM0 - Posit.:  - Manufacturer: 0420 - PartNumber:                    - S/N: 50150000
Physical Memory 2 : Capacity: 4294967296 - ChannelB-DIMM0 - Posit.:  - Manufacturer: 0420 - PartNumber:                    - S/N: 4B150000

---------- | SID Users

Administrator : [S-1-5-21-2847832888-1738266169-4025173231-500]
Guest : [S-1-5-21-2847832888-1738266169-4025173231-501]
HomeGroupUser$ : [S-1-5-21-2847832888-1738266169-4025173231-1002]
Sambone : [S-1-5-21-2847832888-1738266169-4025173231-1000]
Administrators : [S-1-5-32-544]
Distributed COM Users : [S-1-5-32-562]
Event Log Readers : [S-1-5-32-573]
Guests : [S-1-5-32-546]
IIS_IUSRS : [S-1-5-32-568]
Performance Log Users : [S-1-5-32-559]
Performance Monitor Users : [S-1-5-32-558]
Users : [S-1-5-32-545]
HomeUsers : [S-1-5-21-2847832888-1738266169-4025173231-1001]

---------- | Drives

C:\ -> [Fixed] | [] | Total : 931 Go | Free : 335.17 Go -> NTFS [SATA]

DeviceID: \\.\PHYSICALDRIVE0 - Status: OK - IDE - Fixed hard disk media - 3 Part. - PnPID : IDE\DISKTOSHIBA_DT01ACA100______________________MS2OA750\5&2E63C8B0&0&0.0.0

---------- | Windows updates

Last detection : 2016-03-18 23:55:05
Downloaded last ones : 2016-07-01 02:12:03
Installed last ones : 2016-07-01 01:35:24

Windows Is Activated

---------- | Browsers

IE : 11.0.9600.17728     (© Microsoft Corporation.)
FF : 37.0.1.5570     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 51.0.2704.106     (Copyright 2015 Google Inc.)

---------- | FlashPlayer

FlashPlayer ActiveX : 21.0.0.242
FlashPlayer Plugin : 19.0.0.226

---------- | Security

AV : Microsoft Security Essentials Disabled
AS : Windows Defender Disabled
AM : Malwarebytes' Anti-Malware   ( 2.3.173.0)     [Update : 15/05/2016 11:29:34]
FW : WINDOWS Firewall
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
WMI: Windows Management Instrumentation [Auto(2)] = Running

---------- | Running processes

324 | [Owner : SYSTEM | Parent : 4(System) | ?????] - (.Microsoft Corporation - Windows Session Manager.) - (6.1.7601.18798) = C:\Windows\System32\smss.exe     [14/04/2015 14:15:08]    
616 | [Owner :  | Parent : 460() | ?????] - (.Microsoft Corporation - Windows Start-Up Application.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe     [13/07/2009 16:52:37]    
664 | [Owner :  | Parent : 600() | ?????] - (.Microsoft Corporation - Windows Logon Application.) - (6.1.7601.18540) = C:\Windows\System32\winlogon.exe     [15/10/2014 12:07:59]    
716 | [Owner :  | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Services and Controller app.) - (6.1.7600.16385) = C:\Windows\System32\services.exe     [13/07/2009 16:19:46]    
724 | [Owner :  | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18798) = C:\Windows\System32\lsass.exe     [14/04/2015 14:15:08]    
732 | [Owner :  | Parent : 616(wininit.exe) | ?????] - (.Microsoft Corporation - Local Session Manager Service.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe     [20/11/2010 20:23:53]    
828 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
888 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 368.81.) - (8.17.13.6881) = C:\Windows\System32\nvvsvc.exe     [25/07/2016 23:43:07]    
912 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.6881) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe     [26/07/2016 14:22:28]    
956 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
168 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.218.0) = C:\Program Files\Microsoft Security Client\MsMpEng.exe     [29/01/2016 19:34:20]    
464 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
352 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
728 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
1028 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
1132 | [Owner :  | Parent : 464(svchost.exe) | ?????] - (.Microsoft Corporation - Windows Audio Device Graph Isolation.) - (6.1.7601.18741) = C:\Windows\System32\audiodg.exe     [14/04/2015 14:15:38]    
1260 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
1440 | [Owner :  | Parent : 888(nvvsvc.exe) | ?????] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe     [25/07/2016 23:43:07]    
1532 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe     [17/06/2013 11:02:07]    
1596 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
1696 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Apple Inc. - MobileDeviceService.) - (17.364.0.34) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe     [07/10/2015 12:45:40]    
1760 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe     [12/08/2015 17:03:42]    
1784 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Updates Skype Click to Call.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe     [25/05/2016 10:30:36]    
1852 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Phone Number Recognition (PNR) module.) - (8.3.0.9150) = C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe     [25/05/2016 10:31:20]    
1920 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4841.1001) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe     [09/09/2014 09:30:22]    
2032 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.4.0) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe     [06/10/2015 23:17:01]    
1316 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe     [06/10/2015 23:16:55]    
1560 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe     [06/10/2015 23:16:59]    
1984 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Plays.tv, LLC - Plays.tv Service.) - (1.0.0.0) = C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe     [21/07/2016 11:23:28]    
2056 | [Owner :  | Parent : 716(services.exe) | ?????] - (.-.) - (0.0.0.0) = C:\Windows\System32\PnkBstrA.exe     [24/07/2016 11:04:48]    
2080 | [Owner :  | Parent : 716(services.exe) | ?????] - (.- GameScannerService.) - (1.0.6.2673) = C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe     [04/11/2015 16:11:56]    
2148 | [Owner :  | Parent : 716(services.exe) | ?????] - (.A-Volute - RazerSurround VAD Streaming Service.) - (1.1.61.0) = C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe     [15/02/2016 00:57:00]    
2748 | [Owner :  | Parent : 716(services.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe     [06/10/2015 23:16:59]    
2348 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
1220 | [Owner :  | Parent : 948() | ?????] - (.Google Inc. - Google Installer.) - (1.3.28.13) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe     [12/05/2014 13:06:34]    
2868 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe     [17/06/2013 11:02:34]    
2936 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Windows Modules Installer.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe     [20/11/2010 20:24:03]    
3052 | [Owner : Sambone | Parent : 716(services.exe) | 12.3 Mo] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe     [17/06/2013 10:30:34]    
2888 | [Owner :  | Parent : 1560(NvStreamService.exe) | ?????] - (.NVIDIA Corporation - NVIDIA Streamer User Agent.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe     [06/10/2015 23:16:59]    
2620 | [Owner : Sambone | Parent : 352(svchost.exe) | 31.06 Mo] - (.Microsoft Corporation - Desktop Window Manager.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe     [13/07/2009 16:37:38]    
3032 | [Owner :  | Parent : 608(csrss.exe) | ?????] - (.Microsoft Corporation - Console Window Host.) - (6.1.7601.18798) = C:\Windows\System32\conhost.exe     [14/04/2015 14:15:08]    
3068 | [Owner : Sambone | Parent : 2852() | 53.62 Mo] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe     [17/06/2013 11:02:20]    
3104 | [Owner : Sambone | Parent : 3068(explorer.exe) | 27.84 Mo] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.6.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe     [06/10/2015 23:16:59]    
3124 | [Owner : Sambone | Parent : 3068(explorer.exe) | 6.31 Mo] - (.Microsoft Corporation - XBoxStat.exe.) - (1.20.146.0) = C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe     [30/09/2009 17:57:30]    
3136 | [Owner : Sambone | Parent : 3068(explorer.exe) | 14.56 Mo] - (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.9.218.0) = C:\Program Files\Microsoft Security Client\msseces.exe     [29/01/2016 19:27:36]    
3152 | [Owner : Sambone | Parent : 3068(explorer.exe) | 6.88 Mo] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.33.106) = C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe     [13/10/2015 21:14:15]    
3168 | [Owner : Sambone | Parent : 3068(explorer.exe) | 23.4 Mo] - (.BitTorrent Inc. - µTorrent.) - (3.4.7.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe     [24/09/2015 03:15:26]    
3200 | [Owner : Sambone | Parent : 3068(explorer.exe) | 19.43 Mo] - (.Flux Software LLC - f.lux.) - (3.10.0.1) = C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe     [23/10/2013 15:39:14]    
3580 | [Owner : Sambone | Parent : 3264() | 14.58 Mo] - (.Plays.tv, LLC - Plays.tv Video Recorder by Raptr.) - (1.12.4.0) = C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe     [21/07/2016 11:23:28]    
3804 | [Owner : Sambone | Parent : 3168(uTorrent.exe) | 81.65 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe     [18/05/2016 10:48:55]    
3856 | [Owner : Sambone | Parent : 3168(uTorrent.exe) | 37.33 Mo] - (.BitTorrent Inc. - WebHelper.) - (1.0.0.42330) = C:\Users\Sambone\AppData\Roaming\uTorrent\updates\3.4.7_42330\utorrentie.exe     [18/05/2016 10:48:55]    
4024 | [Owner : Sambone | Parent : 1440(nvxdsync.exe) | 11.93 Mo] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe     [25/07/2016 23:43:07]    
3576 | [Owner : Sambone | Parent : 3580(playstv.exe) | 11.7 Mo] - (.Raptr Inc. - Elevation Proxy.) - (1.0.0.1) = C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_ep64.exe     [20/07/2016 17:08:08]    
4572 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe     [20/11/2010 20:25:05]    
4912 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
6064 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Host Process for Windows Services.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe     [13/07/2009 16:31:13]    
5648 | [Owner :  | Parent : 2868(SearchIndexer.exe) | ?????] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe     [17/06/2013 11:02:33]    
1204 | [Owner : SYSTEM | Parent : 2868(SearchIndexer.exe) | 6.8 Mo] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe     [17/06/2013 11:02:33]    
5992 | [Owner : Sambone | Parent : 5780() | 22.46 Mo] - (.SosVirus - QuickDiag.) - (24.7.2016.1) = C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe     [27/07/2016 01:15:57]    
5480 | [Owner :  | Parent : 716(services.exe) | ?????] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe     [20/11/2010 20:23:56]    

---------- | MD5

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [17/06/2013 11:02:20] - (.© Microsoft Corporation. - Windows Explorer.) - [2804.5 Ko] - (6.1.7601.17567) : C:\Windows\Explorer.exe
[MD5.5746BD7E255DD6A8AFA06F7C42C1BA41] - [20/11/2010 20:23:55] - (.© Microsoft Corporation. - Windows Command Processor.) - [337 Ko] - (6.1.7601.17514) : C:\Windows\System32\cmd.exe
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [13/07/2009 16:19:49] - (.© Microsoft Corporation. - Client Server Runtime Process.) - [7.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\csrss.exe
[MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [13/07/2009 16:59:17] - (.© Microsoft Corporation. - COM Surrogate.) - [9.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\dllhost.exe
[MD5.E75074EFBE3C24FBC95C7C1985E08FDE] - [14/04/2015 14:15:09] - (.© Microsoft Corporation. - Windows NT BASE API Client DLL.) - [1136 Ko] - (6.1.7601.18798) : C:\Windows\System32\Kernel32.dll
[MD5.CA4FC33FB22D92368A0B221092B46374] - [14/04/2015 14:15:08] - (.© Microsoft Corporation. - Local Security Authority Process.) - [30.5 Ko] - (6.1.7601.18798) : C:\Windows\System32\lsass.exe
[MD5.5C627D1B1138676C0A7AB2C2C190D123] - [20/11/2010 20:24:01] - (.© Microsoft Corporation. - Distributed COM Services.) - [500 Ko] - (6.1.7601.17514) : C:\Windows\System32\rpcss.dll
[MD5.DD81D91FF3B0763C392422865C9AC12E] - [13/07/2009 16:57:20] - (.© Microsoft Corporation. - Windows host process (Rundll32).) - [44.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\rundll32.exe
[MD5.24ACB7E5BE595468E3B9AA488B9B4FCB] - [13/07/2009 16:19:46] - (.© Microsoft Corporation. - Services and Controller app.) - [321 Ko] - (6.1.7600.16385) : C:\Windows\System32\services.exe
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [13/07/2009 16:31:13] - (.© Microsoft Corporation. - Host Process for Windows Services.) - [26.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\svchost.exe
[MD5.FE70103391A64039A921DBFFF9C7AB1B] - [20/11/2010 20:24:09] - (.© Microsoft Corporation. - Multi-User Windows USER API Client DLL.) - [984.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\user32.dll
[MD5.BAFE84E637BF7388C96EF48D4D3FDD53] - [20/11/2010 20:24:28] - (.© Microsoft Corporation. - Userinit Logon Application.) - [30 Ko] - (6.1.7601.17514) : C:\Windows\System32\userinit.exe
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [13/07/2009 16:52:37] - (.© Microsoft Corporation. - Windows Start-Up Application.) - [126 Ko] - (6.1.7600.16385) : C:\Windows\System32\Wininit.exe
[MD5.8CEBD9D0A0A879CDE9F36F4383B7CAEA] - [15/10/2014 12:07:59] - (.© Microsoft Corporation. - Windows Logon Application.) - [444.5 Ko] - (6.1.7601.18540) : C:\Windows\System32\Winlogon.exe
[MD5.FA886682CFC5D36718D3E436AACF10B9] - [09/07/2014 09:34:04] - (.© Microsoft Corporation. - Ancillary Function Driver for WinSock.) - [485.5 Ko] - (6.1.7601.18489) : C:\Windows\System32\Drivers\afd.sys
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - [13/07/2009 16:19:47] - (.© Microsoft Corporation. - ATAPI IDE Miniport Driver.) - [23.56 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\atapi.sys
[MD5.059F00DEF82BF41E433B7ED465847726] - [16/05/2014 11:44:17] - (.© Microsoft Corporation. - ATAPI Driver Extension.) - [151.94 Ko] - (6.1.7601.18231) : C:\Windows\System32\Drivers\ataport.sys
[MD5.B8BD2BB284668C84865658C77574381A] - [13/07/2009 16:19:47] - (.© Microsoft Corporation. - CD-ROM File System Driver.) - [90 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\cdfs.sys
[MD5.F036CE71586E93D94DAB220D7BDF4416] - [20/11/2010 20:23:47] - (.© Microsoft Corporation. - SCSI CD-ROM Driver.) - [144 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\cdrom.sys
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - [20/11/2010 20:24:32] - (.© Microsoft Corporation. - DFS Namespace Client Driver.) - [100 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\dfsc.sys
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - [20/11/2010 20:23:47] - (.© Microsoft Corporation. - High Definition Audio Bus Driver.) - [119.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\hdaudbus.sys
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - [13/07/2009 16:19:58] - (.© Microsoft Corporation. - i8042 Port Driver.) - [103 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\i8042prt.sys
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - [13/07/2009 17:10:03] - (.© Microsoft Corporation. - IP Network Address Translator.) - [113.5 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\ipnat.sys
[MD5.A5D9106A73DC88564C825D317CAC68AC] - [17/06/2013 10:43:27] - (.© Microsoft Corporation. - Windows NT SMB Minirdr.) - [154.5 Ko] - (6.1.7601.17605) : C:\Windows\System32\Drivers\mrxsmb.sys
[MD5.760E38053BF56E501D562B70AD796B88] - [17/06/2013 11:02:21] - (.© Microsoft Corporation. - NDIS 6.20 driver.) - [927.86 Ko] - (6.1.7601.17939) : C:\Windows\System32\Drivers\ndis.sys
[MD5.09594D1089C523423B32A4229263F068] - [20/11/2010 20:23:51] - (.© Microsoft Corporation. - MBT Transport driver.) - [255.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\netbt.sys
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - [16/05/2014 11:43:17] - (.© Microsoft Corporation. - NT File System Driver.) - [1645.44 Ko] - (6.1.7601.18378) : C:\Windows\System32\Drivers\ntfs.sys
[MD5.0086431C29C35BE1DBC43F52CC273887] - [13/07/2009 17:00:41] - (.© Microsoft Corporation. - Parallel Port Driver.) - [95 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\parport.sys
[MD5.471815800AE33E6F1C32FB1B97C490CA] - [20/11/2010 20:24:33] - (.© Microsoft Corporation. - RAS L2TP mini-port/call-manager driver.) - [126.5 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\rasl2tp.sys
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - [13/07/2009 17:09:09] - (.© Microsoft Corporation. - SMB Transport driver.) - [91 Ko] - (6.1.7600.16385) : C:\Windows\System32\Drivers\smb.sys
[MD5.04ADD18EE5CC9FBEDAEC1DD1CD0CB45E] - [11/06/2014 21:10:27] - (.© Microsoft Corporation. - TCP/IP Driver.) - [1858.94 Ko] - (6.1.7601.18438) : C:\Windows\System32\Drivers\tcpip.sys
[MD5.70988118145F5F10EF24720B97F35F65] - [24/02/2015 23:35:00] - (.© Microsoft Corporation. - TDI Translation Driver.) - [116.5 Ko] - (6.1.7601.18658) : C:\Windows\System32\Drivers\tdx.sys
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - [20/11/2010 20:23:47] - (.© Microsoft Corporation. - Volume Shadow Copy Driver.) - [288.88 Ko] - (6.1.7601.17514) : C:\Windows\System32\Drivers\volsnap.sys

---------- | Locked Applications


---------- | Explorer.exe component call (Microsoft Files Whitelisted)

(..-..) - (15.0.4835.1000) -- C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
(.Fraunhofer Institut Integrierte Schaltungen IIS.-.MPEG Layer-3 Audio Codec for MSACM.) - (1.9.0.401) -- C:\Windows\System32\l3codeca.acm
(.Raptr Inc..-.Help Module.) - (1.0.0.1) -- C:\PROGRA~2\RAPTRI~1\PlaysTV\ltc_help64-114622.dll

---------- | Svchost.exe component call (Microsoft Files Whitelisted)

(.Creative Technology Ltd..-.Audio Processing Object Chaining Module.) - (1.0.0.250) -- C:\Windows\system32\MBWrp64.dll
(.Creative Technology Ltd..-.Creative Audio Processing Object Module.) - (1.2.16.44) -- C:\Windows\system32\MBAPO264.dll
(.Realtek Semiconductor Corp..-.Realtek(r) LFX/GFX DSP component.) - (11.0.6000.350) -- C:\Windows\system32\RtkAPO64.dll
(.Apple Inc..-.Bonjour Namespace Provider.) - (3.1.0.1) -- C:\Program Files\Bonjour\mdnsNSP.dll

---------- | ZeroAccess Check

[HKLM\Software\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\Classes\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] : %systemroot%\system32\wbem\wbemess.dll
[HKLM\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{1108BE51-F58A-4CDA-BB99-7A0227D11D5E}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] : %SystemRoot%\system32\shell32.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] : %systemroot%\system32\wbem\fastprox.dll
[HKLM\Software\WOW6432Node\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] : %SystemRoot%\system32\shell32.dll

---------- | Startings up

Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-19\...\Run]) - User: NT AUTHORITY\LOCAL SERVICE
Sidebar - (%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [HKU\S-1-5-20\...\Run]) - User: NT AUTHORITY\NETWORK SERVICE
Spotify Web Helper - ("C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe" [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run]) - User: Sambone-PC\Sambone
uTorrent - ("C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run]) - User: Sambone-PC\Sambone
f.lux - ("C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow [HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\...\Run]) - User: Sambone-PC\Sambone
NvBackend - ("C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [HKLM\...\Run]) - User: Public
ShadowPlay - ("C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart [HKLM\...\Run]) - User: Public
XboxStat - ("C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [HKLM\...\Run]) - User: Public
MSC - ("c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [HKLM\...\Run]) - User: Public

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe"   
"uTorrent"="C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED   
"f.lux"="C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"=C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"   
"Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"=C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"   
"Uninstall C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"=C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"   
"Uninstall C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"=C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\17.3.4724.0224\amd64"   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Command Processor]
"CompletionChar"=9   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=9   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"=explorer.exe\1   
"MRUList"=ab   
"b"=dllhost.exe\1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"   
"ShadowPlay"="C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart   
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun   
"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey   

[HKLM\Software\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run]
"PlaysTV"="C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXBannerAdPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXAccountViewPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLicenseWriterPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDownloadManagerPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXMediaManagerV2Plugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlayerPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXPlaybackServicesPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDevicePanePlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXLibraryPanePlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXTicketManagerPlugin.dll",DllRegisterServer   
"B Register C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll"="C:\Windows\system32\rundll32.exe" "C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDFXAudioPlugin.dll",DllRegisterServer   

[HKLM\Software\WOW6432Node\Microsoft\Command Processor]
"CompletionChar"=64   
"DefaultColor"=0   
"EnableExtensions"=1   
"PathCompletionChar"=64   


---------- | Startings up registry ¦ Folder

[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CCleaner Monitoring] : "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXMediaServer] : C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe  [10/03/2016 01:16:50]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate] : "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM] : "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Facebook Update] : "C:\Users\Sambone\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GoogleChromeAutoLaunch_057DB5F917DE23991EB93D0512613AB4] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper] : "C:\Program Files\iTunes\iTunesHelper.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Launch LCore] : C:\Program Files\Logitech Gaming Software\LCore.exe /minimized  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MBCfg64] : C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvBackend] : "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OneDrive] : "C:\Users\Sambone\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PlaysTV] : "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RaidCall] : C:\Program Files (x86)\RaidCall\raidcall.exe  [03/09/2014 19:55:02]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Razer Synapse] : "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RTHDVCPL] : "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Search Protection] : "C:\Users\Sambone\AppData\Roaming\Search Protection\SP.EXE" /autostart  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ShadowPlay] : C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] : "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sound Blaster Cinema] : "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify] : "C:\Users\Sambone\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spotify Web Helper] : "C:\Users\Sambone\AppData\Roaming\Spotify\SpotifyWebHelper.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swg] : "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\UpdReg] : C:\Windows\UpdReg.EXE  [12/05/2014 13:06:27]
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB3MON] : "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"  
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] : "C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED  

---------- | Other keys


[HKLM\System\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll   

[HKLM\System\CurrentControlSet\Control\Terminal Server]
"RCDependentServices"=CertPropSvc
SessionEnv   
"NotificationTimeOut"=0   
"SnapshotMonitors"=1   
"ProductVersion"=5.1   
"AllowRemoteRPC"=0   
"DelayConMgrTimeout"=0   
"fDenyTSConnections"=1   
"StartRCM"=0   
"TSAdvertise"=0   
"DeleteTempDirsOnExit"=1   
"fSingleSessionPerUser"=1   
"PerSessionTempDir"=0   
"TSUserEnabled"=0   
"InstanceID"=09cbac4e-52fb-4a3d-ba7c-7330492   
"fCredentialLessLogonSupported"=1   
"fCredentialLessLogonSupportedTSS"=1   
"fCredentialLessLogonSupportedKMRDP"=1   

[HKLM\System\CurrentControlSet\Control\Session Manager]
"CriticalSectionTimeout"=2592000   
"GlobalFlag"=0   
"HeapDeCommitFreeBlockThreshold"=0   
"HeapDeCommitTotalFreeThreshold"=0   
"HeapSegmentCommit"=0   
"HeapSegmentReserve"=0   
"ProcessorControl"=2   
"ResourceTimeoutCount"=648000   
"BootExecute"=autocheck autochk *   
"ExcludeFromKnownDlls"=   
"ObjectDirectories"=\Windows
\RPC Control   
"ProtectionMode"=1   
"NumberOfInitialSessions"=2   
"SetupExecute"=   

[HKLM\System\CurrentControlSet\Control]
"PreshutdownOrder"=wuauserv
gpsvc
trustedinstaller   
"WaitToKillServiceTimeout"=200   
"CurrentUser"=USERNAME   
"BootDriverFlags"=0   
"ServiceControlManagerExtension"=%systemroot%\system32\scext.dll   
"SystemStartOptions"= NOEXECUTE=OPTIN   
"SystemBootDevice"=multi(0)disk(0)rdisk(0)partition(4)   
"FirmwareBootDevice"=multi(0)disk(0)rdisk(0)partition(2)   

[HKLM\System\CurrentControlSet\Control\lsa]
"auditbaseobjects"=0   
"auditbasedirectories"=0   
"crashonauditfail"=0   
"fullprivilegeauditing"=0x00   
"Bounds"=0x0030000000200000   
"LimitBlankPasswordUse"=1   
"NoLmHash"=1   
"Notification Packages"=scecli   
"Security Packages"=kerberos
msv1_0
schannel
wdigest
tspkg
pku2u   
"Authentication Packages"=msv1_0   
"LsaPid"=724   
"SecureBoot"=1   
"ProductType"=3   
"disabledomaincreds"=0   
"everyoneincludesanonymous"=0   
"forceguest"=0   
"restrictanonymous"=0   
"restrictanonymoussam"=1   


---------- | .LNK

C:\Users\Sambone\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\3a3ad022dec05da0\League of Legends.lnk        ((2)/PBE/lol.launcher.exe) 
C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk        (/sendto:) 
C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\Users\Sambone\Desktop\AdsFix_Donate.lnk        (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=S3AQ8V3XRWWYN) 
C:\Users\Sambone\SendTo\Fax Recipient.lnk        (/SendTo) 
C:\Users\Sambone\SendTo\Skype.lnk        (/sendto:) 
C:\Users\Sambone\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk        (/name Microsoft.EaseOfAccessCenter) 
C:\Users\Sambone\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk        ( -extoff) 
C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk        (/name Microsoft.DefaultPrograms) 
C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk        (startmenu) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk        (/showgadgets) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk        (/prefetch:1) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk        (/open) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk        (%SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk        (-SpeechUX) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk        (/res) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk        (/s) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk        (-NoExit -ImportSystemModules) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk        (/start=update) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk        (/start=registration) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios\Uninstall All Hi-Rez Games.lnk        (uninstall=all) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk        (-tab about) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk        (-tab update) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk        (/name Microsoft.BackupAndRestore) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\McAfee Security Scan Plus.lnk        (SecurityScanner.dll) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus\Uninstall.lnk        (C:\Program Files\McAfee Security Scan\3.11.163\McAfee.ico) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk        (-forcecheck) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT\Tools\Houston Addon Studio.lnk        (-houston) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk        (/show) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Disable 3D Vision.lnk        (/disable) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\Enable 3D Vision.lnk        (/enable) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse\Razer Synapse.lnk        (-launch) 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer\Razer Synapse 2.0\Razer Synapse 2.0.lnk        (-launch) 

---------- | AppCertDlls | AppInit_DLLs


---------- | Dnsapi.dll

C:\Windows\System32\dnsapi.dll -> OK : \drivers\etc\hosts
C:\Windows\SysWOW64\dnsapi.dll -> OK : \drivers\etc\hosts

---------- | Policies | Registry

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Control Panel\Desktop]
"ScreenSaveActive"=1   
"ActiveWndTrackTimeout"=0   
"BlockSendInputResets"=0   
"CaretWidth"=1   
"ClickLockTime"=1200   
"CoolSwitchColumns"=7   
"CoolSwitchRows"=3   
"CursorBlinkRate"=530   
"DockMoving"=1   
"DragFromMaximize"=1   
"DragFullWindows"=1   
"DragHeight"=4   
"DragWidth"=4   
"FocusBorderHeight"=1   
"FocusBorderWidth"=1   
"FontSmoothing"=2   
"FontSmoothingGamma"=0   
"FontSmoothingOrientation"=1   
"FontSmoothingType"=2   
"ForegroundFlashCount"=7   
"ForegroundLockTimeout"=200000   
"LeftOverlapChars"=3   
"MenuShowDelay"=400   
"PaintDesktopVersion"=0   
"RightOverlapChars"=3   
"SnapSizing"=1   
"TileWallpaper"=0   
"WallpaperOriginX"=0   
"WallpaperOriginY"=0   
"WallpaperStyle"=0   
"WheelScrollChars"=3   
"WheelScrollLines"=3   
"WindowArrangementActive"=1   
"UserPreferencesMask"=0x9E3E078012000000   
"Wallpaper"=C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg   [15/05/2014 13:26:37]
"Pattern Upgrade"=TRUE   
"SCRNSAVE.EXE"=C:\Windows\SysWOW64\lol.scr   
"WaitToKillAppTimeout"=200   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ExplorerStartupTraceRecorded"=1   
"ShellState"=0x240000003828000000000000000000000000000001000000120000000000000022000000   
"CleanShutdown"=0   
"Browse For Folder Width"=318   
"Browse For Folder Height"=346   
"link"=0x16000000   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Start_SearchFiles"=2   
"ServerAdminUI"=0   
"Hidden"=2   
"ShowCompColor"=1   
"HideFileExt"=1   
"DontPrettyPath"=0   
"ShowInfoTip"=1   
"HideIcons"=0   
"MapNetDrvBtn"=0   
"WebView"=1   
"Filter"=0   
"SuperHidden"=0   
"SeparateProcess"=0   
"AutoCheckSelect"=0   
"IconsOnly"=0   
"ShowTypeOverlay"=1   
"ListviewAlphaSelect"=1   
"ListviewShadow"=1   
"TaskbarAnimations"=1   
"StartMenuInit"=4   
"TaskbarSizeMove"=1   
"DisablePreviewDesktop"=0   
"TaskbarSmallIcons"=0   
"TaskbarGlomLevel"=0   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\WordWheelQuery]
"MRUListEx"=0x0100000000000000FFFFFFFF   
"0"=0x33000000   
"1"=0x65006D0070006C000000   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=238   

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5   
"ConsentPromptBehaviorUser"=3   
"EnableInstallerDetection"=1   
"EnableLUA"=1   
"EnableSecureUIAPaths"=1   
"EnableUIADesktopToggle"=0   
"EnableVirtualization"=1   
"PromptOnSecureDesktop"=1   
"ValidateAdminCodeSignatures"=0   
"dontdisplaylastusername"=0   
"legalnoticecaption"=   
"legalnoticetext"=   
"scforceoption"=0   
"shutdownwithoutlogon"=1   
"undockwithoutlogon"=1   
"FilterAdministratorToken"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoActiveDesktop"=1   
"NoActiveDesktopChanges"=1   
"ForceActiveDesktopOn"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop]
"NoAddingComponents"=1   
"NoComponents"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]
"{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=1   
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=1   
"{208D2C60-3AEA-1069-A2D7-08002B30309D}"=1   
"{871C5380-42A0-1069-A2EA-08002B30309D}"=1   
"{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}"=1   
"{59031a47-3f72-44a7-89c5-5595fe6b30ee}"=1   
"{031E4825-7B94-4dc3-B131-E946B44C8DD5}"=1   
"{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}"=1   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]
"{871C5380-42A0-1069-A2EA-08002B30309D}.default"=0   
"{9343812e-1c37-4a49-a12e-4b2d810d956b}"=1   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"RegPath"=Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced   
"Text"=@shell32.dll,-30500   
"Type"=radio   
"CheckedValue"=1   
"ValueName"=Hidden   
"DefaultValue"=2   
"HKeyRoot"=2147483649   
"HelpID"=shell.hlp#51105   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer]
"ListViewPopupControl"={8be9f5ea-e746-4e47-ad57-3fb191ca1eed}   
"BrowserCFCreator"={57f8510b-a5e2-41da-a8f0-8a5ae85dfffd}   
"GlobalFolderSettings"={EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}   
"LVPopupSearchControl"={fccf70c8-f4d7-4d8b-8c17-cd6715e37fff}   
"FileOpenDialog"={DC1C5A9C-E88A-4dde-A5A1-60F82A20AEF7}   
"IconUnderline"=2   
"GlobalAssocChangedCounter"=182   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"TaskbarSizeMove"=0   

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Associations]
"Application"=http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s   


---------- | Winlogon 

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"=AppData\Local;AppData\LocalLow;$Recycle.Bin   
"BuildNumber"=7601   
"FirstLogon"=0   
"ParseAutoexec"=1   

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"Userinit"=C:\Windows\system32\userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   
"AutoRestartShell"=1   
"Background"=0 0 0   
"CachedLogonsCount"=10   
"DebugServerCommand"=no   
"ForceUnlockLogon"=0   
"LegalNoticeCaption"=   
"LegalNoticeText"=   
"PasswordExpiryWarning"=5   
"PowerdownAfterShutdown"=0   
"ShutdownWithoutLogon"=0   
"WinStationsDisabled"=0   
"DisableCAD"=1   
"scremoveoption"=0   
"ShutdownFlags"=43   
"AutoAdminLogon"=0   
"DefaultUserName"=Sambone   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ReportBootOk"=1   
"Shell"=explorer.exe   
"PreCreateKnownFolders"={A520A1A4-1780-4FF6-BD18-167343C5AF16}   
"DefaultDomainName"=   
"DefaultUserName"=   
"Userinit"=userinit.exe,   
"VMApplet"=SystemPropertiesPerformance.exe /pagefile   


---------- | Associations

[HKLM\Software\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\Classes\.com]
""=comfile   

[HKLM\Software\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.reg]
""=regfile   

[HKLM\Software\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\Classes\.scr]
""=scrfile   

[HKLM\Software\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\Classes\.bat]
""=batfile   

[HKLM\Software\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.cmd]
""=cmdfile   

[HKLM\Software\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.pif]
""=piffile   

[HKLM\Software\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\Classes\.inf]
""=inffile   

[HKLM\Software\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\Classes\.url]
""=InternetShortcut   

[HKLM\Software\Classes\.lnk]
""=lnkfile   

[HKLM\Software\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\WOW6432Node\Classes\.exe]
""=exefile   
"Content Type"=application/x-msdownload   

[HKLM\Software\WOW6432Node\Classes\exefile\Shell\Open\Command]
""="%1" %*   
"IsolatedCommand"="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.com]
""=comfile   

[HKLM\Software\WOW6432Node\Classes\comfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.reg]
""=regfile   

[HKLM\Software\WOW6432Node\Classes\regfile\Shell\Open\Command]
""=regedit.exe "%1"   

[HKLM\Software\WOW6432Node\Classes\.scr]
""=scrfile   

[HKLM\Software\WOW6432Node\Classes\scrfile\Shell\Open\Command]
""="%1" /S   

[HKLM\Software\WOW6432Node\Classes\.bat]
""=batfile   

[HKLM\Software\WOW6432Node\Classes\batfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.cmd]
""=cmdfile   

[HKLM\Software\WOW6432Node\Classes\cmdfile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.pif]
""=piffile   

[HKLM\Software\WOW6432Node\Classes\piffile\Shell\Open\Command]
""="%1" %*   

[HKLM\Software\WOW6432Node\Classes\.inf]
""=inffile   

[HKLM\Software\WOW6432Node\Classes\inffile\Shell\Open\Command]
""=%SystemRoot%\system32\NOTEPAD.EXE %1   

[HKLM\Software\WOW6432Node\Classes\.url]
""=InternetShortcut   

[HKLM\Software\WOW6432Node\Classes\.lnk]
""=lnkfile   

[HKLM\Software\WOW6432Node\Classes\InternetShortcut]
"NeverShowExt"=   
"InfoTip"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"EditFlags"=2   
"FullDetails"=prop:System.Link.TargetUrl;System.Rating;System.Link.Description;System.Link.Comment   
"IsShortcut"=   
"FriendlyTypeName"=@C:\Windows\System32\ieframe.dll,-10046   
"PreviewDetails"=prop:System.Link.TargetUrl;System.Rating;System.History.VisitCount;System.History.DateChanged;System.Link.DateVisited;System.Link.Description;System.Link.Comment   

[HKLM\Software\WOW6432Node\Classes\Application.Manifest]
""=Application Manifest   
"EditFlags"=65536   
"BrowserFlags"=4096   
"FriendlyTypeName"=@dfshim.dll,-200   

[HKLM\Software\WOW6432Node\Classes\Application.Reference]
"NeverShowExt"=   
""=Application Reference   
"IsShortcut"=   
"EditFlags"=131072   
"FriendlyTypeName"=@dfshim.dll,-201   

[HKLM\Software\WOW6432Node\Classes\Folder]
"ContentViewModeLayoutPatternForBrowse"=delta   
"ContentViewModeForBrowse"=prop:~System.ItemNameDisplay;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;~System.LayoutPattern.PlaceHolder;System.DateModified   
"ContentViewModeLayoutPatternForSearch"=alpha   
"ContentViewModeForSearch"=prop:~System.ItemNameDisplay;System.DateModified;~System.ItemFolderPathDisplay   
""=Folder   
"EditFlags"=0xD2030000   
"FullDetails"=prop:System.PropGroup.Description;System.ItemNameDisplay;System.ItemTypeText;System.Size   
"NoRecentDocs"=   
"ThumbnailCutoff"=0   
"TileInfo"=prop:System.Title;System.ItemTypeText   

[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Mozilla Firefox\firefox.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\FIREFOX.EXE\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\Shell\open\Command]
""="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\Google Chrome\InstallInfo]
"ReinstallCommand"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser

[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\Shell\open\Command]
""="C:\Program Files (x86)\Internet Explorer\iexplore.exe"   
[HKLM\Software\WOW6432Node\Clients\StartMenuInternet\IEXPLORE.EXE\InstallInfo]
"ReinstallCommand"="C:\Windows\System32\ie4uinit.exe" -reinstall


---------- | AppcompatFlags

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Sambone\Downloads\LeagueofLegends_NA_Installer_05_07_13.exe"=1
"C:\Users\Sambone\Downloads\SteamSetup.exe"=1
"C:\Users\Sambone\Downloads\World-of-Warcraft-Public-Test-Setup-enUS.exe"=1
"C:\Users\Sambone\Downloads\chromeinstall-7u55.exe"=1
"C:\Program Files (x86)\World of Warcraft Public Test\World of Warcraft Public Test Launcher.exe"=1
"C:\Users\Sambone\Downloads\SkypeSetup.exe"=1
"C:\Users\Sambone\Downloads\McAfeeSetup.exe"=1
"C:\Users\Sambone\Downloads\TeamSpeak3-Client-win32-3.0.14.exe"=1
"C:\Users\Sambone\Downloads\CurseClientSetup_r5QD.exe"=1
"C:\Users\Sambone\Downloads\Setup.X86.en-US_O365HomePremRetail_b74e4699-0521-469b-b0e3-0d0f4a85a2d6_TX_PR_.exe"=1
"C:\Users\Sambone\Downloads\Hearthstone-Setup-enUS.exe"=1
"C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe"=1
"C:\Users\Sambone\Downloads\Firefox Setup Stub 31.0.exe"=1
"C:\Users\Sambone\Downloads\InstallHiRezGamesEnglish.exe"=1
"C:\Users\Sambone\Downloads\HeroesAndGenerals-setup-93464.exe"=1
"C:\Users\Sambone\Downloads\World-of-Warcraft-Setup-enUS.exe"=1
"C:\Users\Sambone\Downloads\ventrilo-3.0.8-Windows-i386.exe"=1
"C:\Program Files (x86)\World of Warcraft\World of Warcraft Launcher.exe"=1
"C:\Users\Sambone\Downloads\UplayInstaller.exe"=1
"C:\Users\Sambone\Downloads\GlyphInstall-0-1.exe"=1
"C:\Users\Sambone\Downloads\FacebookVideoCallSetup_v1.2.205.0.exe"=1
"C:\Users\Sambone\Downloads\DivXInstaller.exe"=1
"C:\Users\Sambone\Downloads\FreeFLACToMP3Converter.exe"=1
"C:\Users\Sambone\Downloads\LeagueofLegends_NA_Installer_9_15_2014.exe"=1
"C:\Users\Sambone\Downloads\mumble-1.2.8_plus_MumbleComSkin.exe"=1
"C:\Users\Sambone\Downloads\raidcall_v7.3.6.exe"=1
"C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe"=1
"C:\Users\Sambone\Downloads\LeagueofLegends_NA_Installer_9_15_2014 (1).exe"=1
"C:\Users\Sambone\Downloads\Nostalrius-WoW-Classic\WoW Classic\WoW-1.12.1-Setup.exe"=1
"C:\Program Files (x86)\Hi-Rez Studios\HiRezGamesDiagAndSupport.exe"=32
"C:\Users\Sambone\Downloads\chromeinstall-8u45.exe"=1
"C:\Users\Sambone\Downloads\hwmonitor_1.27.exe"=1
"C:\Users\Sambone\Downloads\mbam-setup-2.1.4.1018.exe"=1
"C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe"=33
"C:\Program Files (x86)\Realtek\NICDRV_8169\RTINSTALLER64.EXE"=1
"C:\Users\Sambone\Downloads\[R.G. Mechanics] Ori and the Blind Forest\setup.exe"=1
"C:\Program Files (x86)\Steam\steamapps\common\Left 4 Dead 2\bin\addoninstaller.exe"=1
"C:\ProgramData\NVIDIA Corporation\GeForce Experience\Update\setup.exe"=1
"C:\Users\Sambone\Downloads\DivXInstaller (1).exe"=1
"C:\Users\Sambone\Downloads\PotPlayerSetup64.exe"=1
"C:\Program Files (x86)\Overwatch\Overwatch Launcher.exe"=1
"C:\Users\Sambone\AppData\Local\Temp\RazerSurroundInstaller\RzUpdateManager.exe"=1
"C:\Users\Sambone\Downloads\RazerSurroundInstaller_v2.0.29.2.exe"=1
"C:\Users\Sambone\Downloads\[R.G. Mechanics] Middle Earth - Shadow of Mordor\setup.exe"=1


---------- | IFEO


---------- | Mountpoints2


---------- | Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
""=USR:Software\Microsoft\Windows NT\CurrentVersion\Windows   
"Spooler"=#SYS:Microsoft\Windows NT\CurrentVersion\Windows   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini\Windows]
"MouseSpeed"=#USR:Control Panel\Mouse   
"MouseThreshold1"=#USR:Control Panel\Mouse   
"MouseThreshold2"=#USR:Control Panel\Mouse   
"SwapMouseButtons"=#USR:Control Panel\Mouse   
"Beep"=#USR:Control Panel\Sound   
"DoubleClickSpeed"=#USR:Control Panel\Mouse   
"CoolSwitch"=USR:Control Panel\Desktop   
"DoubleClickHeight"=#USR:Control Panel\Mouse   
"DoubleClickWidth"=#USR:Control Panel\Mouse   
"DragFullWindows"=USR:Control Panel\Desktop   
"InitialKeyboardIndicators"=USR:Control Panel\Keyboard   
"LowPowerActive"=#USR:Control Panel\Desktop   
"LowPowerTimeOut"=#USR:Control Panel\Desktop   
"PowerOffActive"=#USR:Control Panel\Desktop   
"PowerOffTimeOut"=#USR:Control Panel\Desktop   
"ScreenSaveActive"=#USR:Control Panel\Desktop   
"ScreenSaveTimeOut"=#USR:Control Panel\Desktop   
"SnapToDefaultButton"=#USR:Control Panel\Mouse   
"TRANSMISSIONRETRYTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEFAULTSEPARATEVDM"=\\REGISTRY\\MACHINE\\SYSTEM\\CURRENTCONTROLSET\\CONTROL\\WOW   
"APPINIT_DLLS"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"DEVICENOTSELECTEDTIMEOUT"=#SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   
"SWAPDISK"=SYS:MICROSOFT\\WINDOWS NT\\CURRENTVERSION\\WINDOWS   

[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]
""=SYS:Microsoft\Windows NT\CurrentVersion\WOW\boot   
"ScreenSaverActive"=USR:Control Panel\Desktop   
"ScreenSaverIsSecure"=USR:Control Panel\Desktop   
"SCRNSAVE.EXE"=USR:Control Panel\Desktop   
"Shell"=SYS:Microsoft\Windows NT\CurrentVersion\Winlogon   

[HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]
"windows"=%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

---------- | Security center

[HKLM\SOFTWARE\Microsoft\Security Center]
"cval"=1

[HKLM\SOFTWARE\Microsoft\Security Center\svc]
"VistaSp1"=128920218544262440
"AntiVirusOverride"=0
"AntiSpywareOverride"=0
"FirewallOverride"=0

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=1
"DisableRoutinelyTakingAction"=0
"ProductStatus"=0
"InstallTime"=0xEDD99C66146ECF01

[HKLM\Software\WOW6432Node\Microsoft\Windows Defender]
"DisableAntiSpyware"=0
"DisableRoutinelyTakingAction"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=1

[HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=1


---------- | Safeboot

[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AFD]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppInfo]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Base]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BFE]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Boot file system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\bowser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Browser]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CryptSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DcomLaunch]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dfsc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dhcp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\DnsCache]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Dot3Svc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Eaphost]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EFS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\EventLog]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\File system]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HelpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\IKEEXT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ipnat.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\KeyIso]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanServer]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LanmanWorkstation]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\LmHosts]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Messenger]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSDrv]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MPSSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb10]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mrxsmb20]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MsMpSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NativeWifiP]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS Wrapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ndiscap]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ndisuio]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBIOSGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetBT]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetDDEGroup]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Netlogon]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetMan]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\netprofm]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Network]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NetworkProvider]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NlaSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Nsi]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nsiproxy.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NTDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PCI Configuration]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PlugPlay]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP Filter]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PNP_TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PolicyAgent]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Power]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Primary disk]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ProfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdbss]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdpencdd.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\rdsessmgr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcEptMapper]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\RpcSs]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sacsvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCardSvr]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SCSI Class]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sermouse.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SharedAccess]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Streams Drivers]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SWPRV]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\System Bus Extender]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TabletInputService]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TBS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Tcpip]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDI]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TrustedInstaller]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VaultSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VDS]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vga.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vgasave.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vmms]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgr.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\volmgrx.sys]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinDefend]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WinMgmt]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wlansvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfPf]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfRd]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfSvc]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WudfUsbccidDriver]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

---------- | Winsock (Whitelist)


---------- | Hosts

#       127.0.0.1       localhost

---------- | @

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Main]
"Disable Script Debugger"=yes
"Anchor Underline"=yes
"Cache_Update_Frequency"=Once_Per_Session
"Display Inline Images"=yes
"Do404Search"=0x01000000
"Local Page"=C:\Windows\system32\blank.htm
"Save_Session_History_On_Exit"=no
"Show_FullURL"=no
"Show_StatusBar"=yes
"Show_ToolBar"=yes
"Show_URLinStatusBar"=yes
"Show_URLToolBar"=yes
"Use_DlgBox_Colors"=yes
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"XMLHTTP"=1
"NoUpdateCheck"=1
"DisableScriptDebuggerIE"=yes
"UseClearType"=no
"Enable Browser Extensions"=yes
"Play_Background_Sounds"=yes
"Play_Animations"=yes
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"OperationalData"=5
"CompatibilityFlags"=0
"FullScreen"=no
"Window_Placement"=0x2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFE3000000EB0000009606000001040000
"IE10RunOnceLastShown"=1
"IE10RunOnceLastShown_TIMESTAMP"=0xEB75E9357C70CF01
"IE10TourShown"=1
"IE10TourShownTime"=0x4BD7EB357C70CF01
"IconCache"=76gw43k
"DownloadWindowPlacement"=0x0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
"ImageStoreRandomFolder"=e5ui6wo
"IE10TourNoShow"=1
"DoNotTrack"=1
"IE10RunOncePerInstallCompleted"=1
"IE10RunOnceCompletionTime"=0x36DB98DA0E73CF01
"AutoHide"=yes
"DefSpellLang"=en-US
"SuppressScriptDebuggerDialog"=0
"Use FormSuggest"=yes

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"IE5_UA_Backup_Flag"=5.0
"User Agent"=Mozilla/4.0 (compatible; MSIE 8.0; Win32)
"EmailName"=User@
"PrivDiscUiShown"=1
"EnableHttp1_1"=1
"WarnOnIntranet"=1
"MimeExclusionListForCache"=multipart/mixed multipart/x-mixed-replace multipart/x-byteranges 
"AutoConfigProxy"=wininet.dll
"UseSchannelDirectly"=0x01000000
"WarnOnPost"=0x01000000
"UrlEncoding"=0
"SecureProtocols"=2688
"PrivacyAdvanced"=0
"ZonesSecurityUpgrade"=0x9A79F85C9E72CF01
"DisableCachingOfSSLPages"=0
"WarnonZoneCrossing"=0
"CertificateRevocation"=1
"EnableNegotiate"=1
"MigrateProxy"=1
"ProxyEnable"=0
"ProxyHttp1.1"=1
"WarNonBadCertReceving"=1
"WarNonHTTPSToHTTPRedirect"=1

[HKLM\Software\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Main]
"AutoHide"=yes
"Security Risk Page"=about:SecurityRisk
"Extensions Off Page"=about:NoAdd-ons
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Page_URL"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Anchor_Visitation_Horizon"=0x01000000
"Cache_Percent_of_Disk"=0x0A000000
"Placeholder_Width"=0x1A000000
"Placeholder_Height"=0x1A000000
"Default_Secondary_Page_URL"=
"Use_Async_DNS"=yes
"Start Page"=http://go.microsoft.com/fwlink/p/?LinkId=255141
"Local Page"=C:\Windows\System32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Delete_Temp_Files_On_Exit"=yes
"Enable_Disk_Cache"=yes
"Check_Associations"=yes
"ApplicationTileImmersiveActivation"=1
"AssociationActivationMode"=0
"x86AppPath"=C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\AboutURLs]
"blank"=res://mshtml.dll/blank.htm
"NoAdd-onsInfo"=res://ieframe.dll/noaddoninfo.htm
"InPrivate"=res://ieframe.dll/inprivate_win7.htm
"NavigationFailure"=res://ieframe.dll/navcancl.htm
"NoAdd-ons"=res://ieframe.dll/noaddon.htm
"Home"=270
"PostNotCached"=res://ieframe.dll/repost.htm
"DesktopItemNavigationFailure"=res://ieframe.dll/navcancl.htm
"NavigationCanceled"=res://ieframe.dll/navcancl.htm
"SecurityRisk"=res://ieframe.dll/securityatrisk.htm

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\URL\Prefixes]
"mosaic"=http://
"www"=http://
"home"=http://
"ftp"=ftp://

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Internet settings]
"EnablePunycode"=1
"CodeBaseSearchPath"=CODEBASE
"WarnOnIntranet"=1
"MinorVersion"=0
"ActiveXCache"=C:\Windows\Downloaded Program Files


---------- | reparsepoint


---------- | Detection of offsets


---------- | Notify 


---------- | SSODL | SEH | URLSH | STS


---------- | Toolbar

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"Locked"=0   
"ShowDiscussionButton"=Yes   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"ITBar7Layout"=0x13000000000000000000000020000000100001001F00000001000000000700005E010000060000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Layout64"=0x13000000000000000000000004000000100001000000000001000000000000005E010000060000000101000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000B1C218236549D4119B18009027A5CD4F0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000   
"ITBar7Height"=31   

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"KnownProvidersUpgradeTime"=0x29A4A2DD0E73CF01   
"DownloadRetries"=1   
"Version"=4   
"UpgradeTime"=0xBEC4953EE836D001   
"ShowSearchSuggestionsInAddressGlobal"=1   
"DefaultPackCorrection"=1   

[HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   

[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"={0633EE93-D776-472f-A0FF-E1416B8B2E3A}   


---------- | Extensions

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] : (Skype for Business Click to Call) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}] : (Se&nd to OneNote) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}] : (OneNote Lin&ked Notes) -       []
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}] : () -       []

---------- | SearchScopes

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E8161232-B939-482D-A803-B91316C7E2EA}] - (Google) - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MSIM_enUS588 : 

---------- | ElevationPolicy

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\2323B5B8-9D8F-4063-B1F8-B32017C24844] - (C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\) -  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA}] - (C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\) - FacebookVideoCalling.exe : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6}] - (C:\Users\Sambone\AppData\Roaming\Spotify) - spotify.exe : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020300}] - (C:\Program Files (x86)\Battlelog Web Plugins) - esnlauncher4.exe : C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\ESNLaunchAx.ocx
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897}] - (C:\Program Files (x86)\Heroes & Generals) - hngsync.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\System32) - wpcer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\System32) - wuapp.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\System32) - msdt.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\System32) - msspellcheckingfacility.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0935-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework64\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_32.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38f2c092-34df-4c12-9d9e-c9679bf0ab31}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{44D1B085-E495-4b5f-9EE6-34795C46E7E7}] - (C:\Program Files\Java\jre1.8.0_101\bin) - jp2launcher.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\System32) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - (C:\Program Files\Java\jre1.8.0_101\bin) - javaws.exe : C:\Program Files (x86)\Java\jre1.8.0_45\bin\wsdetect.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}] - (C:\Program Files\Microsoft Office 15\root\Office15\) - onenote.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\system32\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\System32) - verclsid.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}] - (C:\Program Files (x86)\Google\GoogleToolbarNotifier) - GoogleToolbarNotifier.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\System32) - ctfmon.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\System32) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D2A5716-2205-4EB2-8443-03AB6B9F4B3B}] - (C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\) - FMSIX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5B020FD-E04B-4e67-B65A-E7DEED25B2CF}] - (%SystemRoot%\System32) - wisptis.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\System32) - cmd.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () -  : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8FE2181-CAE7-49EE-9B04-DB7EB4DA544A}] - (C:\Program Files\Java\jre1.8.0_101\bin) - ssvagent.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88}] - (C:\Program Files (x86)\DivX\DivX OVS Helper) - OVSHelperBroker.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\System32) - notepad.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}] - (C:\Program Files\Microsoft Office 15\root\Office15\) - IEContentService.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_64.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\System32) - presentationhost.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\system32\Macromed\Flash) - FlashUtil64_21_0_0_242_ActiveX.exe : 
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC201F08-1B67-48A3-BDB9-9F4DAE9BC50B}] - (C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64) - kldw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00FA007C-D99F-407F-B00B-5B3B0001D8AB}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{041a5213-ea64-4c45-99af-70d7d8e902ec}] - (C:\Program Files (x86)\Internet Explorer) - ielowutil.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{054aae20-4bea-4347-8a35-64a533254a9d}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - tabtip.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}] - (C:\Windows\SysWOW64) - wpcer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1024F1BE-76DC-40d5-AB98-664A4185E5FA}] - (C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\) - FacebookVideoCalling.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1138506a-b949-46a7-b6c0-ee26499fdeaf}] - (C:\Windows\SysWOW64) - wuapp.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{130c40f0-1bcb-4852-8b63-291cf90a600b}] - (C:\Windows\SysWOW64) - msdt.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1753B788-C64C-4D57-B6BC-95C48992C4A7}] - (C:\Windows\SysWOW64) - msspellcheckingfacility.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{186e0934-aee9-11da-961b-0014223d2a70}] - (C:\Windows\microsoft.net\framework\v2.0.50727) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F1E561D-AF17-4510-B996-351BBA0862A7}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2391d819-9d17-44ec-9ac1-f6aa07549469}] - (%systemroot%\system32) - wermgr.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{26fe7361-bd5a-4dcb-b309-c6f42dde661c}] - (C:\Program Files (x86)\Internet Explorer) - ieinstal.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{357FBE87-6C8E-490D-A059-4746C864AE6F}] - (C:\Program Files (x86)\Common Files\Microsoft Shared\Ink) - InputPersonalization.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49CF0734-BF9A-4444-BC9F-C26E56AF042F}] - (C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4) - SonarHost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49E561B1-1091-4E65-98A0-AFCA4996CD1D}] - (C:\Windows\SysWOW64) - RuntimeBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4becf16c-74f0-429b-8d3e-4fba507ac661}] - (C:\Program Files (x86)\adobe\acrobat 7.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}] - () -  : C:\Program Files (x86)\Java\jre1.8.0_45\bin\wsdetect.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7}] - (C:\Program Files (x86)\Common Files\DivX Shared\DesktopService) - DDMService.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5FBAF6E6-C64B-49DB-AB1B-F93C607EBC71}] - (C:\Program Files\Microsoft Office 15\root\Office15\) - onenote.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D}] - (C:\Program Files (x86)\DivX\DivX Web Player) - dwpBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}] - (%ProgramFiles%\Windows Media Player) - wmplayer.exe : %SystemRoot%\system32\wmp.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6bf52a52-394a-11d3-b153-00c04f79faa6}-32] - (%ProgramFiles(x86)%\Windows Media Player) - wmplayer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999}] - (C:\Program Files (x86)\Internet Explorer) - iedw.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{78c7b664-c9bf-4ce9-8b3a-b05d442e451e}] - (C:\Windows\SysWOW64\) - CertEnrollCtrl.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7aaae723-5fb5-4b2d-9327-75519f336825}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEFE841-DCA1-4A95-80CB-BE935D020300}] - (C:\Program Files (x86)\Battlelog Web Plugins) - esnlauncher4.exe : C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\ESNLaunchAx.ocx
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7eb01fb2-f185-445a-94e4-ec4e1ba2202c}] - (C:\Windows\SysWOW64) - verclsid.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}] - (C:\Program Files (x86)\Google\GoogleToolbarNotifier) - GoogleToolbarNotifier.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{85fc331e-bb64-4c53-ba25-3d8a956c02fd}] - (C:\Windows\SysWOW64) - ctfmon.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{877467C0-F9E4-4561-84F0-65AA7539833C}] - (C:\Windows\SysWOW64) - CredentialUIBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}] - (C:\Windows) - helppane.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D13E03F-8289-4c15-A84F-7A8F655C830A}] - (C:\Program Files\Microsoft Office 15\root\Office15\) - NAMECONTROLSERVER.EXE : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D2A5716-2205-4EB2-8443-03AB6B9F4B3B}] - (C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\) - FMSIX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95a4104c-1c49-4c2a-9830-1be0f47e926c}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}] - (C:\Program Files (x86)\adobe\acrobat 7.0\Acrobat Elements) - Acrobat Elements.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a1ad1bbb-3b33-4260-a74c-5fd8bc1479fc}] - (C:\Windows) - splwow64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5054EC7-B9CB-4ad5-9F95-D8171A6D6BFA}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a5a2d52a-4944-47c4-a3e0-8bd92e14d953}] - (C:\Windows\SysWOW64\xpsviewer) - xpsviewer.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAD4AE2E-D834-46D4-8B09-490FAC9C722B}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{aff735eb-cdf9-4894-aa69-3e3131128618}] - (C:\Windows\SysWOW64) - cmd.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}] - (%systemroot%\system32) - TSWbPrxy.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD18A03F-31CC-4CC0-B52D-9E199122923D}] - () -  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] - (C:\Program Files (x86)\Google\Update\1.3.30.3) - GoogleUpdateBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] - (C:\Program Files (x86)\Google\Update\1.3.30.3) - GoogleUpdateWebPlugin.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AEC-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C8999AED-AECE-4E27-9BCB-5358B13F9FF9}] - (C:\Windows\Microsoft.NET\Framework64\v4.0.30319\) - dfsvc.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88}] - (C:\Program Files (x86)\DivX\DivX OVS Helper) - OVSHelperBroker.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{dc6bf185-7ae4-444e-8c35-e447b0d2bd1e}] - (C:\Windows\SysWOW64) - notepad.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD993BDC-06E0-4131-B889-DD3B9AEBE253}] - (C:\Program Files\Microsoft Office 15\root\Office15\) - IEContentService.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e5f90a07-7db7-4dcb-bd6d-d3fecd376ca3}] - (C:\Program Files (x86)\adobe\acrobat 6.0\reader) - acrord32.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}] - (C:\Program Files (x86)\Google\Google Toolbar) - GoogleToolbarUser_64.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{eee261cc-4b3e-46e7-affb-61f297155bf2}] - (C:\Windows\SysWOW64) - presentationhost.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FAF199D2-BFA7-4394-A4DE-044A08E59B32}] - (C:\Windows\SysWOW64\Macromed\Flash) - FlashUtil32_21_0_0_242_ActiveX.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{fb9e068b-c612-4fa8-bdb9-d728a716a420}] - (C:\Program Files (x86)\adobe\acrobat 6.0\Acrobat) - acrobat.exe : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC201F08-1B67-48A3-BDB9-9F4DAE9BC50B}] - (C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\) - kldw.exe : 

---------- | Ext\Settings

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] :  : C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9}] :  : 

---------- | Ext\Stats

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D0F7ED5-9F2C-4240-9D0C-00092D294CD2}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{22D6F312-B0F6-11D0-94AB-0080C74C7E95}] :  : C:\Windows\SysWOW64\wmpdxm.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25336920-03F9-11CF-8FD0-00AA00686F13}] :  : C:\Windows\SysWOW64\mshtml.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2933BF90-7B36-11D2-B20E-00C04F983E60}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6BF52A52-394A-11D3-B153-00C04F79FAA6}] :  : %SystemRoot%\system32\wmp.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{740E50B9-8CDB-4A47-A519-E6F99D97CD4C}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AEFE841-DCA1-4A95-80CB-BE935D020300}] :  : C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\ESNLaunchAx.ocx
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8856F961-340A-11D0-A96B-00C04FD705A2}] :  : C:\Windows\SysWOW64\ieframe.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A05-F192-11D4-A65F-0040963251E5}] :  : %SystemRoot%\System32\msxml6.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{88D96A0A-F192-11D4-A65F-0040963251E5}] :  : %SystemRoot%\System32\msxml6.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] :  : C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}] :  : C:\Windows\SysWOW64\Macromed\Flash\Flash32_21_0_0_242.ocx
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}] :  : 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBA7A1E6-E69D-4BA5-B291-95782A004604}] :  : C:\PROGRA~2\BATTLE~1\Sonar\070~1.4\SonarAx.ocx
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5078F32-C551-11D3-89B9-0000F81FE221}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F11-9C73-11D3-B32E-00C04F990BB4}] :  : %SystemRoot%\System32\msxml3.dll
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6D90F16-9C73-11D3-B32E-00C04F990BB4}] :  : %SystemRoot%\System32\msxml3.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{102AC6CF-0B45-4471-B90B-23439C3C52BA}] :  : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\IntelWebAPIIPTActiveX.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}] :  : 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C442AC41-9200-4770-8CC0-7CDB4F245C55}] :  : 

---------- | Browser Helper Objects

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] -> (Java(tm) Plug-In SSV Helper) :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL  [26/07/2016 13:43:07]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}] -> () :   
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] -> (Java(tm) Plug-In 2 SSV Helper) :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}] -> () :   
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] -> (Office Document Cache Handler) : C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL  [26/07/2016 13:43:07]

---------- | Chrome

C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf =  : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo =  : Google & co - http://www.youtube.com - http://www.youtube.com - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap =  : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi =  :     __MSG_extDesc__ -     __MSG_extName__ - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl =  :     Quickly access Skype for Web and Share on Skype through your browser -     Skype - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda =  : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia =  : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

[HKLM\Software\WOW6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl]

---------- | Opera


---------- | Firefox


[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin] - (Facebook Video Calling Plugin) : C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
[HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 19.0.0.226 Plugin) : C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll
[HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] - (DivX VOD Helper Plug-in) : C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.101.2] - (Java™ Deployment Toolkit) : C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll
[HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.101.2] - (Oracle® Next Generation Java™ Plug-In) : C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@adobe.com/FlashPlayer] - (Adobe® Flash® Player 19.0.0.226 Plugin) : C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=] - (iTunes Detector Plug-in) : 
[HKLM\Software\WOW6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0] - () : C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0] - (DivX VOD Helper Plug-in) : C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0] - (DivX Web Player) : C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4] - (ESN Sonar browser plugin) : C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@esn/esnlaunch,version=2.3.0] - () : C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5] - (Intel IPT WebApi plugin) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater] - (This plugin updates Intel WebAPI component) : C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0] - (Microsoft SharePoint Plug-in for Firefox) : C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVision] - (NVIDIA stereo images plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming] - (NVIDIA 3D Vision Streaming plugin for Mozilla browsers) : C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin] - (This plugin detects and launches Pando Media Booster) : C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKLM\Software\WOW6432Node\MozillaPlugins\@raidcall.en/RCplugin] - (Raidcall plugin) : C:\Users\Sambone\AppData\Roaming\raidcall\plugins\nprcplugin.dll


C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default\Prefs.js

user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("browser.startup.homepage_override.buildID", "20150402191859");
user_pref("browser.startup.homepage_override.mstone", "37.0.1");
user_pref("extensions.Oasis Space.asul", "1465684456274");
user_pref("extensions.Oasis Space.aul", "1460073790537");
user_pref("extensions.Oasis Space.irl", true);
user_pref("extensions.Oasis Space.is", "thin");
user_pref("extensions.Oasis Space.ug", "228b905c-8147-821c-3bab-3d992dcc221e");
user_pref("extensions.blocklist.pingCountTotal", 42);
user_pref("extensions.blocklist.pingCountVersion", 3);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 16);
user_pref("extensions.enabledAddons", "%7B7f4b8170-aac1-4ebe-8a09-2cce22f7ab00%7D:1.0.1,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:37.0.1");
user_pref("extensions.getAddons.cache.lastUpdate", 1460074139);
user_pref("extensions.getAddons.databaseSchema", 5);
user_pref("extensions.hotfix.lastVersion", "20150402.01");
user_pref("extensions.lastAppVersion", "37.0.1");
user_pref("extensions.lastPlatformVersion", "37.0.1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.xpiState", "{\"app-profile\":{\"{7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}\":{\"d\":\"C:\\\\Users\\\\Sambone\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\s6mcv95a.default\\\\extensions\\\\{7f4b8170-aac1-4ebe-8a09-2cce22f7ab00}.xpi\",\"e\":true,\"v\":\"1.0.1\",\"st\":1447202633034}},\"app-global\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"d\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"e\":true,\"v\":\"37.0.1\",\"st\":1446874325426,\"mt\":1446874325139}}}");

---------- | Active Connections

  TCP    127.0.0.1:1029         Sambone-PC:5354        ESTABLISHED     1696
  TCP    127.0.0.1:1030         Sambone-PC:5354        ESTABLISHED     1696
  TCP    127.0.0.1:1137         Sambone-PC:65001       ESTABLISHED     2748
  TCP    127.0.0.1:5354         Sambone-PC:1029        ESTABLISHED     1760
  TCP    127.0.0.1:5354         Sambone-PC:1030        ESTABLISHED     1760
  TCP    127.0.0.1:65001        Sambone-PC:1137        ESTABLISHED     2748
  TCP    192.168.1.2:1435       Sambone-PC:33970       TIME_WAIT       0

---------- | DNS

[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet001\services\Tcpip\Parameters\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\ControlSet002\services\Tcpip\Parameters\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}]
"DhcpNameServer"=192.168.1.1
[HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5519DE55-46DC-4524-984E-7F8FB9C4A811}]
"DhcpNameServer"=192.168.1.1

---------- | ActiveX 

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - () - [1,1,1,9] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] - () - [11,0,9600,16428] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - () - [6,1,7601,17514] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - () - [12,0,7601,18741] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - () - [11,0,9600,0] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - () - [6,1,7601,18762] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [11,0,9600,0] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> 
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - () - [43,0,0,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,7601,18741] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,7601,18741] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] - (Internet Explorer) - [11,0,9600,16428] -  -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [6,1,7601,17514] -  -> "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,7601,18741] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [6,1,7601,17514] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7D715857-A67C-4C2F-A929-038448584D63}] - (Disable SSL3) - [11,0,9600,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -DisableSSL3
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [6,1,7601,18762] - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - (Web Platform Customizations) - [11,0,9600,0] - @C:\Windows\System32\ie4uinit.exe,-2000 -> C:\Windows\System32\ie4uinit.exe -UserConfig
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] - (Google Chrome) - [43,0,0,0] -  -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,9600,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [6,3,9600,17728] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{FEBEF00C-046D-438D-8A88-BF94A6C9E703}] - (.NET Framework) - [2,0,50727,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player) - [12,0,7601,18741] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /ShowWMP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\>{BC455173-F501-4356-804F-571FAFB6EA9A}] - (Browser Customizations) - [0,0,0,0] -  -> RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{0CE65B51-6256-48BF-9BA2-205FE622D687}] - (EIEDPLauncher) - [0,0,0,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] - (Microsoft Windows Media Player 12.0) - [12,0,7601,18741] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] - (Themes Setup) - [1,1,1,9] - @%SystemRoot%\system32\themeui.dll,-2682 -> %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{3af36230-a269-11d1-b5bf-0000f8051515}] - (Offline Browsing Pack) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] - (Microsoft Windows) - [6,1,7601,17514] -  -> "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}] - (DirectDrawEx) - [4,71,1113,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{45ea75a0-a269-11d1-b5bf-0000f8051515}] - (Internet Explorer Help) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{4f645220-306d-11d2-995d-00c04f98bbc9}] - (Microsoft Windows Script 5.6) - [5,6,0,8833] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}] - (Internet Explorer Setup Tools) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{630b1da0-b465-11d1-9948-00c04f98bbc9}] - (Browsing Enhancements) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] - (Microsoft Windows Media Player) - [12,0,7601,18741] - @%SystemRoot%\system32\wmploc.dll,-128 -> %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}] - (MSN Site Access) - [4,9,9,2] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] - (Address Book 7) - [6,1,7601,17514] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7C028AF8-F614-47B3-82DA-BA94E41B1089}] - (.NET Framework) - [2,0,50727,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}] - (.NET Framework) - [4,0,30319,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}] - (Windows Desktop Update) - [6,1,7601,18762] - @%SystemRoot%\system32\shell32.dll,-32969 -> regsvr32.exe /s /n /i:U shell32.dll
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}] - () - [] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] - () - [] -  -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}] - (Dynamic HTML Data Binding) - [11,0,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{C9E9A340-D1F1-11D0-821E-444553540600}] - (Internet Explorer Core Fonts) - [11,0,9600,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}] - (HTML Help) - [6,3,9600,17728] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}] - (Active Directory Service Interface) - [5,0,00,0] -  -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Active Setup\Installed Components\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}] - (.NET Framework) - [4,0,30319,0] -  -> 


---------- | Applications

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Classes\Applications\uTorrent.exe] : "%APPDATA%\uTorrent\uTorrent.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
[HKLM\SOFTWARE\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\ehshell.exe] : "C:\Windows\eHome\ehshell.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iexplore.exe] : "C:\Program Files\Internet Explorer\iexplore.exe" %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\iTunes.exe] : "C:\Program Files\iTunes\iTunes.exe" /open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\MSOXMLED.EXE] : "C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE15\MSOXMLED.EXE" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\notepad.exe] : %SystemRoot%\system32\NOTEPAD.EXE %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\photoviewer.dll] : %SystemRoot%\System32\rundll32.exe "%ProgramFiles%\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\PotPlayerMini64.exe] : "C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe" "%1"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wmplayer.exe] : "%ProgramFiles(x86)%\Windows Media Player\wmplayer.exe" /Open "%L"
[HKLM\SOFTWARE\WOW6432Node\Classes\Applications\wordpad.exe] : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"

---------- | DCOMApplications

Name: User Notification - AppID: {0010890e-8789-413c-adbc-48f5b511b3af}
Name: WPD Association LUA Virtual Factory - AppID: {00393519-3A67-4507-A2B8-85146167ACA7}
Name: PhotoAcquire - AppID: {00f22b16-589e-4982-a172-a51d9dcceb68}
Name: PhotoAcqHWEventHandler - AppID: {00f2b433-44e4-4d88-b2b0-2698a0a91dba}
Name: Virtual Factory for Biometrics - AppID: {0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}
Name: RemoteWakeAgentAPI - AppID: {01B7651A-AF12-4BDF-A02D-235849DC030E}
Name: PLA - AppID: {03837503-098b-11d8-9414-505054503030}
Name: CTapiLuaLib Class - AppID: {03e15b2e-cca6-451c-8fb0-1e2ee37a27dd}
Name: WPDBusEnum - AppID: {03f25b41-e981-4675-a256-27d1393e7488}
Name: Device Display Object Function Discovery Provider - AppID: {04626806-2243-4354-ab44-4ade718d09df}
Name: NvCpl - AppID: {048F26EF-2F89-46C9-99E7-481E40F3F2EC}
Name: COpenControlPanel - AppID: {06622D85-6856-4460-8DE1-A81921B41C4B}
Name: SMLUA - AppID: {0671E064-7C24-4AC0-AF10-0F3055707C32}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {06C792F8-6212-4F39-BF70-E8C0AC965C23}
Name: sppui - AppID: {0868DC9B-D9A2-4f64-9362-133CEA201299}
Name: RtkApoApi - AppID: {08B039CA-84AA-40EA-8E9C-1D9537DC415B}
Name: WIA Extension Host for 64 bit extensions - AppID: {08F646B3-5E7F-4B7A-A5CB-F95445F9F67A}
Name: PersistentZoneIdentifier - AppID: {0968e258-16c7-4dba-aa86-462dd61e31a3}
Name: Windows Media Player Rich Preview Handler - AppID: {09C5C2B5-1D32-4598-B87E-203F32BB08E3}
Name: MaxxAudioAPODll - AppID: {0A21D954-674A-4C09-806E-DB4FBE8F199C}
Name: AxInstSv - AppID: {0B15AFD8-3A99-4A6E-9975-30D66F70BD94}
Name: RASDLGLUA - AppID: {0C3B05FB-3498-40C3-9C03-4B22D735550C}
Name: %SystemRoot%\system32\appwiz.cpl - AppID: {0da7bfdf-c0a0-44eb-be82-b7a82c4721de}
Name: ehRec - AppID: {0E11CB54-4C4A-4B37-AE0B-E93CEE60E646}
Name: mcGlidHost - AppID: {0F8DD0B7-D5A6-4C0C-BA04-8A2CA3CE5EE1}
Name: FMSICompat - AppID: {0F97732A-15A6-4F2E-8C3A-84F6DD5047C3}
Name: Vista Elevated Windows Update Web Control - AppID: {11c058e0-9f3e-4c90-a459-2553f2f9e011}
Name: Sync Center Client - AppID: {1202DB60-1DAC-42C5-AED5-1ABDD432248E}
Name: Virtual Factory for DiagCpl - AppID: {12C21EA7-2EB8-4B55-9249-AC243DA8C666}
Name: AppleSoftwareUpdateAdmin - AppID: {16D99191-6280-4B33-A2F5-04805A0FC582}
Name: Sync Center Control - AppID: {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5}
Name: SBEServer - AppID: {1A26548E-BC18-4DB0-B60C-75E8491D34AB}
Name: Nv3DVStreamingIePlugin - AppID: {1AADA852-632F-4711-B201-37D27E27D3CD}
Name: DaisyWrp - AppID: {1B96A1EB-EC0D-4729-BCB4-5E50A177B3F7}
Name: FMSISvc - AppID: {1BF1C030-CE12-4A8A-A4E1-EDDCE7176799}
Name: %systemroot%\system32\lpksetup.exe - AppID: {1C749B87-568C-4865-8E73-6413F8372CE6}
Name: wpcao.dll - AppID: {1E5300BE-0762-4527-8140-C0FF22DDFC56}
Name: Office Licensing COM Server 15 - AppID: {1E886174-DC88-4B83-8BC5-66409EC75F15}
Name: rshx32.dll - AppID: {1f2e5c40-9550-11ce-99d2-00aa006e086c}
Name: ThirdPartyEapDispatcherPeerConfig - AppID: {1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}
Name: Microsoft WMI Provider Subsystem Secured Host - AppID: {1F87137D-0E7C-44d5-8C73-4EFFB68962F2}
Name: DetectionAndSharing - AppID: {1fda955b-61ff-11da-978c-0008744faab7}
Name: WatAdmin Service - AppID: {205609B7-5E08-443E-B0A7-A7AED3F3A716}
Name: Microsoft Windows WSMan Provider Host With User Settings - AppID: {209444d2-2540-495e-962c-a61ad3243526}
Name: MSDAINITIALIZE - AppID: {2206CDB0-19C1-11D1-89E0-00C04FD7A829}
Name: Sensors Sensor Configuration Helper - AppID: {2331D136-E39D-4019-92D6-7CE5579962FB}
Name: IpodService - AppID: {250DD19F-6E7F-4BA3-9E1B-69E6CDC52F30}
Name: TabBtnEx - AppID: {25351F98-BEC9-4BA0-A1F7-D9D69225E52F}
Name: OCComSDK - AppID: {257AE6D8-A9F3-4113-9AA8-5EED67D44267}
Name: Microsoft WBEM Active Scripting Event Consumer Provider - AppID: {266C72E7-62E8-11D1-AD89-00C04FD8FDFF}
Name: IMAPI2 - AppID: {273541FF-7F64-5B0F-8F00-5D77AFBE261E}
Name: netman - AppID: {27AF75ED-20D9-11D1-B1CE-00805FC1270E}
Name: rzdetmgr - AppID: {28494F0B-EC89-4BF5-A471-F1E429FA0FB7}
Name: AERTACap - AppID: {288E7ECC-EB53-45df-8EBD-72EAF9AFCB00}
Name: RasMobilityManager - AppID: {292bed96-e9ce-40f8-b71b-c313defa3a78}
Name: faultrep.dll - AppID: {2C256447-3F0D-4CBB-9D12-575BB20CDA0A}
Name: FileSystemImage - AppID: {2C941FD1-975B-59BE-A960-9A2A262853A5}
Name: rzaudiodll - AppID: {2D3D469E-BE59-4F6C-B996-AB8ED31885A0}
Name: Identity Store - AppID: {30d49246-d217-465f-b00b-ac9ddd652eb7}
Name: IPBusEnum - AppID: {344ED43D-D086-4961-86A6-1106F4ACAD9B}
Name: TabTip - AppID: {36938566-B1AA-4E77-9B3F-730CF4E996AB}
Name: DevicePairingHandler.dll - AppID: {383b69fa-5486-49da-91f5-d63c24c8e9d0}
Name: Windows Media Center Search Protocol Handler - AppID: {3B07977C-7A38-455D-AAD5-88500A360D24}
Name: EEL64A - AppID: {3D5781D9-B2FF-4396-8478-395412020995}
Name: CMLUAUTIL - AppID: {3E000D72-A845-4CD9-BD83-80C07C3B881F}
Name: Microsoft Windows Remote Shell Host - AppID: {3e5ca495-8d6a-4d1f-ad99-177b426c8b8e}
Name: CMSTPLUA - AppID: {3E5FC7F9-9A51-4367-9063-A120244FBEC7}
Name: WinInetCacheServer - AppID: {3eb3c877-1f16-487c-9050-104dbcd66683}
Name: Out Of Proc Mapi Handler - AppID: {3F5E4B87-C907-4f76-82E4-6FDF0CE90E25}
Name: MSTTS DecObj Class Surrogate - AppID: {3F6B5E16-092A-41ED-930B-0B4125D91D4E}
Name: Microsoft Windows WSMan Provider Host - AppID: {3feb2f63-0eec-4b96-84ab-da1307e0117c}
Name: HTML Application - AppID: {40AEEAB6-8FDA-41e3-9A5F-8350D4CFCA91}
Name: AERTARen - AppID: {41C98373-FE7F-4a42-B694-34CC4F979E61}
Name: InkWatson - AppID: {43332d9a-f3a9-4de4-be9a-0fa730bc311d}
Name: AccessibilityCplAdmin - AppID: {434A6274-C539-4E99-88FC-44206D942775}
Name: Add to Windows Media Player list - AppID: {45597c98-80f6-4549-84ff-752cf55e2d29}
Name: Health Key and Certificate Management - AppID: {46298684-0fd3-47f3-94b3-65650c65b36a}
Name: NvXDSync - AppID: {4680B596-CF8C-44E1-A676-4AAA819E041F}
Name: EEG64A - AppID: {47EC1E17-F30B-430b-B9C4-DF60ED501A4B}
Name: rzdevinfo - AppID: {4849BF16-A043-431F-951F-171A5E0913A7}
Name: IASDataStoreComServer - AppID: {48da6741-1bf0-4a44-8325-293086c79077}
Name: COM_SRS_HP360 - AppID: {49611624-F1A3-4AA7-8A06-0209D7D6BA92}
Name: Microsoft WBEM Unsecured Apartment - AppID: {49BD2028-1523-11D1-AD79-00C04FD8FDFF}
Name: UIAutomationCrossBitnessHook64 Class - AppID: {49f171dd-b51a-40d3-9a6c-52d674cc729d}
Name: RASGCWLUA - AppID: {4A6B8BAD-9872-4525-A812-71A52367DC17}
Name: CSISYNCCLIENT.EXE - AppID: {4B417484-ABFF-4C70-8C2F-5A729026263C}
Name: wercplsupport.dll - AppID: {4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}
Name: Shell Security Editor - AppID: {4D111E08-CBF7-4f12-A926-2C7920AF52FC}
Name: Microsoft Volume Shadow Copy Service software provider - AppID: {4db9c793-c48d-449c-9754-46027ee45c94}
Name: COM+ Event System - AppID: {4E14FBA2-2E22-11D1-9964-00C04FBBB345}
Name: ServiceModule - AppID: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
Name: ehmsas - AppID: {4EFC572D-7C9C-455C-99F3-CA4D6838E55B}
Name: upnpcont.exe - AppID: {4F0AC159-5804-4aa7-AE91-117D6E67BB9B}
Name: Shell Computer Accounts - AppID: {4f6bcd94-c2a5-42ce-8dbc-31e794be4630}
Name: WkspRT.exe - AppID: {4FCDA643-B15B-41C6-84F8-5E447F6F6D25}
Name: iTunesAdmin - AppID: {5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}
Name: HomeGroup CPL Advanced Settings Writer - AppID: {50a9ab2a-20f8-4d71-9f32-9fd305b49601}
Name: Microsoft Windows Font Folder - AppID: {50d69d24-961d-4828-9d1c-5f4717f226d1}
Name: acppage.dll - AppID: {513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}
Name: %systemroot%\system32\intl.cpl - AppID: {514B5E31-5596-422F-BE58-D804464683B5}
Name: RemoteProxyFactory32 Class - AppID: {53362C32-A296-4F2D-A2F8-FD984D08340B}
Name: RemoteProxyFactory32 Class - AppID: {53362C64-A296-4F2D-A2F8-FD984D08340B}
Name: 32-bit Preview Handler Surrogate Host - AppID: {534A1E02-D58F-44f0-B58B-36CBED287C7C}
Name: Virtual Disk Service Loader - AppID: {5364ED0E-493F-4B16-9DBF-AE486CF22660}
Name: LMS - AppID: {545C8D56-7A88-492D-B38D-559657A3DD4C}
Name: Bonjour - AppID: {56608F9C-223B-4CB6-813D-85EDCCADFB4B}
Name: ShapeCollector - AppID: {56676660-4A4D-45B0-B24E-9CF6B35E9ABF}
Name: Volume Shadow Copy Service - AppID: {56BE716B-2F76-4dfa-8702-67AE10044F0B}
Name: FaxCommon Class - AppID: {59347292-B72D-41F2-98C5-E9ACA1B247A2}
Name: PfShellExtension - AppID: {59A55EF0-525F-4276-AB62-8F7E5F230399}
Name: Authentication UI Terminal Services Bump Dialog - AppID: {59c7f6ec-7d18-412f-a68e-877982768e61}
Name: EED64A - AppID: {5C73574D-FC7B-4747-8352-143F011923A0}
Name: Virtual Factory for Display CPL - AppID: {5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}
Name: WiaWow64 - AppID: {5E1395B2-B685-44e3-8AED-E2304D85ACD1}
Name: UIAutomationCrossBitnessHook32 Class - AppID: {60a90a2f-858d-42af-8929-82be9d99e8a1}
Name: gusvc - AppID: {61E28BF8-C02B-499F-8E7A-34C1E4A1C649}
Name: Sync Center (Private) - AppID: {6295DF2D-35EE-11D1-8707-00C04FD93327}
Name: PenIMC2 - AppID: {63CE6D27-426A-41F9-8E51-549C1132DAE2}
Name: Windows Update Agent - AppID: {653C5148-4DCE-4905-9CFD-1B23662D3D9E}
Name: FwCplLUA - AppID: {6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}
Name: Found New Hardware Wizard - AppID: {658A269B-B922-4e62-B519-50B1CF0787D1}
Name: McxMdeOutputProfile - AppID: {659A3105-82A2-49F9-B7E4-263766BDF1DD}
Name: RzSurroundVADStreamingService - AppID: {67C7F35C-2264-4E44-9FA3-C8710F3C9E1F}
Name: Background Intelligent Transfer Service - AppID: {69AD4AEE-51BE-439b-A92C-86AE490E8B30}
Name: Sync Center Isolation Collection (Private) - AppID: {69F9CB25-25E2-4BE1-AB8F-07AA7CB535E8}
Name: MsRdpSessionManager - AppID: {6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}
Name: Sensors CPL Change Device Permission LUA Helper - AppID: {6CE51F75-0448-438e-B9CA-69C352A248A7}
Name: Preview Handler Surrogate Host - AppID: {6d2b5079-2f0b-48dd-ab7f-97cec514d30b}
Name: UPnPContainer - AppID: {6d8ff8e0-730d-11d4-bf42-00b0d0118b56}
Name: UPnPContainer64 - AppID: {6d8ff8e8-730d-11d4-bf42-00b0d0118b56}
Name: SPPComApi - AppID: {6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}
Name: HomeGroup UI Status - AppID: {6f33340d-8a01-473a-b75f-ded88c8360ce}
Name: IEWindows - AppID: {6f5bad87-9d5e-459f-bd03-3957407051ca}
Name: HomeGroup Provider Object - AppID: {6F7C8E8F-DC69-4e3f-BC05-439962A05FD5}
Name: Windows SideShow AutoWake Configuration Helper - AppID: {71B804C5-5577-471D-8FE5-C4A45B654EB8}
Name: McComponentHostService - AppID: {727B5BD4-FAE7-4EA7-98BD-20AC6BC25D89}
Name: Nv3DVisionIePlugin - AppID: {727C4938-C5C5-4743-B543-7E6F100CE67B}
Name: Sharing Elevated Virtual Factory - AppID: {72A7994A-3092-4054-B6BE-08FF81AEEFFC}
Name: User Profile Service DCOM server - AppID: {72E3272B-4EEA-4104-B358-1A282E4FC1AD}
Name: Microsoft WMI Provider Subsystem Host - AppID: {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}
Name: Trusted Installer Service - AppID: {752073A2-23F2-4396-85F0-8FDB879ED0ED}
Name: PenIMC4 - AppID: {7568952A-571E-4C70-BEA9-7F9004393436}
Name: Sensors CPL Change Description LUA Helper - AppID: {76AE5F57-B7C9-421f-B55E-FB25144317B6}
Name: PrintFilterPipelineSvc - AppID: {76db1bf3-e820-4765-a1b2-0b16a86b1950}
Name: XWizard Virtual Factory - AppID: {777BA81A-2498-4875-933A-3067DE883070}
Name: Network and Sharing Center Cpl Elevated Virtual Factory - AppID: {7A076CE1-4B31-452a-A4F1-0304C8738100}
Name: Shell FMIFS Wrapper - AppID: {7aa7790d-75d7-484b-98a1-3913d022091d}
Name: EapThirdPartyDllHost - AppID: {7B130458-E09C-4823-A8AF-2583DCD9AEC7}
Name: Internet Explorer Add-on Installer - AppID: {7B29F495-0F55-49F7-8885-9E8A22CE3829}
Name: WlanPrefLUA - AppID: {7C8AB6D9-8764-4033-8F62-2FE896E54B32}
Name: Microsoft Windows Remote Shell Host With User Settings - AppID: {7d378de6-ed8d-426d-91df-0273d07cd7f6}
Name: HomeGroup Printing Device Class - AppID: {7DF8EF76-D449-485f-B4EB-58DC96B31EDB}
Name: MMC Application Class - AppID: {7e0423cd-1119-0928-900c-e6d4a52a0715}
Name: wisptis - AppID: {7F429620-16D1-471E-A81A-114992148034}
Name: WlanConn - AppID: {825FC848-87F7-4F26-9EF6-43964094FF98}
Name: CustReg Class - AppID: {84D586C4-A423-11D2-B943-00C04F79D22F}
Name: APSDaemon - AppID: {85187E17-383D-4EC5-B8D6-D9466EE3DD92}
Name: Virtual Factory for Usercpl - AppID: {86d5eb8a-859f-4c7b-a76b-2bd819b7a850}
Name: CElevateWlanUi - AppID: {86F80216-5DD6-4F43-953B-35EF40A35AEE}
Name: ThirdPartyEapDispatcherPeerRuntime - AppID: {87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}
Name: Mcx2Setup Class - AppID: {893CFE8F-CD6B-412E-A2F0-10840D69E858}
Name: Windows Management and Instrumentation - AppID: {8BC3F05E-D86B-11D0-A075-00C04FB68820}
Name: TSTheme - AppID: {8be0366c-8522-40be-8b08-cb26557f2854}
Name: IASExtensionHost - AppID: {8C334A55-DDB9-491C-817E-35A6B85D2ECB}
Name: AP Client HxHelpPaneServer Class - AppID: {8cec58ae-07a1-11d9-b15e-000d56bfe6ee}
Name: Virtual Factory for Action Center CPL - AppID: {8D26D9AA-5DA8-4b95-949A-B74954A229A6}
Name: Sync Center Schedule Wizard - AppID: {8D8B8E30-C451-421B-8553-D2976AFA648C}
Name: Shell Computer Groups - AppID: {8f3080a6-af99-4f2e-a806-f3d5702a0444}
Name: SDRSVC service - AppID: {9037e3cf-1794-4af6-9c8d-92838d7a23db}
Name: Virtual Factory for Recovery - AppID: {9200689A-F979-4eea-8830-0E1D6B74821F}
Name: RtkPgExt - AppID: {92842063-1ECC-4a1a-9343-9A8E1C972E60}
Name: WMPDMCCore - AppID: {92C2A9B3-4228-438E-8A7B-EF110987764C}
Name: ServiceModule - AppID: {9465B4B4-5216-4042-9A2C-754D3BCDC410}
Name: PrintIsolationHost - AppID: {98a89e0c-1fde-4c2a-a373-b04831e6aa60}
Name: Shell Hardware Mixed Content Handler - AppID: {995C996E-D918-4a8c-A302-45719A6F4EA7}
Name: Default Location CPL Data Handler LUA Helper - AppID: {9A630456-078D-43d3-9F1D-DF7A5BC0FA44}
Name: ShellWindows - AppID: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
Name: NVXDPlcy - AppID: {9C5791C4-BCD3-48B8-A10D-CA0279320836}
Name: timedate.cpl - AppID: {9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}
Name: WSearch - AppID: {9E175B9C-F52A-11D8-B9A5-505054503030}
Name: WMLSS - AppID: {9E88EF3C-E2BB-4E5E-AFBA-565B81069D7D}
Name: rztouchdll - AppID: {9EB032F0-993D-4E35-B370-987A4A0D3EF4}
Name: RtkCfg - AppID: {A11009A7-DC01-48F8-B6AA-C4613FC5CB15}
Name: WIA Device Manager - AppID: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Name: Windows Parental Controls - AppID: {A2D8CFE7-7BA4-4bad-B86B-851376B59134}
Name: MhegVM - AppID: {A3637A1F-8CD0-4DA3-9EF5-CC0BD38AF308}
Name: CTAPO - AppID: {a42365ad-1377-4a04-9dde-1c7cb2938db6}
Name: Virtual Factory for Windows Firewall Cpl - AppID: {A4B07E49-6567-4FB8-8D39-01920E3B2357}
Name: Shell ChkdskEx Dialog - AppID: {a4c31131-ff70-4984-afd6-0609ced53ad6}
Name: rzvirtualdev - AppID: {A4C8D4F2-6AF5-4125-93F3-6013A0615A9A}
Name: Nv3DAppShExt - AppID: {A4CF1DBB-664A-4600-9CE3-96FBAA344504}
Name: WPDShextAutoplay - AppID: {A55803CC-4D53-404c-8557-FD63DBA95D24}
Name: NahimicSettingsIPC - AppID: {A5947C9B-6B8B-4CD7-B48E-0117735EC623}
Name: updaterActiveX - AppID: {A75E0259-1AE1-4046-A5CA-27B2A0DAA8A6}
Name: MsMpCom - AppID: {A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}
Name: Microsoft Windows Defender - AppID: {A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}
Name: %SystemRoot%\System32\fveui.dll - AppID: {A7A63E5C-3877-4840-8727-C1EA9D7A4D50}
Name: SysFxUi - AppID: {A7D2EC8B-B70F-434C-A0CE-0DF324805F7D}
Name: SwapAPODll - AppID: {A85F41D6-156B-470D-B505-110388968D5A}
Name: ProtectorExe - AppID: {A97CA128-6998-4F8E-807E-8ED05FADAFB0}
Name: Windows Media Player Encoder Helper Class - AppID: {A9D431C2-6D56-4727-9690-ADBE66B9184A}
Name: DEFRAGSVC service - AppID: {ab7c873b-eb14-49a6-be60-a602f80e6d22}
Name: Thumbnail Cache Out of Proc Server - AppID: {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
Name: BDEUILauncher Class - AppID: {AB93B6F1-BE76-4185-A488-A9001B105B94}
Name: TabIps - AppID: {B1445657-5A98-11d9-A4E5-00301BB132BA}
Name: NAP Agent Service - AppID: {B292921D-AF50-400c-9B75-0C57A7F29BA1}
Name: Windows Update Agent - Remote Access - AppID: {B366DEBE-645B-43A5-B865-DDD82C345492}
Name: ehRecvr - AppID: {b622553e-eadb-445e-9493-c3df5af99268}
Name: Found New Hardware Wizard - AppID: {B6A32FE6-E29D-AEAE-A608-D273E40CA34C}
Name: WIA Device Manager 2 - AppID: {B6C292BC-7C88-41EE-8B54-8EC92617E599}
Name: Com_SRS_TruSurroundHD - AppID: {B6D5C1B8-6F68-4A82-8E20-2D0F3A52BD6A}
Name: WwanAdvui - AppID: {b70cc729-28ae-11dd-9676-000000000000}
Name: Sync Center (Private) - AppID: {B8558612-DF5E-4F95-BB81-8E910B327FB2}
Name: Windows Media Player - AppID: {B8C54A54-355E-11D3-83EB-00A0C92A2F2D}
Name: NVXDApiX - AppID: {B92B577B-628A-442B-A017-E86FB518C6FD}
Name: Event Object Change 2 - AppID: {BB07BACD-CD56-4E63-A8FF-CBF0355FB9F4}
Name: SyncHost - AppID: {BBC4356A-F004-4628-A27A-E13D70412B70}
Name: Virtual Factory for Power Options Control Panel - AppID: {BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}
Name: DfsShlEx.dll - AppID: {BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}
Name: ChezSCSPI - AppID: {BF43CA5F-2276-4334-BB3D-642F3834EA23}
Name: OVSHelper - AppID: {BFEDD1F7-641C-4D64-9A6A-481A5E6BEC4F}
Name: provsvc.dll - AppID: {c2a71820-3463-498f-bab7-4798795a2ff6}
Name: ehVid - AppID: {C3812B04-E2F1-4E53-95F8-B2363C198946}
Name: cttunesvr - AppID: {C3A34354-660F-41EE-B072-2AEA5E3A80AF}
Name: Microsoft Block Level Backup Service - AppID: {C3B65D83-FB15-4e3f-BA04-097D1E2B5AC1}
Name: rzdisplaydll - AppID: {C46D625E-903C-47E8-9A21-97766EAF135C}
Name: Microsoft IMAPI - AppID: {C49F2185-50A7-11D3-9144-00104BA11C5E}
Name: BdeUISrv - AppID: {C4AB7CB7-E735-48FF-AADD-39D09668F444}
Name: HomeGroup Listener Service - AppID: {C4CDC408-581C-4480-9FFE-3B1C78D5C20D}
Name: Nap Elevated COM class - AppID: {c5bbbd35-e321-468a-9884-6708aa083f83}
Name: Nvvsvc - AppID: {C5EDFC9D-B018-41A4-9877-39AB18469C3A}
Name: TSWbPrxy.exe - AppID: {C92A9617-0EAE-4235-BD2B-84540EF1FFA9}
Name: DictationHost Class - AppID: {C945AD06-534F-460C-8CB4-17C33099AF81}
Name: Sync Infrastructure - AppID: {C947D50F-378E-4FF6-8835-FCB50305244D}
Name: netprofm - AppID: {C96887DA-A652-4426-905E-4A37546F847C}
Name: RCM - AppID: {C9F65BA8-1F8F-4382-AE27-C91FFB29275F}
Name: OpenSearch Description Create Search Connector Verb Handler - AppID: {CB1DFE3A-EDFF-4d1f-867D-8ADB02926F4B}
Name: SkypeIEPlugin - AppID: {CB487EA6-E83B-4F63-8CAE-B1B1D23DA65E}
Name: LocationDisp - AppID: {CBDC4B31-CBE4-4A5B-BECF-64B29E47D2AD}
Name: EnhancedStorageShell - AppID: {CC70FEAD-94B9-4F76-88CC-004BB068ACDF}
Name: sppui - AppID: {CCFDD24D-CEAB-458B-A4F1-F884973395DF}
Name: WcsPlugInServiceLib - AppID: {CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}
Name: Windows Media Player Burn Audio CD Handler - AppID: {cdc32574-7521-4124-90c3-8d5605a34933}
Name: Elevated-Unelevated Explorer Factory - AppID: {CDCBCFCA-3CDC-436f-A4E2-0E02075250C2}
Name: SharedAccess - AppID: {ce166e40-1e72-45b9-94c9-3b2050e8f180}
Name: ShadowPlay Server - AppID: {CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
Name: PNPXAssoc.dll - AppID: {cee8ccc9-4f6b-4469-a235-5a22869eef03}
Name: sdchange - AppID: {CF254B00-1986-4b24-A92D-463D01F7E395}
Name: SwapAPODll - AppID: {CF85F74A-E465-4fb6-898F-8F72C2B84D8E}
Name: Event Object Change - AppID: {D0565000-9DF4-11D1-A281-00C04FCA0AA7}
Name: Winmgmt MOF Compiler OOP - AppID: {D215781D-019E-4FA0-903D-0CDCDE13A4F5}
Name: %systemroot%\system32\colorui.dll - AppID: {D2E7041B-2927-42fb-8E9F-7CE93B6DC937}
Name: Windows SideShow Device Configuration Helper - AppID: {D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}
Name: Bitmap Image - AppID: {D3E34B21-9D75-101A-8C3D-00AA001A1652}
Name: ghost - AppID: {D58F39FF-953E-4F45-898F-59F243B9A523}
Name: Sync Center User Profile Notification Handler - AppID: {D63AA156-D534-4BAC-9BF1-55359CF5EC30}
Name: Bluewire unpairing elevation surrogate - AppID: {D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}
Name: rundll32.exe - AppID: {de5d803e-5d2a-4b5f-9c63-af25a465cc44}
Name: AccStore Class - AppID: {DE5DBCDC-104A-4cbc-A4D5-0C2104A142C5}
Name: MFCongestionController - AppID: {DE77B1FA-E898-42A0-B647-DFB567BFD89B}
Name: rzdevicedll - AppID: {DF07A199-BEAC-49c9-8C88-2774229BF0BA}
Name: Profile Notification Host - AppID: {E10F6C3A-F1AE-4adc-AA9D-2FE65525666E}
Name: EhEtwServer - AppID: {E1990E85-DFE4-4410-82CE-C74C57BF6E8E}
Name: RtkAPODll - AppID: {E1D2965E-D32B-4e1c-B9F1-159ACB984258}
Name: Windows Update Agent User Interface for Published Applications - AppID: {e30984f1-b02b-4c27-a40f-23d11b8c1212}
Name: Scan - AppID: {E32549C4-C2B8-4BCC-90D7-0FC3511092BB}
Name: COM_SRS_WOWHD2 - AppID: {E46D2660-D86E-4B0A-BB61-F0FFE9BBDEB5}
Name: upnphost - AppID: {E495081B-BBA5-4b89-BA3C-3B86A686B87A}
Name: TrayDesktopBand - AppID: {E6442437-6C68-4f52-94DD-2CFED267EFB9}
Name: Sensors PropertyPage Host - AppID: {E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}
Name: UICOM - AppID: {E8054D20-497D-4E16-BF41-6E69FCD381A5}
Name: wscui.cpl - AppID: {E9495B87-D950-4ab5-87A5-FF6D70BF3E90}
Name: File Prop Sheet Page Helper - AppID: {E96767E0-7EAA-45e1-8E7D-64414AFF281A}
Name: HomeGroup Provider Service - AppID: {EA022610-0748-4c24-B229-6C507EBDFDBB}
Name: %systemroot%\System32\UserAccountControlSettings.dll - AppID: {EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}
Name: ComEvents.ComServiceEvents - AppID: {ECABB0C3-7F19-11D2-978E-0000F8757E2A}
Name: ComEvents.ComSystemAppEventData - AppID: {ECABB0C6-7F19-11D2-978E-0000F8757E2A}
Name: Play with Windows Media Player - AppID: {ed1d0fdf-4414-470a-a56d-cfb68623fc58}
Name: Windows Media Player Launch - AppID: {ED6BB178-B06A-47ad-98B3-6066E0CF0147}
Name: Share Manager - AppID: {edb5f444-cb8d-445a-a523-ec5ab6ea33c7}
Name: NVXDBat - AppID: {EF73A51A-EE4A-4E16-9D3A-649245C8F44F}
Name: Windows SideShow PropertyPage Host - AppID: {F056D291-A2AB-45f7-8EE4-40454493B351}
Name: Microsoft Audio Device Graph Server - AppID: {F135BE18-BF34-4CBD-B1D5-55D49F0DEDCC}
Name: Virtual Disk Service - AppID: {F290BFB2-1864-45B1-8804-2654194A87E7}
Name: SPPSurrogate - AppID: {f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}
Name: NVIDIA.Installer2 - AppID: {F370E41B-AFAD-4B49-AFD4-0FEF3FC1375D}
Name: NDFAPI - AppID: {F3D3AA8D-EF96-4470-848E-BD70B803047A}
Name: PerfCenter Enabler - AppID: {f4be747e-45c4-4701-90f1-d49d9ac30248}
Name: sdclt - AppID: {f56b7b2a-5b5a-46d8-b6f9-d927ce34b717}
Name: Intel(R) Capability Licensing Service Interface - AppID: {F6189E3E-8B57-4CC9-B6F6-2F1FF1D1D9D4}
Name: Windows Update Agent User Interface - AppID: {f62fdd2e-66d2-423b-9a04-f71ea00f892a}
Name: WMPNSSCI - AppID: {F74BCE98-9EB4-4022-8317-11C723E5CCF8}
Name: Microsoft.Aspnet.Snapin.AspNetManagementUtility.4 - AppID: {F75B6772-91E4-4D2F-9D44-61A447109C2B}
Name: FMSIX - AppID: {F7B6A09E-0C34-4207-96A1-0C19AC442A92}
Name: logagent - AppID: {F808DF63-6049-11D1-BA20-006097D2898E}
Name: RAServer - AppID: {F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}
Name: WinInetBrokerServer - AppID: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Name: iTunes - AppID: {F98206B5-F052-4965-9FA0-85F61BC3C19D}
Name: ehSched - AppID: {FA018B44-5E9F-4875-B127-5085A1B02ABD}
Name: NCLUA - AppID: {FA1456D3-4B97-4f9c-8511-2786161DC333}
Name: VssEvent - AppID: {FAF53CC4-BD73-4E36-83F1-2B23F46E513E}
Name: Shell Hardware Mixed Content Handler Cancelled - AppID: {fb479c02-9ec4-4fed-8599-debe037452cb}
Name: RegisterControl - AppID: {FC38B7C8-9E50-497d-A387-7DEBDAD14160}
Name: appwiz.cpl - AppID: {FCC74B77-EC3E-4dd8-A80B-008A702075A9}
Name: Wordpad - AppID: {fd6c8b29-e936-4a61-8da6-b0c12ad3ba00}
Name: Shell Execute Hardware Event Handler - AppID: {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}

Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00021401-0000-0000-C000-000000000046}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{00393519-3A67-4507-A2B8-85146167ACA7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0142e4d1-fb7a-11dc-ba4a-000ffe7ab428}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{03837503-098b-11d8-9414-505054503030}" - Win32_SID.SID="S-1-5-32-559"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{04626806-2243-4354-ab44-4ade718d09df}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0671E064-7C24-4AC0-AF10-0F3055707C32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0868DC9B-D9A2-4f64-9362-133CEA201299}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0A886F29-465A-4aea-8B8E-BE926BFAE83E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0C3B05FB-3498-40C3-9C03-4B22D735550C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0da7bfdf-c0a0-44eb-be82-b7a82c4721de}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{0E11CB54-4C4A-4B37-AE0B-E93CEE60E646}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{0E11CB54-4C4A-4B37-AE0B-E93CEE60E646}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0E11CB54-4C4A-4B37-AE0B-E93CEE60E646}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0E11CB54-4C4A-4B37-AE0B-E93CEE60E646}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{0F8DD0B7-D5A6-4C0C-BA04-8A2CA3CE5EE1}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{0F8DD0B7-D5A6-4C0C-BA04-8A2CA3CE5EE1}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{0F8DD0B7-D5A6-4C0C-BA04-8A2CA3CE5EE1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{0F8DD0B7-D5A6-4C0C-BA04-8A2CA3CE5EE1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{11c058e0-9f3e-4c90-a459-2553f2f9e011}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{12C21EA7-2EB8-4B55-9249-AC243DA8C666}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{136A0DC7-DF5C-4271-A2AC-15DF1A1323F2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{16D99191-6280-4B33-A2F5-04805A0FC582}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{16D99191-6280-4B33-A2F5-04805A0FC582}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-547"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{19BCA967-D266-436f-B2D4-CBE4D4B42F96}" - Win32_SID.SID="S-1-5-32-556"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1BA783C1-2A30-4ad3-B928-A9A46C604C28}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1C749B87-568C-4865-8E73-6413F8372CE6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1E5300BE-0762-4527-8140-C0FF22DDFC56}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F15}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F15}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F15}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{1E886174-DC88-4B83-8BC5-66409EC75F15}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1f2e5c40-9550-11ce-99d2-00aa006e086c}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1F7D1BE9-7A50-40B6-A605-C4F3696F49C0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fb2a002-4c6c-4de7-85c2-cb8db9a4f728}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{1fda955b-61ff-11da-978c-0008744faab7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A716}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A716}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A716}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A716}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{205609B7-5E08-443E-B0A7-A7AED3F3A716}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{2331D136-E39D-4019-92D6-7CE5579962FB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2331D136-E39D-4019-92D6-7CE5579962FB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2331D136-E39D-4019-92D6-7CE5579962FB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{27170d71-7a40-4c8b-a3d1-64f7cbe81c66}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{292bed96-e9ce-40f8-b71b-c313defa3a78}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C256447-3F0D-4CBB-9D12-575BB20CDA0A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{2C5BC43E-3369-4C33-AB0C-BE9469677AF4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{304CE942-6E39-40D8-943A-B913C40C9CD4}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{383b69fa-5486-49da-91f5-d63c24c8e9d0}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3ad05575-8857-4850-9277-11b85bdb8e09}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E000D72-A845-4CD9-BD83-80C07C3B881F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3E5FC7F9-9A51-4367-9063-A120244FBEC7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{3F4D7BB8-4F38-4526-8CD3-C44D68689C5F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{434A6274-C539-4E99-88FC-44206D942775}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{44C39C96-0167-478F-B68D-783294A2545D}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4680B596-CF8C-44E1-A676-4AAA819E041F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4680B596-CF8C-44E1-A676-4AAA819E041F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4680B596-CF8C-44E1-A676-4AAA819E041F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4680B596-CF8C-44E1-A676-4AAA819E041F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{46C166AA-3108-11D4-9348-00C04F8EEB71}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{48da6741-1bf0-4a44-8325-293086c79077}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4A6B8BAD-9872-4525-A812-71A52367DC17}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4BC67F23-D805-4384-BCA3-6F1EDFF50E2C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{4D111E08-CBF7-4f12-A926-2C7920AF52FC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{4FCDA643-B15B-41C6-84F8-5E447F6F6D25}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5011B6DE-E9FA-4518-B5E5-45DE9DD2CDC6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50a9ab2a-20f8-4d71-9f32-9fd305b49601}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{50d69d24-961d-4828-9d1c-5f4717f226d1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{514B5E31-5596-422F-BE58-D804464683B5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{59347292-B72D-41F2-98C5-E9ACA1B247A2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{59c7f6ec-7d18-412f-a68e-877982768e61}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{5D05A4EB-54EA-4B7F-A28D-CE51F6BCBAF2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{5E1395B2-B685-44e3-8AED-E2304D85ACD1}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{60173D16-A550-47f0-A14B-C6F9E4DA0831}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{642ef9d6-48a5-476b-919a-a507cfd02c0f}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{653C5148-4DCE-4905-9CFD-1B23662D3D9E}" - Win32_SID.SID="S-1-5-32-545"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6571503D-D0FB-4D98-BBC3-1FBB2B3F344E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6B1DE8B3-DFB1-4C0E-9D9A-89CA730DE93F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6CE51F75-0448-438e-B9CA-69C352A248A7}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{6CF9B800-50DB-46B5-9218-EACF07F5E414}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{6D9A7A40-DDCA-414E-B48E-DFB032C03C1B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACC5-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7007ACD1-3202-11D1-AAD2-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{71B804C5-5577-471D-8FE5-C4A45B654EB8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{72A7994A-3092-4054-B6BE-08FF81AEEFFC}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{752073A2-23F2-4396-85F0-8FDB879ED0ED}" - Win32_SID.SID="S-1-5-6"
Win32_DCOMApplication.AppID="{76AE5F57-B7C9-421f-B55E-FB25144317B6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{76AE5F57-B7C9-421f-B55E-FB25144317B6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76AE5F57-B7C9-421f-B55E-FB25144317B6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-11"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-32-546"
Win32_DCOMApplication.AppID="{76db1bf3-e820-4765-a1b2-0b16a86b1950}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{777BA81A-2498-4875-933A-3067DE883070}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7A076CE1-4B31-452a-A4F1-0304C8738100}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7aa7790d-75d7-484b-98a1-3913d022091d}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7C8AB6D9-8764-4033-8F62-2FE896E54B32}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{7DF8EF76-D449-485f-B4EB-58DC96B31EDB}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{825FC848-87F7-4F26-9EF6-43964094FF98}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{84D586C4-A423-11D2-B943-00C04F79D22F}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86d5eb8a-859f-4c7b-a76b-2bd819b7a850}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{86F80216-5DD6-4F43-953B-35EF40A35AEE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{87BB326B-E4A0-4DE1-94F0-B9F41D0C6059}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{893CFE8F-CD6B-412E-A2F0-10840D69E858}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{893CFE8F-CD6B-412E-A2F0-10840D69E858}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{893CFE8F-CD6B-412E-A2F0-10840D69E858}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8be0366c-8522-40be-8b08-cb26557f2854}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C334A55-DDB9-491C-817E-35A6B85D2ECB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8C482DCE-2644-4419-AEFF-189219F916B9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8cec58ae-07a1-11d9-b15e-000d56bfe6ee}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{8D26D9AA-5DA8-4b95-949A-B74954A229A6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9200689A-F979-4eea-8830-0E1D6B74821F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-1-0"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{98a89e0c-1fde-4c2a-a373-b04831e6aa60}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9A630456-078D-43d3-9F1D-DF7A5BC0FA44}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{9df523b0-a6c0-4ea9-b5f1-f4565c3ac8b8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A1F4E726-8CF1-11D1-BF92-0060081ED811}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A2D8CFE7-7BA4-4bad-B86B-851376B59134}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A4B07E49-6567-4FB8-8D39-01920E3B2357}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{a4c31131-ff70-4984-afd6-0609ced53ad6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48E6-9EC9-DCBA9A39BF00}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A79DB36D-6218-48e6-9EC9-DCBA9A39BF0F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B366DEBE-645B-43A5-B865-DDD82C345492}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{b622553e-eadb-445e-9493-c3df5af99268}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{b622553e-eadb-445e-9493-c3df5af99268}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{b622553e-eadb-445e-9493-c3df5af99268}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b622553e-eadb-445e-9493-c3df5af99268}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{B6C292BC-7C88-41EE-8B54-8EC92617E599}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{b70cc729-28ae-11dd-9676-000000000000}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{B8C54A54-355E-11D3-83EB-00A0C92A2F2D}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BA126F01-2166-11D1-B1D0-00805FC1270E}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BBD8C065-5E6C-4e88-BFD7-BE3E6D1C063B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{BCEA735B-4DAC-4B71-9C47-1D560AFD2A9B}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C100BEBB-D33A-4a4b-BF23-BBEF4663D017}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c2a71820-3463-498f-bab7-4798795a2ff6}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C3812B04-E2F1-4E53-95F8-B2363C198946}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{C3812B04-E2F1-4E53-95F8-B2363C198946}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{C3812B04-E2F1-4E53-95F8-B2363C198946}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3812B04-E2F1-4E53-95F8-B2363C198946}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C3A34354-660F-41EE-B072-2AEA5E3A80AF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{c5bbbd35-e321-468a-9884-6708aa083f83}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C5EDFC9D-B018-41A4-9877-39AB18469C3A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{C5EDFC9D-B018-41A4-9877-39AB18469C3A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{C5EDFC9D-B018-41A4-9877-39AB18469C3A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{C5EDFC9D-B018-41A4-9877-39AB18469C3A}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{C92A9617-0EAE-4235-BD2B-84540EF1FFA9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{CCFDD24D-CEAB-458B-A4F1-F884973395DF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{CD11FAB6-1C0E-45e1-BA31-5C6008EF2607}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{cee8ccc9-4f6b-4469-a235-5a22869eef03}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{CF254B00-1986-4b24-A92D-463D01F7E395}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D215781D-019E-4FA0-903D-0CDCDE13A4F5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{D3667F1E-CCB8-4A69-99DF-59A2B2A6753F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{D88EC52B-8D57-49e1-9EB3-4D267D68A2AE}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{DCED8DB0-11A5-4b16-AB9D-4E28CA38C99F}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{de5d803e-5d2a-4b5f-9c63-af25a465cc44}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{e30984f1-b02b-4c27-a40f-23d11b8c1212}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E7F34D0A-582E-4a48-98BA-6E58AAA3AD4C}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E8054D20-497D-4E16-BF41-6E69FCD381A5}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{E9495B87-D950-4ab5-87A5-FF6D70BF3E90}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA022610-0748-4c24-B229-6C507EBDFDBB}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EA2C6B24-C590-457B-BAC8-4A0F9B13B5B8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{EC9846B3-2762-4A6B-A214-6ACB603462D2}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F056D291-A2AB-45f7-8EE4-40454493B351}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-32-551"
Win32_DCOMApplication.AppID="{F290BFB2-1864-45B1-8804-2654194A87E7}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f32d97df-e3e5-4cb9-9e3e-0eb5b4e49801}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F3D3AA8D-EF96-4470-848E-BD70B803047A}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f4be747e-45c4-4701-90f1-d49d9ac30248}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f62fdd2e-66d2-423b-9a04-f71ea00f892a}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-80-364023826-931424190-487969545-1024119571-74567675"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{f735e733-d681-4aef-83c1-7ec82cac5ecc}" - Win32_SID.SID="S-1-5-32-544"
Win32_DCOMApplication.AppID="{F8FD03A6-DDD9-4C1B-84EE-58159476A0D7}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{F9717507-6651-4EDB-BFF7-AE615179BCCF}" - Win32_SID.SID="S-1-15-2-1"
Win32_DCOMApplication.AppID="{FA018B44-5E9F-4875-B127-5085A1B02ABD}" - Win32_SID.SID="S-1-5-19"
Win32_DCOMApplication.AppID="{FA018B44-5E9F-4875-B127-5085A1B02ABD}" - Win32_SID.SID="S-1-5-20"
Win32_DCOMApplication.AppID="{FA018B44-5E9F-4875-B127-5085A1B02ABD}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA018B44-5E9F-4875-B127-5085A1B02ABD}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FA1456D3-4B97-4f9c-8511-2786161DC333}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FBF23B40-E3F0-101B-8488-00AA003E56F8}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-18"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{FCC74B77-EC3E-4dd8-A80B-008A702075A9}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-4"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-10"
Win32_DCOMApplication.AppID="{ff9e6131-a8c1-4188-aa03-82e9f10a05a8}" - Win32_SID.SID="S-1-5-18"

---------- | Svchost - Netsvcs (Whitelisted)

Term -  : 

---------- | Software


[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\AppDataLow]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Apple Computer, Inc.]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Apple Inc.]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\BitTorrent]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Blizzard Entertainment]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Bugsplat]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Caphyon]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Chromium]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Clients]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Creative Tech]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\csastats]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Curse]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Daum]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\DaumGames EU]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Device Doctor]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\DivX]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\DivXNetworks]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Dodge Roll]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Electronic Arts]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Epic Games]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Facebook]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Fraps3]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\g3n-h@ckm@n]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Gaijin]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Google]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\IM Providers]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\INCAInternet]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Intel]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\JavaSoft]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\KasperskyLab]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Logitech]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Macromedia]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\MainConcept]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\MCAFEE]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\McAfeeInstaller]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Michael Herf]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft Studios]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Mozilla]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\MozillaPlugins]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Mumble]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Netscape]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\NVIDIA Corporation]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\ODBC]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Piriform]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\PlaysTV]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\PlutoTV]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Policies]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\PolySoft]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\PureLeads]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\QtProject]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\RAZER]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Realtek]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Skype]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\SkypeRS]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Spotify]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\sysinternals]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\System Requirements Lab]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Trolltech]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Unity]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Valve]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Ventrilo]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Volition]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Wow6432Node]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\{B2CB09FF-2453-4f85-9F40-21C05BE4CBA8}]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\AppDataLow\Software\JavaSoft]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\AppDataLow\Software\Microsoft]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\DWM]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\Shell]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\ShellNoRoam]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\TabletPC]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\Windows Error Reporting]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows NT\CurrentVersion]


[HKLM\Software\AdsFix]
[HKLM\Software\AGEIA Technologies]
[HKLM\Software\Alienware]
[HKLM\Software\Apple Computer, Inc.]
[HKLM\Software\Apple Inc.]
[HKLM\Software\ATI Technologies]
[HKLM\Software\CBSTEST]
[HKLM\Software\Clients]
[HKLM\Software\CPUID]
[HKLM\Software\Creative Tech]
[HKLM\Software\DAUM]
[HKLM\Software\DivX]
[HKLM\Software\EA Games]
[HKLM\Software\Futuremark]
[HKLM\Software\g3n-h@ckm@n]
[HKLM\Software\Google]
[HKLM\Software\IM Providers]
[HKLM\Software\Intel]
[HKLM\Software\JavaSoft]
[HKLM\Software\JreMetrics]
[HKLM\Software\Khronos]
[HKLM\Software\Logitech]
[HKLM\Software\Macromedia]
[HKLM\Software\McAfee]
[HKLM\Software\McAfeeInstaller]
[HKLM\Software\mcafeeupdater]
[HKLM\Software\Microsoft]
[HKLM\Software\Mozilla]
[HKLM\Software\MozillaPlugins]
[HKLM\Software\Nuance]
[HKLM\Software\NVIDIA Corporation]
[HKLM\Software\ODBC]
[HKLM\Software\Piriform]
[HKLM\Software\Policies]
[HKLM\Software\Realtek]
[HKLM\Software\RegisteredApplications]
[HKLM\Software\RTLSetup]
[HKLM\Software\Sonic]
[HKLM\Software\SRS Labs]
[HKLM\Software\Sysinternals]
[HKLM\Software\Waves Audio]
[HKLM\Software\Wow6432Node]
[HKLM\Software\Microsoft\Windows\CurrentVersion]
[HKLM\Software\Microsoft\Windows\HTML Help]
[HKLM\Software\Microsoft\Windows\ITStorage]
[HKLM\Software\Microsoft\Windows\ScheduledDiagnostics]
[HKLM\Software\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\Microsoft\Windows\Tablet PC]
[HKLM\Software\Microsoft\Windows\TabletPC]
[HKLM\Software\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\Microsoft\Windows\Windows Search]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\AxInstSVGroup]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\defragsvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\SDRSVC]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\swprv]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\wercplsupport]

[HKLM\Software\WOW6432Node\AGEIA Technologies]
[HKLM\Software\WOW6432Node\Apple Inc.]
[HKLM\Software\WOW6432Node\Bethesda Softworks]
[HKLM\Software\WOW6432Node\BioWare]
[HKLM\Software\WOW6432Node\Blizzard Entertainment]
[HKLM\Software\WOW6432Node\Caphyon]
[HKLM\Software\WOW6432Node\Creative Tech]
[HKLM\Software\WOW6432Node\DivX]
[HKLM\Software\WOW6432Node\DSDCS]
[HKLM\Software\WOW6432Node\Dyn]
[HKLM\Software\WOW6432Node\EA Games]
[HKLM\Software\WOW6432Node\EasyAntiCheat]
[HKLM\Software\WOW6432Node\Electronic Arts]
[HKLM\Software\WOW6432Node\EpicGames]
[HKLM\Software\WOW6432Node\ESN Launcher]
[HKLM\Software\WOW6432Node\ESN Sonar-0.70.4]
[HKLM\Software\WOW6432Node\Fraps]
[HKLM\Software\WOW6432Node\Futuremark]
[HKLM\Software\WOW6432Node\Futuremark Corporation]
[HKLM\Software\WOW6432Node\Google]
[HKLM\Software\WOW6432Node\Hi-Rez Studios]
[HKLM\Software\WOW6432Node\HiRez Studios]
[HKLM\Software\WOW6432Node\IM Providers]
[HKLM\Software\WOW6432Node\Intel]
[HKLM\Software\WOW6432Node\IObit]
[HKLM\Software\WOW6432Node\JavaSoft]
[HKLM\Software\WOW6432Node\JreMetrics]
[HKLM\Software\WOW6432Node\KasperskyLab]
[HKLM\Software\WOW6432Node\Khronos]
[HKLM\Software\WOW6432Node\Macromedia]
[HKLM\Software\WOW6432Node\Malwarebytes' Anti-Malware]
[HKLM\Software\WOW6432Node\McAfee]
[HKLM\Software\WOW6432Node\McAfee.com]
[HKLM\Software\WOW6432Node\Microsoft]
[HKLM\Software\WOW6432Node\Mozilla]
[HKLM\Software\WOW6432Node\mozilla.org]
[HKLM\Software\WOW6432Node\MozillaPlugins]
[HKLM\Software\WOW6432Node\MSI]
[HKLM\Software\WOW6432Node\namco bandai games]
[HKLM\Software\WOW6432Node\NCWest]
[HKLM\Software\WOW6432Node\Nuance]
[HKLM\Software\WOW6432Node\NVIDIA Corporation]
[HKLM\Software\WOW6432Node\ODBC]
[HKLM\Software\WOW6432Node\Origin]
[HKLM\Software\WOW6432Node\Origin Games]
[HKLM\Software\WOW6432Node\PlaysTV]
[HKLM\Software\WOW6432Node\raidcall]
[HKLM\Software\WOW6432Node\Raptr]
[HKLM\Software\WOW6432Node\Razer]
[HKLM\Software\WOW6432Node\RCEN]
[HKLM\Software\WOW6432Node\Realtek]
[HKLM\Software\WOW6432Node\Realtek Semiconductor Corp.]
[HKLM\Software\WOW6432Node\Riot Games]
[HKLM\Software\WOW6432Node\Skype]
[HKLM\Software\WOW6432Node\TeamSpeak 3 Client]
[HKLM\Software\WOW6432Node\Ubisoft]
[HKLM\Software\WOW6432Node\Valve]
[HKLM\Software\WOW6432Node\Clients]
[HKLM\Software\WOW6432Node\Even Balance]
[HKLM\Software\WOW6432Node\Policies]
[HKLM\Software\WOW6432Node\RegisteredApplications]
[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows\HTML Help]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ITStorage]
[HKLM\Software\WOW6432Node\Microsoft\Windows\ScriptedDiagnosticsProvider]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Error Reporting]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Windows Search]
[HKLM\Software\WOW6432Node\Microsoft\Windows\Tablet PC]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceAndNoImpersonation]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalServiceNoNetwork]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalSystemNetworkRestricted]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkService]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopHyperVAgent]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\NetworkServiceRemoteDesktopPublishing]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\wcssvc]


---------- | FeatureControl

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"utorrentie.exe"="9000"
"PotPlayerMini64.exe"="11000"
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_CROSS_DOMAIN_REDIRECT_MITIGATION]
"utorrentie.exe"="0"
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SCRIPTURL_MITIGATION]
"utorrentie.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_96DPI_PIXEL]
"WindowsAnytimeUpgradeUI.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"="8000"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"iexplore.exe"="1"
"*"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGuiIT.exe"="0"
"SAPGUI.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="0"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"winmail.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"
"ehExtHost.exe"="1"
"OSPPSVC.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ACTIVEX_REPURPOSEDETECTION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ADDON_MANAGEMENT]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"infopath.exe"="0"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_INPUT_PROMPTS]
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_IMG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_OBJECT]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BLOCK_LMZ_SCRIPT]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"prevhost.exe"="8000"
"Skype.exe"="10001"
"SkypeBrowserHost.exe"="10001"
"mbam.exe"="11000"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_ISO_2022_JP_SNIFFING]
"iexplore.exe"="1"
"*"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_LEGACY_COMPRESSION]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL]
"*"="1"
"explorer.exe"="1"
"iexplore.exe"="1"
"SAPfewgsrv.exe"="0"
"SAPGuiIT.exe"="0"
"SAPGUI.exe"="0"
"SAPLgPad.exe"="0"
"SAPLOGON.exe"="0"
"Scale_for_R3.exe"="0"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_SQM_UPLOAD_FOR_APP]
"ieuser.exe"="1"
"iexplore.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_TELNET_PROTOCOL]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT]
"devenv.exe"="1"
"dexplore.exe"="1"
"helppane.exe"="1"
"PresentationHost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FEEDS]
"msfeedssync.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_FORCE_ADDR_AND_STATUS]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HIGH_CONTRAST_BACKGROUND_IMAGES]
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IGNORE_XML_PROLOG]
""=""
"msiexec.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_IMAGING_USE_ART]
"wm.exe"="1"
"cs.exe"="1"
"waol.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_INTERNET_SHELL_FOLDERS]
"iexplore.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DISPPARAMS]
"helppane.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LEGACY_DLCONTROL_BEHAVIORS]
"wlmail.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"PresentationHost.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPER1_0SERVER]
"explorer.exe"="4"
"Skype.exe"="6"
"SkypeBrowserHost.exe"="6"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MAXCONNECTIONSPERSERVER]
"explorer.exe"="2"
"Skype.exe"="6"
"SkypeBrowserHost.exe"="6"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_SNIFFING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MSHTML_AUTOLOAD_IEFRAME]
"mshta.exe"="1"
"outlook.exe"="1"
"sidebar.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_OBJECT_CACHING]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="0"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_PROTOCOL_LOCKDOWN]
"explorer.exe"="0"
"iexplore.exe"="0"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
"communicator.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ABOUT_PROTOCOL_IE7]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_ACTIVEXINSTALL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_FILEDOWNLOAD]
"msimn.exe"="1"
"winmail.exe"="1"
"prevhost.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_OBJECT_DATA_ATTRIBUTE]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RESTRICT_RES_TO_LMZ]
"prevhost.exe"="1"
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SECURITYBAND]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
"prevhost.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHOW_APP_PROTOCOL_WARN_DIALOG]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SSLUX]
"PresentationHost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SUBDOWNLOAD_LOCKDOWN]
"winmail.exe"="1"
"msimn.exe"="1"
"outlook.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_UNC_SAVEDFILECHECK]
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_USE_WINDOWEDSELECTCONTROL]
"infopath.exe"="1"
"winword.exe"="1"
"excel.exe"="1"
"powerpnt.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_VALIDATE_NAVIGATE_URL]
"prevhost.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WARN_ON_SEC_CERT_REV_FAILED]
"mbam.exe"="0"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_MOVESIZECHILD]
"msn.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WEBOC_POPUPMANAGEMENT]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_WINDOW_RESTRICTIONS]
"explorer.exe"="1"
"iexplore.exe"="1"
"wmplayer.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_XSSFILTER]
"iexplore.exe"="1"
"prevhost.exe"="1"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ZONE_ELEVATION]
"explorer.exe"="1"
"iexplore.exe"="1"
"prevhost.exe"="1"
"PresentationHost.exe"="1"
"wmplayer.exe"="1"
"ehexthost32.exe"="1"
"CMigrate.exe"="1"
"OSE.EXE"="1"
"VSTOInstaller.exe"="1"
"LICLUA.EXE"="1"
"OSPPREARM.EXE"="1"

---------- | The Created last ones ¦ Modified

[MD5.00000000000000000000000000000000] - [20/07/2016 19:39:29] - |D| - [10533353] - C:\Program Files (x86)\CrystalDiskInfo
[MD5.00000000000000000000000000000000] - [20/07/2016 11:33:09] - |D| - [4798747] - C:\Program Files (x86)\Device Doctor
[MD5.00000000000000000000000000000000] - [24/07/2016 21:11:17] - |D| - [3611458] - C:\Program Files (x86)\Futuremark
[MD5.00000000000000000000000000000000] - [20/07/2016 19:31:16] - |D| - [83389767] - C:\Program Files (x86)\OCCTPT
[MD5.00000000000000000000000000000000] - [13/07/2016 11:31:02] - |D| - [6716136782] - C:\Program Files (x86)\Overwatch Test
[MD5.254427ACD94765DAA790B85D6ED3CC4D] - [23/07/2016 21:44:23] - |A| - [18931] - C:\Windows\DirectX.log
[MD5.A3C5FCDB11663329A30E1C144791A82C] - [26/07/2016 14:38:22] - |A| - [59219968] - C:\Windows\Installer\28d51e.msi
[MD5.704323BA430C8C86A94C73F6E39369BC] - [26/07/2016 14:43:38] - |A| - [770048] - C:\Windows\Installer\28d5ef.msi
[MD5.078322AB7656049C26D842A75B19EB56] - [26/07/2016 13:42:41] - |A| - [53248] - C:\Windows\Installer\2f839.msi
[MD5.A1A9C6E8C72406FF3267617DBB063C0D] - [26/07/2016 13:42:43] - |A| - [11186176] - C:\Windows\Installer\2f8ce.msi
[MD5.74004DCFE3B46ABBCC196972CDE0141A] - [26/07/2016 13:42:37] - |A| - [11948032] - C:\Windows\Installer\83f50.msi
[MD5.FFB578C9DAB3CF2F9315BE5FD1C8AA47] - [26/07/2016 13:55:57] - |A| - [2523306] - C:\Windows\Installer\MSI7B08.tmp
[MD5.E12D0E5BE82A81D7312682F6B5566304] - [26/07/2016 13:56:03] - |A| - [538824] - C:\Windows\Installer\MSI92C4.tmp
[MD5.201D538A7EB449463D985272F8CEA31F] - [22/07/2016 18:18:33] - |A| - [20480] - C:\Windows\Installer\SourceHash{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
[MD5.3BECCCF66C398F2F4C02AC7B266F8F93] - [26/07/2016 14:41:07] - |A| - [20480] - C:\Windows\Installer\SourceHash{26A24AE4-039D-4CA4-87B4-2F64180101F0}
[MD5.B378C9FA69FF3B5280925516A56D6EC5] - [22/07/2016 18:18:23] - |A| - [20480] - C:\Windows\Installer\SourceHash{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
[MD5.78B1DD0BE630C276E98347088A76CE30] - [25/07/2016 23:53:26] - |A| - [594] - C:\Windows\system32\nv-vk64.json
[MD5.A2A75DBA92FA0F70837F05127E73A82F] - [25/07/2016 23:54:21] - |A| - [547896] - C:\Windows\system32\nv3dappshext.dll
[MD5.456F0B907C8B16028E467DC43F0C2BBA] - [25/07/2016 23:54:21] - |A| - [81856] - C:\Windows\system32\nv3dappshextr.dll
[MD5.7FAB39924DF7C7220DBA1F600107C6DC] - [25/07/2016 23:55:17] - |A| - [1887800] - C:\Windows\system32\NvCamera64.dll
[MD5.D23AA49C9F00120B6E3CC40466D258CC] - [26/07/2016 14:21:07] - |A| - [39977920] - C:\Windows\system32\nvcompiler.dll
[MD5.DD34EBE0060036AB633EE3487AC9CB36] - [25/07/2016 23:43:07] - |A| - [7211925] - C:\Windows\system32\nvcoproc.bin
[MD5.36630E1B4F0BAE395DFF9793E75A38AF] - [25/07/2016 23:43:07] - |A| - [6384064] - C:\Windows\system32\nvcpl.dll
[MD5.A1804375621823D8B4777898933E0EAD] - [26/07/2016 14:21:07] - |A| - [10234336] - C:\Windows\system32\nvcuda.dll
[MD5.71A9B677C3A980FA1535E81DE05F2619] - [26/07/2016 14:21:07] - |A| - [3542072] - C:\Windows\system32\nvcuvid.dll
[MD5.1AD2DF3F1AECDF8D55D26DD73E55443F] - [26/07/2016 14:21:07] - |A| - [17321352] - C:\Windows\system32\nvd3dumx.dll
[MD5.EF178B300BE7AA265CF0F12950E51710] - [25/07/2016 23:53:26] - |A| - [1939000] - C:\Windows\system32\nvdispco6436881.dll
[MD5.CEA664031C6A4129C3D139DEA53ACB52] - [25/07/2016 23:53:26] - |A| - [1571776] - C:\Windows\system32\nvdispgenco6436881.dll
[MD5.BA34787B4CA6FDC23C0452C26630484E] - [26/07/2016 14:21:07] - |A| - [544120] - C:\Windows\system32\nvEncodeAPI64.dll
[MD5.ABE55A76C2CFF8C3B74F6827E62D37AF] - [25/07/2016 23:53:26] - |A| - [694672] - C:\Windows\system32\nvfatbinaryLoader.dll
[MD5.B04C94F20CD8D4E831DB014C4B393DFA] - [26/07/2016 14:21:07] - |A| - [1001016] - C:\Windows\system32\NvFBC64.dll
[MD5.64943463BE08BF0E13BA8B2BDAFDB267] - [24/07/2016 11:26:30] - |A| - [1579976] - C:\Windows\system32\nvhdagenco6420103.dll
[MD5.C913A207CF70A62EF962D39573966BAF] - [24/07/2016 11:26:30] - |A| - [46016] - C:\Windows\system32\nvhdap64.dll
[MD5.413F38142AC663F44733704EE011D821] - [26/07/2016 14:21:07] - |A| - [930360] - C:\Windows\system32\NvIFR64.dll
[MD5.D7174517833E8935AD94CBEDEDC072BC] - [26/07/2016 14:21:07] - |A| - [444472] - C:\Windows\system32\NvIFROpenGL.dll
[MD5.33BCAD7562F4AD2CA803BAF308A8D514] - [26/07/2016 14:21:07] - |A| - [177952] - C:\Windows\system32\nvinitx.dll
[MD5.5D229125C453AC1D6FB567E446C7A82C] - [25/07/2016 23:43:07] - |A| - [392128] - C:\Windows\system32\nvmctray.dll
[MD5.731B64BB149E40E5502D7F4AC6C07D81] - [26/07/2016 14:21:07] - |A| - [153416] - C:\Windows\system32\nvoglshim64.dll
[MD5.16BC90547C20FEE59824677260890BDF] - [26/07/2016 14:21:07] - |A| - [31640512] - C:\Windows\system32\nvoglv64.dll
[MD5.46183D59E9AFC9AD76693B851492411F] - [26/07/2016 14:21:07] - |A| - [10691632] - C:\Windows\system32\nvopencl.dll
[MD5.E1992A663628B72907E84798AACCD458] - [25/07/2016 23:53:26] - |A| - [10656112] - C:\Windows\system32\nvptxJitCompiler.dll
[MD5.2ACC0B50AFEBBB237AB01C411B33076B] - [25/07/2016 23:43:07] - |A| - [71224] - C:\Windows\system32\nvshext.dll
[MD5.5715C01BD8F8EC62FA4E9B8A4EDB1F14] - [25/07/2016 23:43:07] - |A| - [2465848] - C:\Windows\system32\nvsvc64.dll
[MD5.8739151539369ACB781F49419BA7066A] - [25/07/2016 23:43:07] - |A| - [1762752] - C:\Windows\system32\nvsvcr.dll
[MD5.3CB473E4A14098543FF5BED1EB61F75F] - [26/07/2016 14:21:07] - |A| - [490744] - C:\Windows\system32\nvumdshimx.dll
[MD5.FCD26AED0772830BE5934B902BC67030] - [25/07/2016 23:43:07] - |A| - [1364536] - C:\Windows\system32\nvvsvc.exe
[MD5.E1589266E4DA276B58582DB4CFC9556D] - [25/07/2016 23:42:52] - |A| - [213952] - C:\Windows\system32\OpenCL.dll
[MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] - [24/07/2016 11:04:48] - |A| - [76152] - C:\Windows\system32\PnkBstrA.exe
[MD5.D70BEDB9436DBCA77D3E470C1BAB373E] - [25/07/2016 23:05:57] - |A| - [130848] - C:\Windows\system32\vulkan-1.dll
[MD5.0597F21B1DCADAB5F28806671670CDE4] - [25/07/2016 23:05:57] - |A| - [45344] - C:\Windows\system32\vulkaninfo.exe
[MD5.150A43E51A708A5F38C761F1A62F9D85] - [26/07/2016 14:41:28] - |A| - [110144] - C:\Windows\system32\WindowsAccessBridge-64.dll
[MD5.62CE6D6AA873D2E4AE2F64ED89E6CD83] - [24/07/2016 11:26:29] - |A| - [214592] - C:\Windows\system32\Drivers\nvhda64v.sys
[MD5.1C5855A8A7186513BE3E301CEE171496] - [26/07/2016 14:21:07] - |A| - [13581880] - C:\Windows\system32\Drivers\nvlddmkm.sys
[MD5.E7DE1E8FD721BFD89B9F586272FBA14C] - [25/07/2016 23:53:26] - |A| - [594] - C:\Windows\syswow64\nv-vk32.json
[MD5.E3B8AE13A078F2D5FDCD4EA2B445B18E] - [25/07/2016 23:55:17] - |A| - [1595840] - C:\Windows\syswow64\NvCamera32.dll
[MD5.5198B1F394342472DB890357C75E28B3] - [26/07/2016 14:21:07] - |A| - [35115968] - C:\Windows\syswow64\nvcompiler.dll
[MD5.24E2A73189BBE0678AB884E77855A5A8] - [26/07/2016 14:21:07] - |A| - [3099072] - C:\Windows\syswow64\nvcuvid.dll
[MD5.852C1136D2E1AAA5E3BE14E3D7129422] - [26/07/2016 14:21:07] - |A| - [459320] - C:\Windows\syswow64\nvEncodeAPI.dll
[MD5.408C2BDE50A529F06D817C0211FD009A] - [25/07/2016 23:53:26] - |A| - [583736] - C:\Windows\syswow64\nvfatbinaryLoader.dll
[MD5.391D362530CE57C969E046AA35B3F705] - [26/07/2016 14:21:07] - |A| - [909880] - C:\Windows\syswow64\NvFBC.dll
[MD5.A7FE8A3776F3AA78EF19E04416F16411] - [26/07/2016 14:21:07] - |A| - [852024] - C:\Windows\syswow64\NvIFR.dll
[MD5.BF1D92C68F0AD42735A34E9ADC5C6A67] - [26/07/2016 14:21:07] - |A| - [394808] - C:\Windows\syswow64\NvIFROpenGL.dll
[MD5.C122B66E3EB4EB782A3D690C32E9914E] - [26/07/2016 14:21:07] - |A| - [155768] - C:\Windows\syswow64\nvinit.dll
[MD5.93B3222C7CE25121F493746777EE483C] - [26/07/2016 14:21:07] - |A| - [131584] - C:\Windows\syswow64\nvoglshim32.dll
[MD5.95255BAB9B7A6D9F591E0F3F4CC9DC53] - [26/07/2016 14:21:07] - |A| - [25414080] - C:\Windows\syswow64\nvoglv32.dll
[MD5.52E0F802160E4612320A31FC1FFDBE0C] - [25/07/2016 23:53:26] - |A| - [8742360] - C:\Windows\syswow64\nvptxJitCompiler.dll
[MD5.06CEB0E2F12DAA3DE858A8B73543EC0C] - [26/07/2016 14:22:30] - |A| - [127424] - C:\Windows\syswow64\nvStreaming.exe
[MD5.46DECD2B6C7D74E579639BBEB2DB46C9] - [26/07/2016 14:21:07] - |A| - [406064] - C:\Windows\syswow64\nvumdshim.dll
[MD5.E24A4C95A4658724C6AC40A814C0489F] - [25/07/2016 23:42:52] - |A| - [203320] - C:\Windows\syswow64\OpenCL.dll
[MD5.3A2E85F7D90D15460C337CE80C2E3B29] - [23/07/2016 21:45:18] - |A| - [76888] - C:\Windows\syswow64\PnkBstrA.exe
[MD5.7216827676AE6B40F7873C481B9E9446] - [23/07/2016 21:45:20] - |A| - [226168] - C:\Windows\syswow64\PnkBstrB.exe
[MD5.23EEB7034F3F7AA8554D9093B7EB319A] - [25/07/2016 23:05:57] - |A| - [129824] - C:\Windows\syswow64\vulkan-1.dll
[MD5.B1F9C56E5F3C20FEF261E2510221F6E4] - [25/07/2016 23:05:57] - |A| - [40224] - C:\Windows\syswow64\vulkaninfo.exe

---------- | Drives


---------- | C:

[26/07/2016 17:50:22] - |SHD| - [129] - C:\$RECYCLE.BIN
[16/04/2015 14:14:56] - |D| - [46069962] - C:\$WINDOWS.~BT
[26/07/2016 15:22:34] - |D| - [4298235513] - C:\AdsFix
[MD5.8D0E1CB4D997572F7C525B323653D98A] - [26/07/2016 15:30:03] - |A| - (.-.) - [31528] - (0.0.0.0) - C:\AdsFix_26_07_2016_17_47_57.txt
[18/05/2014 19:38:48] - |D| - [0] - C:\c556a93cad648dc20fd9cf9900f1
[18/05/2014 11:51:59] - |D| - [33640832] - C:\ccc945efae2ff8a745996751c8
[MD5.3D36BD7A5A03DE2695BEF2816FA6F33C] - [14/09/2014 17:05:34] - |A| - (.-.) - [116214] - (0.0.0.0) - C:\compete-header-long2.bmp
[14/05/2016 00:35:27] - |SHD| - [0] - C:\Config.Msi
[17/08/2015 14:30:58] - |D| - [0] - C:\Crash
[13/07/2009 22:08:56] - |SHD| - [0] - C:\Documents and Settings
[14/05/2016 16:01:53] - |D| - [3490514] - C:\Fraps
[26/07/2016 14:44:53] - |D| - [113576125] - C:\FRST
[MD5.E7832D67AD190A920970CB5ADFC6D5D1] - [02/11/2015 03:28:48] - |A| - (.-.) - [383] - (0.0.0.0) - C:\ftconfig.ini
[24/10/2015 03:14:37] - |D| - [0] - C:\Games
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [26/07/2016 17:47:58] - |ASH| - (.-.) - [6391554048] - (0.0.0.0) - C:\hiberfil.sys
[12/05/2014 12:02:57] - |D| - [2057590] - C:\Intel
[MD5.BA8914FB75941F5AE286BF78A0A67B95] - [27/07/2016 01:21:07] - |A| - (.-.) - [26446] - (0.0.0.0) - C:\Look_my_hardware.tmp
[12/05/2014 11:59:38] - |D| - [150644] - C:\MSI
[MD5.934BB8AF326EDC86B0C52187DDC29821] - [12/05/2014 12:03:24] - |A| - (.-.) - [189] - (0.0.0.0) - C:\mylog.log
[25/07/2016 23:25:07] - |D| - [1687217307] - C:\NVIDIA
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [12/05/2014 11:55:20] - |ASH| - (.-.) - [8522072064] - (0.0.0.0) - C:\pagefile.sys
[13/07/2009 20:20:08] - |D| - [0] - C:\PerfLogs
[12/11/2015 10:56:45] - |D| - [0] - C:\ppsfile
[13/07/2009 20:20:08] - |RD| - [20534090710] - C:\Program Files
[13/07/2009 20:20:08] - |RD| - [459573760328] - C:\Program Files (x86)
[13/07/2009 20:20:08] - |HD| - [75016608755] - C:\ProgramData
[27/07/2016 01:16:06] - |D| - [262056] - C:\QuickDiag
[MD5.5AD87CCA3A097A6BA8F6F207465B80D1] - [27/07/2016 01:16:39] - |A| - (.-.) - [252245] - (0.0.0.0) - C:\QuickDiag.txt
[15/05/2014 13:26:29] - |SHD| - [172385337] - C:\Recovery
[MD5.5A250065925A7D2AD91D08769F694372] - [12/05/2014 12:03:33] - |A| - (.-.) - [2341] - (0.0.0.0) - C:\RHDSetup.log
[15/05/2014 14:08:17] - |D| - [8845662907] - C:\Riot Games
[MD5.8AE2D70233CB0D228C33B97771B29953] - [12/05/2014 13:05:27] - |A| - (.-.) - [179] - (0.0.0.0) - C:\SBCsetup.log
[18/04/2016 14:05:08] - |D| - [0] - C:\ShadowPlay
[12/05/2014 11:55:20] - |SHD| - [0] - C:\System Volume Information
[13/07/2009 20:20:08] - |RD| - [451051355922] - C:\Users
[13/07/2009 20:20:08] - |D| - [31549475747] - C:\Windows

---------- | C:\Windows

[13/07/2009 22:32:38] - |D| - [802] - C:\Windows\addins
[13/07/2009 20:20:08] - |D| - [21332973] - C:\Windows\AppCompat
[13/07/2009 20:20:08] - |D| - [10934278] - C:\Windows\AppPatch
[13/07/2009 20:20:08] - |RSD| - [1560403826] - C:\Windows\assembly
[08/10/2014 13:41:42] - |HD| - [0] - C:\Windows\AxInstSV
[MD5.317CD1CE327B6520BF4EE007BCD39E61] - [20/11/2010 20:24:22] - |A| - (.© Microsoft Corporation. - Boot File Servicing Utility.) - [71168] - (6.1.7601.17514) - C:\Windows\bfsvc.exe
[13/07/2009 20:20:09] - |D| - [29061638] - C:\Windows\Boot
[MD5.087C215682337E8930BBF07FC9B164BD] - [13/07/2009 22:38:36] - |AS| - (.-.) - [67584] - (0.0.0.0) - C:\Windows\bootstat.dat
[13/07/2009 20:20:09] - |D| - [2418176] - C:\Windows\Branding
[MD5.7F4E3A66DD144BCC8A5ABED640F24367] - [17/06/2013 11:11:55] - |A| - (.-.) - [10] - (0.0.0.0) - C:\Windows\csup.txt
[MD5.CE7EA4FD479F7E540EDB01931ED77193] - [12/05/2014 13:06:21] - |RAH| - (.-.) - [159] - (0.0.0.0) - C:\Windows\ctfile.rfc
[13/07/2009 20:20:09] - |D| - [2113488] - C:\Windows\Cursors
[13/07/2009 21:45:54] - |D| - [460] - C:\Windows\debug
[MD5.67FC5B9D0957C4FBB37376DE49A2B170] - [16/04/2015 12:19:39] - |A| - (.-.) - [1890] - (0.0.0.0) - C:\Windows\diagerr.xml
[13/07/2009 22:32:38] - |D| - [3003724] - C:\Windows\diagnostics
[MD5.67FC5B9D0957C4FBB37376DE49A2B170] - [16/04/2015 12:19:39] - |A| - (.-.) - [1890] - (0.0.0.0) - C:\Windows\diagwrn.xml
[13/07/2009 22:37:46] - |D| - [0] - C:\Windows\DigitalLocker
[MD5.254427ACD94765DAA790B85D6ED3CC4D] - [23/07/2016 21:44:23] - |A| - (.-.) - [18931] - (0.0.0.0) - C:\Windows\DirectX.log
[13/07/2009 22:32:38] - |D| - [283] - C:\Windows\Downloaded Program Files
[MD5.56DC01AE2B21DB89A205926425CB7E18] - [20/06/2016 19:26:32] - |A| - (.-.) - [75910] - (0.0.0.0) - C:\Windows\DPINST.LOG
[12/04/2011 01:28:10] - |D| - [117959641] - C:\Windows\ehome
[13/07/2009 22:37:46] - |D| - [110080] - C:\Windows\en-US
[MD5.2A66E81AE941E54A237490FC35D387C8] - [29/06/2016 15:42:45] - |A| - (.-.) - [1945] - (0.0.0.0) - C:\Windows\epplauncher.mif
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - [17/06/2013 11:02:20] - |A| - (.© Microsoft Corporation. - Windows Explorer.) - [2871808] - (6.1.7601.17567) - C:\Windows\explorer.exe
[13/07/2009 20:20:09] - |RSD| - [473442019] - C:\Windows\Fonts
[MD5.92BB2E9AA28542C685C59EFCBAC2490B] - [13/07/2009 16:22:13] - |A| - (.© Microsoft Corporation. - BitLocker Drive Encryption Servicing Utility.) - [15360] - (6.1.7600.16385) - C:\Windows\fveupdate.exe
[13/07/2009 20:20:09] - |D| - [32090797] - C:\Windows\Globalization
[13/07/2009 20:20:09] - |D| - [100520562] - C:\Windows\Help
[MD5.CD47548A52B02D254BF6D7F7A5F2BFD3] - [13/07/2009 17:29:53] - |A| - (.© Microsoft Corporation. - Microsoft Help and Support.) - [733696] - (6.1.7600.16385) - C:\Windows\HelpPane.exe
[MD5.3D0B9EA79BF1F828324447D84AA9DCE2] - [13/07/2009 17:29:03] - |A| - (.© Microsoft Corporation. - Microsoft® HTML Help Executable.) - [16896] - (6.1.7600.16385) - C:\Windows\hh.exe
[MD5.1AEB4967A760D6EC21A3270F1B004AC1] - [12/04/2011 01:29:01] - |A| - (.-.) - [48265] - (0.0.0.0) - C:\Windows\HomePremium.xml
[13/07/2009 20:20:09] - |D| - [143546732] - C:\Windows\IME
[13/07/2009 20:20:10] - |D| - [176164827] - C:\Windows\inf
[17/06/2013 10:17:01] - |SHD| - [650329549] - C:\Windows\Installer
[13/07/2009 20:20:10] - |D| - [48371] - C:\Windows\L2Schemas
[13/07/2009 20:20:10] - |D| - [715894] - C:\Windows\LiveKernelReports
[13/07/2009 20:20:10] - |D| - [266845974] - C:\Windows\Logs
[MD5.6484AC48A0996D4741D2ADA041CF7EE7] - [12/05/2014 13:06:24] - |A| - (.-.) - [2783] - (0.0.0.0) - C:\Windows\MBCfg_APOIM.ini
[MD5.233DAA6D86947FF0180ADE709710EBA0] - [12/05/2014 13:06:24] - |A| - (.-.) - [2747] - (0.0.0.0) - C:\Windows\MBCfg_HP_APOIM.ini
[MD5.7B7573AF24AC4CFD6E871F559E4700B5] - [12/05/2014 13:06:24] - |A| - (.-.) - [2835] - (0.0.0.0) - C:\Windows\MBCfg_SP_APOIM.ini
[13/07/2009 20:20:10] - |RSD| - [13327133] - C:\Windows\Media
[MD5.23AF90D2355D8C83AA4567EF1763B467] - [13/07/2009 17:10:29] - |A| - (.-.) - [43131] - (0.0.0.0) - C:\Windows\mib.bin
[13/07/2009 20:20:10] - |D| - [1091959468] - C:\Windows\Microsoft.NET
[17/05/2014 22:43:12] - |D| - [1223] - C:\Windows\Migration
[30/11/2014 04:03:47] - |D| - [0] - C:\Windows\Minidump
[13/07/2009 20:20:10] - |D| - [0] - C:\Windows\ModemLogs
[MD5.7910931597E1E2877363585938198CC6] - [02/12/2015 09:58:09] - |A| - (.©1999-2014 Jonathan Bennett & AutoIt Team - Aut2Exe.) - [919040] - (3.3.12.0) - C:\Windows\mod_frst.exe
[MD5.B9FB94A8DA62711C6955825DEFB25C5A] - [13/07/2009 19:35:42] - |A| - (.-.) - [1405] - (0.0.0.0) - C:\Windows\msdfmap.ini
[18/05/2014 11:47:33] - |HD| - [0] - C:\Windows\msdownld.tmp
[MD5.F2C7BB8ACC97F92E987A2D4087D021B1] - [13/07/2009 16:56:36] - |A| - (.© Microsoft Corporation. - Notepad.) - [193536] - (6.1.7600.16385) - C:\Windows\notepad.exe
[17/06/2013 09:47:24] - |HD| - [174639] - C:\Windows\OEMLogo
[13/07/2009 22:32:38] - |D| - [65] - C:\Windows\Offline Web Pages
[17/06/2013 10:30:28] - |D| - [1073416] - C:\Windows\Panther
[13/07/2009 22:32:38] - |D| - [64600495] - C:\Windows\Performance
[MD5.549468A6C9AED2C1A6DC1D00B7B618EB] - [16/05/2016 11:39:53] - |A| - (.-.) - [38468] - (0.0.0.0) - C:\Windows\PFRO.log
[13/07/2009 20:20:10] - |D| - [1117380] - C:\Windows\PLA
[13/07/2009 20:20:10] - |D| - [2349958] - C:\Windows\PolicyDefinitions
[17/06/2013 09:32:09] - |D| - [41158983] - C:\Windows\Prefetch
[14/04/2015 15:07:05] - |D| - [5038] - C:\Windows\pss
[MD5.2E2C937846A0B8789E5E91739284D17A] - [13/07/2009 16:27:10] - |A| - (.© Microsoft Corporation. - Registry Editor.) - [427008] - (6.1.7600.16385) - C:\Windows\regedit.exe
[13/07/2009 20:20:10] - |D| - [22588] - C:\Windows\registration
[13/07/2009 20:20:10] - |D| - [8645513] - C:\Windows\rescache
[13/07/2009 20:20:10] - |D| - [1674534] - C:\Windows\Resources
[MD5.D0B58740740B8F25C2CFA2954B25C9DE] - [12/05/2014 12:03:34] - |A| - (.Copyright (C) 2013 Realtek Semiconductor Corp. - RtlExUpd DLL for setup utility function.) - [2080472] - (1.0.5.2) - C:\Windows\RtlExUpd.dll
[13/07/2009 20:20:10] - |D| - [0] - C:\Windows\SchCache
[13/07/2009 20:20:10] - |D| - [58021] - C:\Windows\schemas
[13/07/2009 20:20:10] - |D| - [1058574] - C:\Windows\security
[13/07/2009 21:45:47] - |D| - [129902363] - C:\Windows\ServiceProfiles
[13/07/2009 20:20:10] - |D| - [103133016] - C:\Windows\servicing
[13/07/2009 21:45:50] - |D| - [42] - C:\Windows\Setup
[MD5.CE8F9167CF4488D44479BA1AD10C59B9] - [15/05/2016 13:20:40] - |A| - (.-.) - [24396] - (0.0.0.0) - C:\Windows\setupact.log
[MD5.D41D8CD98F00B204E9800998ECF8427E] - [15/05/2016 13:20:40] - |A| - (.-.) - [0] - (0.0.0.0) - C:\Windows\setuperr.log
[12/04/2011 01:28:10] - |D| - [4544] - C:\Windows\ShellNew
[12/05/2014 12:00:13] - |D| - [2619321916] - C:\Windows\SoftwareDistribution
[13/07/2009 20:20:10] - |D| - [181014046] - C:\Windows\Speech
[MD5.127AA81343A7C6F665C22CB1293B0A90] - [17/06/2013 11:02:07] - |A| - (.© Microsoft Corporation. - Print driver host for 32bit applications.) - [67072] - (6.1.7601.17777) - C:\Windows\splwow64.exe
[MD5.9060C3C745E7B2D8E1A81DD061021546] - [13/07/2009 22:28:38] - |A| - (.-.) - [48201] - (0.0.0.0) - C:\Windows\Starter.xml
[13/07/2009 20:20:10] - |D| - [0] - C:\Windows\system
[MD5.286A9EDB379DC3423A528B0864A0F111] - [13/07/2009 19:34:57] - |A| - (.-.) - [219] - (0.0.0.0) - C:\Windows\system.ini
[13/07/2009 20:20:10] - |D| - [9394744356] - C:\Windows\System32
[13/07/2009 20:20:14] - |D| - [1435502738] - C:\Windows\SysWOW64
[13/07/2009 20:20:14] - |D| - [15] - C:\Windows\TAPI
[13/07/2009 20:20:14] - |D| - [32582] - C:\Windows\Tasks
[13/07/2009 20:20:14] - |D| - [12640] - C:\Windows\Temp
[13/07/2009 20:20:14] - |D| - [0] - C:\Windows\tracing
[MD5.0BEA3F79A36B1F67B2CE0F595524C77C] - [10/06/2009 14:41:17] - |A| - (.- Twain Source Manager (Image Acquisition Interface).) - [94784] - (1.7.0.0) - C:\Windows\twain.dll
[13/07/2009 22:32:38] - |D| - [6144] - C:\Windows\twain_32
[MD5.163A95975E1D8819E653AA3E961371CA] - [20/11/2010 20:25:10] - |A| - (.- Twain_32 Source Manager (Image Acquisition Interface).) - [51200] - (1.7.1.3) - C:\Windows\twain_32.dll
[MD5.F36A271706EDD23C94956AFB56981184] - [13/07/2009 15:47:26] - |A| - (.- Twain_32.dll Client's 16-Bit Thunking Server.) - [49680] - (1.7.0.0) - C:\Windows\twunk_16.exe
[MD5.0BD6E68F3EA0DD62CD86283D86895381] - [13/07/2009 17:14:40] - |A| - (.- Twain.dll Client's 32-Bit Thunking Server.) - [31232] - (1.7.1.0) - C:\Windows\twunk_32.exe
[MD5.C419DF63E0121D72411285780C2FC6CC] - [12/05/2014 13:06:27] - |A| - (.Copyright (c) Creative Technology Ltd. 2000 - Creative UpdReg.) - [90112] - (1.0.2.0) - C:\Windows\Updreg.EXE
[13/07/2009 20:20:14] - |D| - [12420] - C:\Windows\Vss
[13/07/2009 20:20:14] - |D| - [40681427] - C:\Windows\Web
[MD5.162904DAA5412143F5403233E77F787E] - [13/07/2009 19:34:57] - |A| - (.-.) - [403] - (0.0.0.0) - C:\Windows\win.ini
[MD5.5A5CFF37F1BD0F86B9BDAAD7A9445882] - [13/07/2009 21:54:24] - |RAH| - (.-.) - [749] - (0.0.0.0) - C:\Windows\WindowsShell.Manifest
[MD5.578B34D1F1C46299E534D1470D3720E4] - [12/05/2014 12:00:12] - |A| - (.-.) - [1154743] - (0.0.0.0) - C:\Windows\WindowsUpdate.log
[MD5.1D420D66250BCAAAED05724FB34008CF] - [13/07/2009 17:12:29] - |A| - (.© Microsoft Corporation. - Windows Winhlp32 Stub.) - [9728] - (6.1.7600.16385) - C:\Windows\winhlp32.exe
[13/07/2009 20:20:14] - |D| - [12817249772] - C:\Windows\winsxs
[MD5.DC17DD0189B0C36D863B4DD0A036C10F] - [10/06/2009 13:52:44] - |A| - (.-.) - [316640] - (0.0.0.0) - C:\Windows\WMSysPr9.prx
[MD5.F8ED3B4B209E2CB49028E36CF06CA851] - [13/07/2009 16:56:28] - |A| - (.© Microsoft Corporation. - Windows Write.) - [10240] - (6.1.7600.16385) - C:\Windows\write.exe
[MD5.8D0944E48D8F8F1FDFE9653A6E155807] - [28/08/2014 19:06:23] - |A| - (.-.) - [268] - (0.0.0.0) - C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

---------- | Systemroot\System


---------- | Systemroot\Installer (Microsoft Files Whitelisted)

[11/04/2016 13:52:46] - C:\Windows\Installer\10c36a2.msi : (InputMapper - DSDCS)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/10/2015 12:15:18] - C:\Windows\Installer\1237fb.msi : (System Requirements Lab Detection - Husdawg, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 03:14:36] - C:\Windows\Installer\140a647.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 03:14:38] - C:\Windows\Installer\140a64c.msi : (Apple Application Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/10/2015 16:42:50] - C:\Windows\Installer\140a677.msi : ([ProductName] Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/10/2015 19:49:44] - C:\Windows\Installer\140a67c.msi : (Apple Mobile Device Support Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[09/10/2015 16:43:42] - C:\Windows\Installer\140a681.msi : (Apple Software Update Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/10/2015 05:29:36] - C:\Windows\Installer\140a685.msi : (iTunes Installer - Apple Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[25/06/2015 14:25:16] - C:\Windows\Installer\15b8bd4.msi : (Curse - Curse)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[12/05/2014 13:06:44] - C:\Windows\Installer\1b949.msi : (Google Toolbar for Internet Explorer - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[08/12/2015 22:39:41] - C:\Windows\Installer\1e1f44c.msi : (Skype - Skype Technologies S.A.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[11/08/2014 08:44:34] - C:\Windows\Installer\280ddf1.msi : (Mumble 1.2.8 - Thorvald Natvig)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[16/09/2013 12:20:14] - C:\Windows\Installer\28cb8.msi : (Intel(R) Trusted Connect Service Client - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/08/2013 18:22:34] - C:\Windows\Installer\28cbd.msi : (Intel Smart Connect Technology enables your computer to periodically wake from sleep to keep your content fresh - Intel Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2016 14:38:22] - C:\Windows\Installer\28d51e.msi : (Java SE Runtime Environment 8 Update 101 - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2016 14:43:38] - C:\Windows\Installer\28d5ef.msi : (Java Auto Updater - Oracle Corporation)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[26/07/2011 11:36:38] - C:\Windows\Installer\29bd846.msi : ( - DivX, Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[05/08/2014 15:07:52] - C:\Windows\Installer\2b55246.msi : (Facebook Video Calling 3.1.0.521 - Skype Limited)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[10/05/2016 19:12:48] - C:\Windows\Installer\2f854c.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[15/05/2014 18:37:42] - C:\Windows\Installer\327ee.msi : (System Requirements Lab CYRI - Husdawg, LLC)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/03/2016 14:59:39] - C:\Windows\Installer\34f3b.msi : (Epic Games Launcher - Epic Games, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/11/2015 10:56:58] - C:\Windows\Installer\34f40.msi : (Epic Games Launcher Prerequisites (x64) - Epic Games, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[28/08/2014 19:05:44] - C:\Windows\Installer\457958.msi : (Voice Communication - Flagship Industries, Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/06/2016 20:18:15] - C:\Windows\Installer\74f0344.msi : (Emily - Razer Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[18/11/2014 10:20:51] - C:\Windows\Installer\7daca.msi : (Google Update Helper - Google Inc.)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[06/03/2016 02:21:14] - C:\Windows\Installer\924715.msi : (League of Legends - Riot Games)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[19/06/2015 12:02:11] - C:\Windows\Installer\b21b94.msi : (Logitech Gaming Software - Logitech Inc)          [Offsets ok ! : D0CF11E0A1B11AE10000000000000000]
[01/02/2015 20:55:29] - [1388544] - C:\Windows\Installer\Razer Game Scanner Service\RzGSSuninstall.exe     (Runtime Engine Copyright © 2015 Indigo Rose Corporation (www.indigorose.com)) - (Setup Application)
[01/02/2015 20:55:39] - [1388544] - C:\Windows\Installer\Razer InGame Engine\uninstall.exe     (Runtime Engine Copyright © 2015 Indigo Rose Corporation (www.indigorose.com)) - (Setup Application)
[30/05/2014 17:36:23] - [208016] - C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[30/05/2014 17:36:23] - [208016] - C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\NewShortcut1_39DEDF8BE16D414F9CB4D01021BE0D48.exe     (Copyright (c) 2015 Flexera Software LLC.) - (InstallShield)
[11/04/2016 15:48:17] - [123276] - C:\Windows\Installer\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}\InputMapper.exe     () - ()
[10/04/2015 15:10:00] - [145760] - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe     () - ()
[29/06/2016 15:42:35] - [109563] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\EPP.exe     () - ()
[29/06/2016 15:42:35] - [109563] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\FEP.exe     () - ()
[29/06/2016 15:42:35] - [109563] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\INTUNE.exe     () - ()
[29/06/2016 15:42:35] - [123352] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\MSE.exe     () - ()
[29/06/2016 15:42:35] - [123352] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\MSEPrerelease.exe     () - ()
[29/06/2016 15:42:35] - [109563] - C:\Windows\Installer\{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78}\SCEP.exe     () - ()
[02/10/2015 19:07:03] - [104355] - C:\Windows\Installer\{4F524A2D-5350-4500-76A7-A758B70C2300}\ToolbarIcon.exe     () - ()
[08/12/2015 22:40:56] - [145760] - C:\Windows\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe     () - ()
[12/08/2014 18:47:46] - [145760] - C:\Windows\Installer\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}\SkypeIcon.exe     () - ()
[11/04/2016 13:42:35] - [25214] - C:\Windows\Installer\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}\AUSetting.exe     () - ()
[11/04/2016 13:42:35] - [439926] - C:\Windows\Installer\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}\XBoxStat.exe     () - ()
[04/11/2015 19:11:50] - [86016] - C:\Windows\Installer\{E690A491-702F-4DEC-9977-C015D1DBB57C}\iTunesIco.exe     () - ()
[04/11/2015 19:11:11] - [27136] - C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe     () - ()

---------- | %System%\*.in*

[13/07/2009 21:57:09] - [73] - C:\Windows\System32\desktop.ini
[14/04/2015 14:13:04] - [16303] - C:\Windows\System32\ieuinit.inf
[12/05/2014 13:06:24] - [8570] - C:\Windows\System32\MBCfg64.ini
[12/05/2014 13:06:24] - [5856] - C:\Windows\System32\MBCfgUninstall64.ini
[13/07/2009 22:13:15] - [6214] - C:\Windows\System32\PerfStringBackup.INI
[10/06/2009 14:01:25] - [60124] - C:\Windows\System32\tcpmon.ini
[14/04/2015 14:13:06] - [16303] - C:\Windows\Syswow64\ieuinit.inf
[13/07/2009 21:55:01] - [535] - C:\Windows\Syswow64\mapisvc.inf
[12/05/2014 13:06:24] - [8570] - C:\Windows\Syswow64\MBCfg32.ini
[12/05/2014 13:06:24] - [5856] - C:\Windows\Syswow64\MBCfgUninstall32.ini
[12/05/2014 12:02:35] - [774592] - C:\Windows\Syswow64\PerfStringBackup.INI

---------- | [Public]

[17/08/2015 13:56:57] - |D| - [0] - C:\Users\Public\Daybreak Game Company
[13/07/2009 20:20:08] - |RHD| - [26357] - C:\Users\Public\Desktop
[13/07/2009 21:54:24] - |ASH| - [174] - C:\Users\Public\desktop.ini
[13/07/2009 20:20:08] - |RD| - [58950243] - C:\Users\Public\Documents
[13/07/2009 20:20:08] - |RD| - [174] - C:\Users\Public\Downloads
[13/07/2009 20:20:08] - |RHD| - [0] - C:\Users\Public\Favorites
[13/07/2009 20:20:08] - |RHD| - [3979] - C:\Users\Public\Libraries
[13/07/2009 20:20:08] - |RD| - [17468736] - C:\Users\Public\Music
[16/04/2015 23:05:26] - |A| - [262144] - C:\Users\Public\ntuser.dat
[16/04/2015 23:05:26] - |ASH| - [5120] - C:\Users\Public\ntuser.dat.LOG1
[16/04/2015 23:05:26] - |ASH| - [0] - C:\Users\Public\ntuser.dat.LOG2
[16/04/2015 23:05:26] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{26051ea4-e4c7-11e4-ab37-448a5b877319}.TM.blf
[16/04/2015 23:05:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{26051ea4-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[16/04/2015 23:05:26] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{26051ea4-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[16/04/2015 23:05:31] - |ASH| - [65536] - C:\Users\Public\ntuser.dat{26051eaf-e4c7-11e4-ab37-448a5b877319}.TM.blf
[16/04/2015 23:05:31] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{26051eaf-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[16/04/2015 23:05:31] - |ASH| - [524288] - C:\Users\Public\ntuser.dat{26051eaf-e4c7-11e4-ab37-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[13/07/2009 20:20:08] - |RD| - [7101480] - C:\Users\Public\Pictures
[12/11/2015 10:56:04] - |D| - [13787] - C:\Users\Public\QiYi
[12/04/2011 01:28:03] - |RD| - [9699328] - C:\Users\Public\Recorded TV
[13/07/2009 20:20:08] - |RD| - [26246732] - C:\Users\Public\Videos

---------- | [Sambone]

[26/07/2016 14:41:33] - |D| - [51] - C:\Users\Sambone\.oracle_jre_usage
[15/05/2014 13:26:33] - |HD| - [120680350266] - C:\Users\Sambone\AppData
[15/05/2014 13:26:33] - |SHD| - [1400686156] - C:\Users\Sambone\Application Data
[15/05/2014 13:26:38] - |RD| - [45010] - C:\Users\Sambone\Contacts
[15/05/2014 13:26:33] - |SHD| - [721] - C:\Users\Sambone\Cookies
[15/05/2014 13:26:33] - |RD| - [543622] - C:\Users\Sambone\Desktop
[15/05/2014 13:26:33] - |RD| - [29833908639] - C:\Users\Sambone\Documents
[15/05/2014 13:26:33] - |RD| - [49975024661] - C:\Users\Sambone\Downloads
[15/05/2014 13:26:33] - |RD| - [1436] - C:\Users\Sambone\Favorites
[15/05/2014 13:26:33] - |RD| - [3925] - C:\Users\Sambone\Links
[15/05/2014 13:26:33] - |SHD| - [115026016927] - C:\Users\Sambone\Local Settings
[15/05/2014 13:26:33] - |RD| - [2962180] - C:\Users\Sambone\Music
[15/05/2014 13:26:33] - |SHD| - [29833908639] - C:\Users\Sambone\My Documents
[15/05/2014 13:26:33] - |SHD| - [0] - C:\Users\Sambone\NetHood
[15/05/2014 13:26:33] - |ASH| - [2883584] - C:\Users\Sambone\ntuser.dat
[15/05/2014 13:26:33] - |ASH| - [262144] - C:\Users\Sambone\ntuser.dat.LOG1
[15/05/2014 13:26:33] - |ASH| - [262144] - C:\Users\Sambone\ntuser.dat.LOG2
[15/05/2014 13:26:33] - |ASH| - [65536] - C:\Users\Sambone\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[15/05/2014 13:26:33] - |ASH| - [524288] - C:\Users\Sambone\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[15/05/2014 13:26:33] - |ASH| - [524288] - C:\Users\Sambone\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[18/05/2014 19:48:08] - |ASH| - [65536] - C:\Users\Sambone\ntuser.dat{66e7283b-defd-11e3-857d-448a5b877319}.TM.blf
[18/05/2014 19:48:09] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{66e7283b-defd-11e3-857d-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[18/05/2014 19:48:09] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{66e7283b-defd-11e3-857d-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[13/11/2014 18:59:06] - |ASH| - [65536] - C:\Users\Sambone\ntuser.dat{784db73a-6b9a-11e4-b4ec-448a5b877319}.TM.blf
[13/11/2014 18:59:06] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{784db73a-6b9a-11e4-b4ec-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[13/11/2014 18:59:06] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{784db73a-6b9a-11e4-b4ec-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[14/05/2016 01:56:46] - |ASH| - [65536] - C:\Users\Sambone\ntuser.dat{8bb04399-19ad-11e6-b196-448a5b877319}.TM.blf
[14/05/2016 01:56:46] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{8bb04399-19ad-11e6-b196-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[14/05/2016 01:56:46] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{8bb04399-19ad-11e6-b196-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[12/11/2015 11:55:23] - |ASH| - [65536] - C:\Users\Sambone\ntuser.dat{942c3cb0-8965-11e5-8a92-448a5b877319}.TM.blf
[12/11/2015 11:55:23] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{942c3cb0-8965-11e5-8a92-448a5b877319}.TMContainer00000000000000000001.regtrans-ms
[12/11/2015 11:55:23] - |ASH| - [524288] - C:\Users\Sambone\ntuser.dat{942c3cb0-8965-11e5-8a92-448a5b877319}.TMContainer00000000000000000002.regtrans-ms
[15/05/2014 13:26:33] - |SH| - [20] - C:\Users\Sambone\ntuser.ini
[10/06/2014 15:52:38] - |RD| - [130] - C:\Users\Sambone\OneDrive
[15/05/2014 13:26:33] - |RD| - [11161260234] - C:\Users\Sambone\Pictures
[15/05/2014 13:26:33] - |SHD| - [0] - C:\Users\Sambone\PrintHood
[15/05/2014 13:26:33] - |SHD| - [146929] - C:\Users\Sambone\Recent
[15/05/2014 13:26:33] - |RD| - [282] - C:\Users\Sambone\Saved Games
[15/05/2014 13:26:47] - |RD| - [1020] - C:\Users\Sambone\Searches
[15/05/2014 13:26:33] - |SHD| - [3801] - C:\Users\Sambone\SendTo
[10/06/2014 15:46:56] - |RD| - [98] - C:\Users\Sambone\SkyDrive
[15/05/2014 13:26:33] - |SHD| - [30614] - C:\Users\Sambone\Start Menu
[15/05/2014 13:26:33] - |SHD| - [0] - C:\Users\Sambone\Templates
[10/04/2015 15:10:14] - |D| - [344064] - C:\Users\Sambone\Tracing
[15/05/2014 13:26:33] - |RD| - [18451188982] - C:\Users\Sambone\Videos
[15/05/2014 13:27:27] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Adobe
[04/11/2015 19:11:51] - |D| - [12812490] - C:\Users\Sambone\AppData\Roaming\Apple Computer
[03/08/2014 18:39:26] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Awesomium
[23/07/2014 09:24:11] - |D| - [13933] - C:\Users\Sambone\AppData\Roaming\Battle.net
[03/08/2014 18:19:48] - |D| - [3876552] - C:\Users\Sambone\AppData\Roaming\BitTorrent
[01/06/2014 17:31:02] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Curse
[30/06/2015 19:32:03] - |D| - [339477600] - C:\Users\Sambone\AppData\Roaming\Curse Client
[18/05/2014 17:48:55] - |D| - [432080] - C:\Users\Sambone\AppData\Roaming\DAEMON Tools Lite
[05/05/2016 10:18:18] - |D| - [9309256] - C:\Users\Sambone\AppData\Roaming\DarkSoulsIII
[20/07/2016 11:33:10] - |D| - [17337762] - C:\Users\Sambone\AppData\Roaming\Device Doctor
[15/10/2014 22:44:37] - |D| - [51420] - C:\Users\Sambone\AppData\Roaming\DivX
[30/04/2016 21:26:21] - |D| - [3094] - C:\Users\Sambone\AppData\Roaming\DS4Windows
[11/04/2016 13:41:50] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\DSDCS
[15/05/2014 13:28:15] - |D| - [80] - C:\Users\Sambone\AppData\Roaming\Google
[15/05/2014 13:26:39] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Identities
[11/04/2016 15:48:17] - |D| - [965] - C:\Users\Sambone\AppData\Roaming\InputMapper
[21/03/2016 13:18:03] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\library_dir
[19/06/2015 11:59:36] - |D| - [8365] - C:\Users\Sambone\AppData\Roaming\Logishrd
[19/06/2015 11:59:36] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Logitech
[15/05/2014 14:54:20] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\LolClient
[15/05/2014 14:54:19] - |D| - [607] - C:\Users\Sambone\AppData\Roaming\Macromedia
[15/05/2014 13:26:33] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Media Center Programs
[15/05/2014 13:26:33] - |SD| - [55230003] - C:\Users\Sambone\AppData\Roaming\Microsoft
[22/07/2016 18:18:38] - |D| - [1188544] - C:\Users\Sambone\AppData\Roaming\Middle Earth - Shadow of Mordor
[26/07/2014 12:46:37] - |D| - [20402642] - C:\Users\Sambone\AppData\Roaming\Mozilla
[28/11/2014 18:58:13] - |D| - [1690057] - C:\Users\Sambone\AppData\Roaming\Mumble
[15/05/2014 19:18:02] - |D| - [86888] - C:\Users\Sambone\AppData\Roaming\NCSOFT
[25/07/2016 23:16:58] - |D| - [164245] - C:\Users\Sambone\AppData\Roaming\NVIDIA
[12/11/2015 11:16:55] - |D| - [1549496] - C:\Users\Sambone\AppData\Roaming\Opera Software
[26/07/2014 12:18:43] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Oracle
[06/10/2015 15:14:18] - |D| - [21344] - C:\Users\Sambone\AppData\Roaming\Origin
[21/03/2016 13:17:54] - |D| - [663348672] - C:\Users\Sambone\AppData\Roaming\PlaysTV
[25/04/2016 01:26:56] - |D| - [608] - C:\Users\Sambone\AppData\Roaming\PotPlayerMini64
[07/12/2014 00:47:13] - |D| - [229376] - C:\Users\Sambone\AppData\Roaming\raidcall
[21/03/2016 13:18:18] - |D| - [80] - C:\Users\Sambone\AppData\Roaming\Raptr
[19/09/2014 12:09:06] - |D| - [14853] - C:\Users\Sambone\AppData\Roaming\RIFT
[15/05/2014 14:02:25] - |D| - [1379328] - C:\Users\Sambone\AppData\Roaming\Riot Games
[15/05/2014 14:42:00] - |D| - [74682339] - C:\Users\Sambone\AppData\Roaming\Skype
[28/07/2014 13:44:05] - |D| - [168630061] - C:\Users\Sambone\AppData\Roaming\Spotify
[26/07/2016 14:41:33] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Sun
[15/05/2014 23:05:10] - |D| - [405586] - C:\Users\Sambone\AppData\Roaming\TS3Client
[18/05/2014 10:33:11] - |D| - [28380458] - C:\Users\Sambone\AppData\Roaming\uTorrent
[28/08/2014 19:07:10] - |D| - [11196] - C:\Users\Sambone\AppData\Roaming\Ventrilo
[09/11/2015 00:48:53] - |D| - [0] - C:\Users\Sambone\AppData\Local\Adobe
[04/11/2015 19:11:11] - |D| - [0] - C:\Users\Sambone\AppData\Local\Apple
[04/11/2015 19:11:51] - |D| - [13569643] - C:\Users\Sambone\AppData\Local\Apple Computer
[15/05/2014 13:26:33] - |SHD| - [109863836267] - C:\Users\Sambone\AppData\Local\Application Data
[12/03/2016 18:43:48] - |D| - [0] - C:\Users\Sambone\AppData\Local\Avg
[12/03/2016 18:43:48] - |D| - [11009] - C:\Users\Sambone\AppData\Local\AvgSetupLog
[23/07/2014 09:24:11] - |D| - [170484756] - C:\Users\Sambone\AppData\Local\Battle.net
[23/07/2014 14:56:12] - |D| - [161620] - C:\Users\Sambone\AppData\Local\Blizzard
[15/05/2014 14:34:33] - |D| - [46368] - C:\Users\Sambone\AppData\Local\Blizzard Entertainment
[03/09/2015 13:54:10] - |D| - [6428238] - C:\Users\Sambone\AppData\Local\CEF
[12/11/2015 05:37:39] - |D| - [21591109] - C:\Users\Sambone\AppData\Local\Chromium
[26/05/2014 16:24:20] - |D| - [122825745] - C:\Users\Sambone\AppData\Local\CrashDumps
[18/03/2016 16:44:30] - |D| - [95589] - C:\Users\Sambone\AppData\Local\CrashReportClient
[12/07/2014 12:47:02] - |D| - [478] - C:\Users\Sambone\AppData\Local\Creative
[17/08/2015 13:58:01] - |D| - [1846424] - C:\Users\Sambone\AppData\Local\Daybreak Game Company
[15/05/2014 13:29:16] - |D| - [0] - C:\Users\Sambone\AppData\Local\Diagnostics
[22/03/2015 18:59:21] - |SHD| - [0] - C:\Users\Sambone\AppData\Local\EmieBrowserModeList
[18/05/2014 19:33:19] - |SHD| - [0] - C:\Users\Sambone\AppData\Local\EmieSiteList
[18/05/2014 19:33:19] - |SHD| - [0] - C:\Users\Sambone\AppData\Local\EmieUserList
[18/03/2016 15:01:53] - |D| - [6246772] - C:\Users\Sambone\AppData\Local\EpicGamesLauncher
[07/10/2014 20:49:57] - |D| - [18987066] - C:\Users\Sambone\AppData\Local\Facebook
[09/11/2015 22:33:26] - |D| - [124] - C:\Users\Sambone\AppData\Local\Fallout4
[12/07/2016 20:13:34] - |D| - [2035133] - C:\Users\Sambone\AppData\Local\FluxSoftware
[24/07/2016 21:13:16] - |D| - [1926] - C:\Users\Sambone\AppData\Local\Futuremark_Corporation
[15/05/2014 13:27:37] - |A| - [111896] - C:\Users\Sambone\AppData\Local\GDIPFONTCACHEV1.DAT
[19/09/2014 12:05:11] - |D| - [382] - C:\Users\Sambone\AppData\Local\Glyph
[15/05/2014 13:28:13] - |D| - [703727276] - C:\Users\Sambone\AppData\Local\Google
[15/05/2014 13:26:33] - |SHD| - [130] - C:\Users\Sambone\AppData\Local\History
[26/07/2016 18:42:18] - |AH| - [14650141] - C:\Users\Sambone\AppData\Local\IconCache.db
[16/05/2014 00:10:13] - |D| - [939] - C:\Users\Sambone\AppData\Local\Intel_Corporation
[24/07/2016 21:12:45] - |D| - [1854] - C:\Users\Sambone\AppData\Local\IsolatedStorage
[12/11/2015 05:36:42] - |D| - [1305454] - C:\Users\Sambone\AppData\Local\lile
[19/06/2015 12:02:22] - |D| - [646634] - C:\Users\Sambone\AppData\Local\Logitech
[08/01/2015 13:37:29] - |D| - [0] - C:\Users\Sambone\AppData\Local\Macromedia
[15/05/2014 13:26:33] - |D| - [227593209] - C:\Users\Sambone\AppData\Local\Microsoft
[26/07/2014 12:46:37] - |D| - [1520521] - C:\Users\Sambone\AppData\Local\Mozilla
[30/10/2015 16:41:02] - |D| - [965] - C:\Users\Sambone\AppData\Local\NBGI
[15/05/2014 19:18:02] - |D| - [0] - C:\Users\Sambone\AppData\Local\NCSOFT
[06/10/2015 23:17:02] - |D| - [330303742] - C:\Users\Sambone\AppData\Local\NVIDIA
[15/05/2014 13:27:39] - |D| - [103388] - C:\Users\Sambone\AppData\Local\NVIDIA Corporation
[20/07/2016 19:43:22] - |D| - [19686] - C:\Users\Sambone\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
[12/11/2015 11:16:56] - |D| - [8271223] - C:\Users\Sambone\AppData\Local\Opera Software
[06/10/2015 15:14:14] - |D| - [55164144] - C:\Users\Sambone\AppData\Local\Origin
[18/03/2016 15:31:20] - |D| - [3947456357] - C:\Users\Sambone\AppData\Local\OrionGame
[22/10/2014 14:34:52] - |D| - [0] - C:\Users\Sambone\AppData\Local\Programs
[24/07/2016 10:19:40] - |D| - [3625093] - C:\Users\Sambone\AppData\Local\PunkBuster
[30/05/2014 17:39:40] - |D| - [765] - C:\Users\Sambone\AppData\Local\Razer
[30/05/2014 17:37:42] - |D| - [864] - C:\Users\Sambone\AppData\Local\Razer_Inc
[02/02/2015 04:09:14] - |D| - [1368] - C:\Users\Sambone\AppData\Local\RzStats
[17/08/2015 13:58:02] - |D| - [0] - C:\Users\Sambone\AppData\Local\SCE
[24/10/2015 03:14:22] - |D| - [32] - C:\Users\Sambone\AppData\Local\Setup Integrity Check
[10/10/2015 03:05:09] - |D| - [0] - C:\Users\Sambone\AppData\Local\SKIDROW
[15/05/2014 14:42:16] - |D| - [5560525] - C:\Users\Sambone\AppData\Local\Skype
[28/07/2014 13:44:26] - |D| - [3132905825] - C:\Users\Sambone\AppData\Local\Spotify
[14/04/2015 22:20:25] - |D| - [424730046] - C:\Users\Sambone\AppData\Local\Steam
[20/09/2015 15:12:49] - |D| - [628] - C:\Users\Sambone\AppData\Local\SWTOR
[19/09/2015 20:30:50] - |D| - [65] - C:\Users\Sambone\AppData\Local\SWTORPerf
[15/05/2014 13:26:33] - |D| - [147750912] - C:\Users\Sambone\AppData\Local\Temp
[15/05/2014 13:26:33] - |SHD| - [1632595] - C:\Users\Sambone\AppData\Local\Temporary Internet Files
[29/08/2014 18:16:39] - |D| - [10612] - C:\Users\Sambone\AppData\Local\Ubisoft
[29/08/2014 17:49:11] - |D| - [0] - C:\Users\Sambone\AppData\Local\Ubisoft Game Launcher
[05/03/2016 21:39:54] - |D| - [133] - C:\Users\Sambone\AppData\Local\UnrealEngine
[18/03/2016 15:03:40] - |D| - [0] - C:\Users\Sambone\AppData\Local\UnrealEngineLauncher
[05/03/2016 21:39:54] - |D| - [21431024] - C:\Users\Sambone\AppData\Local\Victory
[15/05/2014 13:26:37] - |D| - [2287696] - C:\Users\Sambone\AppData\Local\VirtualStore
[18/05/2014 11:45:17] - |D| - [0] - C:\Users\Sambone\AppData\Local\WarThunder
[15/05/2014 13:26:47] - |ASH| - [174] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
[15/05/2014 13:26:33] - |RD| - [26754] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
[07/12/2014 00:40:53] - |A| - [1035] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\RaidCall.lnk
[24/09/2015 03:15:26] - |A| - [2651] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
[15/05/2014 13:26:33] - |RD| - [14619] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[15/05/2014 13:26:47] - |RD| - [174] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[30/06/2015 19:32:05] - |A| - [1026] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
[15/05/2014 13:26:47] - |ASH| - [338] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
[12/07/2016 20:13:37] - |D| - [4241] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
[09/04/2015 22:12:15] - |D| - [214] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[15/05/2014 13:27:27] - |A| - [1417] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[15/05/2014 13:26:33] - |RD| - [580] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[10/06/2014 15:52:12] - |A| - [2168] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
[20/07/2016 19:31:21] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OCCT
[07/12/2014 00:40:53] - |D| - [0] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
[28/07/2014 13:44:26] - |A| - [1803] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[15/05/2014 13:26:47] - |RD| - [174] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[15/05/2014 13:26:47] - |ASH| - [174] - C:\Users\Sambone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\ProgramData

[19/06/2015 12:02:08] - |D| - [103381494] - C:\ProgramData\Apple
[04/11/2015 19:11:37] - |D| - [76214495] - C:\ProgramData\Apple Computer
[13/07/2009 22:08:56] - |SHD| - [68708376244] - C:\ProgramData\Application Data
[15/05/2014 14:19:50] - |D| - [158389294] - C:\ProgramData\Battle.net
[19/09/2015 20:31:39] - |D| - [11095861] - C:\ProgramData\BitRaider
[15/05/2014 14:20:41] - |D| - [208770143] - C:\ProgramData\Blizzard Entertainment
[12/11/2015 11:08:23] - |D| - [132344] - C:\ProgramData\BOINC
[11/04/2016 15:48:48] - |D| - [1627444] - C:\ProgramData\Caphyon
[12/05/2014 13:06:24] - |D| - [48342] - C:\ProgramData\Creative
[18/05/2014 17:46:03] - |D| - [1484] - C:\ProgramData\DAEMON Tools Lite
[13/07/2009 22:08:56] - |SHD| - [26357] - C:\ProgramData\Desktop
[15/10/2014 22:43:37] - |D| - [13373305] - C:\ProgramData\DivX
[13/07/2009 22:08:56] - |SHD| - [58950243] - C:\ProgramData\Documents
[11/04/2016 15:49:38] - |D| - [507] - C:\ProgramData\DSDCS
[06/10/2015 15:07:01] - |D| - [3219] - C:\ProgramData\Electronic Arts
[18/03/2016 15:01:10] - |D| - [22278923] - C:\ProgramData\Epic
[13/07/2009 22:08:56] - |SHD| - [0] - C:\ProgramData\Favorites
[12/11/2015 11:09:23] - |D| - [288] - C:\ProgramData\ffhblSO
[24/07/2016 21:11:09] - |D| - [0] - C:\ProgramData\Futuremark
[19/09/2014 12:05:11] - |D| - [86] - C:\ProgramData\Glyph
[12/05/2014 13:06:32] - |D| - [12722] - C:\ProgramData\Google
[03/08/2014 18:37:00] - |D| - [446034] - C:\ProgramData\Hi-Rez Studios
[12/05/2014 13:07:50] - |D| - [1960565] - C:\ProgramData\Intel
[19/06/2015 12:02:51] - |D| - [255] - C:\ProgramData\LogiShrd
[15/04/2015 14:58:25] - |D| - [2954676628] - C:\ProgramData\Malwarebytes
[15/05/2014 19:42:19] - |D| - [557652] - C:\ProgramData\McAfee
[13/07/2009 20:20:08] - |SD| - [1701097261] - C:\ProgramData\Microsoft
[10/06/2014 15:51:38] - |D| - [0] - C:\ProgramData\Microsoft OneDrive
[10/06/2014 15:46:50] - |D| - [0] - C:\ProgramData\Microsoft SkyDrive
[26/07/2014 12:46:25] - |D| - [38498] - C:\ProgramData\Mozilla
[25/07/2016 23:44:30] - |D| - [2406605] - C:\ProgramData\NVIDIA
[12/05/2014 13:17:03] - |D| - [281814134] - C:\ProgramData\NVIDIA Corporation
[15/05/2014 15:32:21] - |D| - [82551925] - C:\ProgramData\Oracle
[06/10/2015 15:07:02] - |D| - [9246846] - C:\ProgramData\Origin
[29/08/2014 18:17:05] - |D| - [57674426] - C:\ProgramData\Package Cache
[30/05/2014 17:35:11] - |D| - [389379885] - C:\ProgramData\Razer
[17/06/2013 10:17:08] - |D| - [3211] - C:\ProgramData\regid.1991-06.com.microsoft
[12/11/2015 11:14:45] - |D| - [0] - C:\ProgramData\Reovssaefflo
[16/07/2014 09:17:12] - |D| - [39] - C:\ProgramData\Riot Games
[19/06/2016 20:21:25] - |D| - [1455] - C:\ProgramData\RzSurroundVAD_1.1.61.0
[15/05/2014 14:41:47] - |D| - [170979328] - C:\ProgramData\Skype
[13/07/2009 22:08:56] - |SHD| - [1392264] - C:\ProgramData\Start Menu
[15/05/2014 15:32:18] - |D| - [154] - C:\ProgramData\Sun
[15/05/2014 18:37:50] - |D| - [69] - C:\ProgramData\SystemRequirementsLab
[13/07/2009 22:08:56] - |SHD| - [0] - C:\ProgramData\Templates
[18/05/2014 11:45:17] - |D| - [84] - C:\ProgramData\WarThunder

---------- | C:\ProgramData\Microsoft\Windows\Start Menu

[21/12/2015 22:11:59] - |A| - [1129472] - C:\ProgramData\Microsoft\Windows\Start Menu\7Z.dll
[13/07/2009 22:01:14] - |A| - [1282] - C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
[13/07/2009 21:49:40] - |ASH| - [442] - C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini
[13/07/2009 20:20:08] - |RD| - [259802] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[13/07/2009 21:49:40] - |A| - [1266] - C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs

[13/07/2009 20:20:08] - |RD| - [43590] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
[13/07/2009 22:32:38] - |RD| - [18363] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[04/11/2015 19:11:11] - |A| - [2519] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[03/06/2015 17:36:55] - |D| - [1100] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
[07/11/2015 17:15:01] - |D| - [4256] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4
[21/12/2015 01:11:26] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
[16/04/2015 10:49:38] - |D| - [922] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[14/04/2015 21:26:57] - |D| - [1903] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
[12/05/2014 13:05:53] - |D| - [4737] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[20/07/2016 19:39:32] - |D| - [1222] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
[25/04/2016 01:26:13] - |D| - [1964] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
[13/07/2009 21:54:23] - |ASH| - [1130] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
[20/07/2016 11:33:10] - |D| - [2148] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Device Doctor
[24/06/2015 16:13:40] - |D| - [1098] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[15/10/2014 22:44:32] - |D| - [4629] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
[19/09/2015 20:29:57] - |D| - [7313] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA
[18/03/2016 15:01:11] - |A| - [1242] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
[14/05/2016 16:01:54] - |D| - [2679] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[24/07/2016 21:10:36] - |D| - [837] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Futuremark
[13/07/2009 22:32:38] - |RD| - [7450] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[17/04/2015 12:19:15] - |D| - [3007] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
[30/06/2016 19:25:33] - |A| - [2271] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[23/07/2014 14:40:34] - |D| - [1135] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
[30/01/2015 14:37:13] - |D| - [1161] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
[03/08/2014 18:38:13] - |D| - [4138] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hi-Rez Studios
[11/04/2016 15:48:17] - |D| - [4413] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InputMapper
[12/05/2014 13:09:51] - |D| - [2278] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[29/06/2016 16:04:53] - |D| - [2574] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
[29/06/2016 16:04:53] - |A| - [1370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
[04/11/2015 19:11:50] - |D| - [3919] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[26/07/2014 12:18:23] - |D| - [8474] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[06/03/2016 02:22:00] - |D| - [1808] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
[19/06/2015 12:01:37] - |D| - [923] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[13/07/2009 20:20:08] - |RD| - [4370] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
[15/05/2016 11:29:36] - |D| - [3691] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[09/11/2015 01:32:43] - |D| - [2975] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[17/06/2013 09:33:45] - |A| - [1345] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[10/06/2014 15:41:19] - |D| - [23802] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[29/06/2016 15:42:35] - |A| - [2117] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[11/04/2016 13:42:36] - |D| - [6584] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
[26/07/2014 12:46:31] - |A| - [1163] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[25/11/2014 21:22:44] - |D| - [1032] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mumble
[15/05/2014 19:18:02] - |D| - [1012] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCSOFT
[20/01/2016 13:26:20] - |D| - [1986] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
[06/10/2015 23:17:07] - |D| - [11121] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[20/07/2016 19:31:21] - |D| - [2766] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OCCT
[06/10/2015 15:07:01] - |D| - [2847] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[15/04/2016 10:18:19] - |D| - [1086] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
[13/07/2016 11:55:45] - |D| - [1121] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch Test
[21/03/2016 13:18:09] - |D| - [2034] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlaysTV
[22/07/2016 18:18:40] - |D| - [2795] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
[07/12/2014 00:40:53] - |D| - [1831] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall
[30/05/2014 17:36:23] - |D| - [3930] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
[13/07/2009 21:57:08] - |A| - [1330] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[08/12/2015 22:40:56] - |D| - [2137] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[24/07/2016 14:52:29] - |D| - [4444] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront
[06/10/2015 23:07:15] - |D| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STAR WARS Battlefront Beta
[09/04/2015 14:51:52] - |D| - [6159] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[13/07/2009 20:20:08] - |RD| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[15/05/2014 14:18:34] - |D| - [1043] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[12/04/2011 01:28:03] - |RHD| - [0] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
[15/05/2014 23:05:07] - |D| - [2020] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[28/08/2014 19:06:29] - |D| - [889] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ventrilo
[18/03/2016 16:09:05] - |D| - [2344] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
[13/07/2009 21:57:09] - |A| - [1352] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[17/06/2013 09:33:45] - |A| - [1326] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[13/07/2009 21:54:59] - |A| - [1210] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[13/07/2009 21:57:06] - |A| - [1547] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[16/04/2015 23:18:15] - |D| - [1182] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[17/09/2014 22:12:35] - |D| - [1103] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Beta
[09/04/2015 22:09:58] - |D| - [1164] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Classic
[15/05/2014 14:20:41] - |D| - [2951] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft Public Test
[13/07/2009 21:57:08] - |A| - [1246] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk

---------- | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

[13/07/2009 21:54:23] - |ASH| - [174] - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

---------- | C:\Program Files (x86)

[04/11/2015 19:11:11] - |D| - [2476622] - C:\Program Files (x86)\Apple Software Update
[17/04/2015 19:25:37] - |D| - [1025410] - C:\Program Files (x86)\Badosoft
[23/07/2014 09:24:04] - |D| - [418953449] - C:\Program Files (x86)\Battle.net
[07/11/2015 17:14:47] - |D| - [11486068] - C:\Program Files (x86)\Battlelog Web Plugins
[04/11/2015 19:10:58] - |D| - [514576] - C:\Program Files (x86)\Bonjour
[13/07/2009 20:20:08] - |D| - [320658057] - C:\Program Files (x86)\Common Files
[12/05/2014 13:05:29] - |D| - [24602247] - C:\Program Files (x86)\Creative
[20/07/2016 19:39:29] - |D| - [10533353] - C:\Program Files (x86)\CrystalDiskInfo
[13/07/2009 21:54:24] - |ASH| - [174] - C:\Program Files (x86)\desktop.ini
[20/07/2016 11:33:09] - |D| - [4798747] - C:\Program Files (x86)\Device Doctor
[24/06/2015 16:06:20] - |D| - [17032096940] - C:\Program Files (x86)\Diablo III
[15/10/2014 22:43:53] - |D| - [206921508] - C:\Program Files (x86)\DivX
[11/04/2016 15:48:17] - |D| - [5944826] - C:\Program Files (x86)\DSDCS
[19/09/2015 20:29:57] - |D| - [89179955] - C:\Program Files (x86)\Electronic Arts
[18/03/2016 15:01:07] - |D| - [366787909] - C:\Program Files (x86)\Epic Games
[24/07/2016 21:11:17] - |D| - [3611458] - C:\Program Files (x86)\Futuremark
[17/04/2015 12:19:13] - |D| - [8135531] - C:\Program Files (x86)\Geeks3D
[12/05/2014 13:06:32] - |D| - [499033394] - C:\Program Files (x86)\Google
[22/04/2015 12:34:38] - |D| - [44917951] - C:\Program Files (x86)\Grinding Gear Games
[23/07/2014 14:40:34] - |D| - [1401244706] - C:\Program Files (x86)\Hearthstone
[30/01/2015 14:27:24] - |D| - [10237910239] - C:\Program Files (x86)\Heroes of the Storm
[03/08/2014 18:37:49] - |D| - [134084722] - C:\Program Files (x86)\Hi-Rez Studios
[12/05/2014 12:03:24] - |HD| - [37946189] - C:\Program Files (x86)\InstallShield Installation Information
[12/05/2014 12:02:59] - |D| - [22060439] - C:\Program Files (x86)\Intel
[13/07/2009 20:20:08] - |D| - [10293442] - C:\Program Files (x86)\Internet Explorer
[04/11/2015 19:11:37] - |D| - [188211] - C:\Program Files (x86)\iTunes
[12/11/2015 11:13:51] - |D| - [59467491] - C:\Program Files (x86)\Malwarebytes Anti-Malware
[17/08/2015 13:57:15] - |D| - [2076760] - C:\Program Files (x86)\Microsoft
[15/10/2014 23:47:08] - |D| - [1670519] - C:\Program Files (x86)\Microsoft ASP.NET
[17/06/2013 10:17:06] - |D| - [1778634791] - C:\Program Files (x86)\Microsoft Office
[29/06/2016 15:42:19] - |D| - [1614600] - C:\Program Files (x86)\Microsoft Security Client
[10/06/2014 15:46:56] - |D| - [5659096] - C:\Program Files (x86)\Microsoft SkyDrive
[12/05/2014 12:00:59] - |D| - [8175999] - C:\Program Files (x86)\Microsoft.NET
[26/01/2015 17:05:34] - |D| - [87525840] - C:\Program Files (x86)\Mozilla Firefox
[26/07/2014 12:46:25] - |D| - [259211] - C:\Program Files (x86)\Mozilla Maintenance Service
[13/07/2009 22:32:38] - |D| - [25757] - C:\Program Files (x86)\MSBuild
[12/05/2014 12:02:52] - |D| - [4033320] - C:\Program Files (x86)\MSI
[25/11/2014 21:19:10] - |D| - [35515306] - C:\Program Files (x86)\Mumble
[12/11/2015 11:12:10] - |D| - [0] - C:\Program Files (x86)\MyRegCleaner
[15/05/2014 19:18:02] - |D| - [0] - C:\Program Files (x86)\NCSOFT
[20/01/2016 13:26:19] - |D| - [27708097] - C:\Program Files (x86)\NCWest
[12/05/2014 13:17:01] - |D| - [300035432] - C:\Program Files (x86)\NVIDIA Corporation
[20/07/2016 19:31:16] - |D| - [83389767] - C:\Program Files (x86)\OCCTPT
[12/11/2015 11:15:55] - |D| - [49629554] - C:\Program Files (x86)\Opera
[06/10/2015 15:07:00] - |D| - [248355040] - C:\Program Files (x86)\Origin
[06/10/2015 15:16:39] - |D| - [108230646063] - C:\Program Files (x86)\Origin Games
[15/04/2016 09:55:44] - |D| - [8228596922] - C:\Program Files (x86)\Overwatch
[13/07/2016 11:31:02] - |D| - [6716136782] - C:\Program Files (x86)\Overwatch Test
[15/05/2014 14:02:45] - |D| - [0] - C:\Program Files (x86)\Pando Networks
[24/09/2015 03:16:15] - |D| - [0] - C:\Program Files (x86)\Pluto TV
[10/10/2015 02:13:09] - |D| - [43841044817] - C:\Program Files (x86)\R.G. Mechanics
[07/12/2014 00:40:50] - |D| - [21484410] - C:\Program Files (x86)\RaidCall
[21/03/2016 13:17:58] - |D| - [256738406] - C:\Program Files (x86)\Raptr Inc
[30/05/2014 17:31:16] - |D| - [414699739] - C:\Program Files (x86)\Razer
[12/05/2014 12:03:25] - |D| - [7498453] - C:\Program Files (x86)\Realtek
[13/07/2009 22:32:38] - |D| - [36941569] - C:\Program Files (x86)\Reference Assemblies
[15/05/2014 14:41:51] - |RD| - [86277342] - C:\Program Files (x86)\Skype
[12/11/2015 11:02:57] - |D| - [308] - C:\Program Files (x86)\spaceplus_v136.8756
[09/04/2015 14:51:36] - |D| - [24821159300] - C:\Program Files (x86)\StarCraft II
[15/05/2014 14:18:33] - |D| - [99690603732] - C:\Program Files (x86)\Steam
[15/05/2014 18:37:50] - |D| - [1365001] - C:\Program Files (x86)\SystemRequirementsLab
[15/05/2014 23:05:06] - |D| - [55578181] - C:\Program Files (x86)\TeamSpeak 3 Client
[12/05/2014 12:03:35] - |HD| - [0] - C:\Program Files (x86)\Temp
[29/08/2014 17:49:09] - |D| - [822216] - C:\Program Files (x86)\Ubisoft
[13/07/2009 21:57:06] - |HD| - [0] - C:\Program Files (x86)\Uninstall Information
[28/08/2014 19:06:28] - |D| - [5736788] - C:\Program Files (x86)\Ventrilo
[12/11/2015 11:10:54] - |D| - [42348761] - C:\Program Files (x86)\VideoLAN
[18/03/2016 16:09:05] - |D| - [1512254] - C:\Program Files (x86)\VulkanRT
[13/07/2009 22:32:38] - |D| - [512000] - C:\Program Files (x86)\Windows Defender
[13/07/2009 20:20:08] - |D| - [6115840] - C:\Program Files (x86)\Windows Mail
[13/07/2009 22:32:38] - |D| - [5008657] - C:\Program Files (x86)\Windows Media Player
[13/07/2009 20:20:08] - |D| - [12062388] - C:\Program Files (x86)\Windows NT
[13/07/2009 22:32:38] - |D| - [4394248] - C:\Program Files (x86)\Windows Photo Viewer
[13/07/2009 22:32:38] - |D| - [189952] - C:\Program Files (x86)\Windows Portable Devices
[13/07/2009 22:32:38] - |D| - [5990148] - C:\Program Files (x86)\Windows Sidebar
[20/08/2014 16:54:29] - |D| - [35897233388] - C:\Program Files (x86)\World of Warcraft
[17/09/2014 21:05:09] - |D| - [34295495720] - C:\Program Files (x86)\World of Warcraft Beta
[09/04/2015 22:08:25] - |D| - [5390588832] - C:\Program Files (x86)\World of Warcraft Classic
[15/05/2014 14:20:40] - |D| - [57907795408] - C:\Program Files (x86)\World of Warcraft Public Test

---------- | C:\Program Files

[04/11/2015 19:10:58] - |D| - [597258] - C:\Program Files\Bonjour
[16/04/2015 10:49:37] - |D| - [15952704] - C:\Program Files\CCleaner
[13/07/2009 20:20:08] - |D| - [304170434] - C:\Program Files\Common Files
[14/04/2015 21:26:57] - |D| - [3110721] - C:\Program Files\CPUID
[25/04/2016 01:26:10] - |D| - [69740192] - C:\Program Files\DAUM
[13/07/2009 21:54:24] - |ASH| - [174] - C:\Program Files\desktop.ini
[15/10/2014 22:44:36] - |D| - [2126696] - C:\Program Files\DivX
[13/07/2009 22:32:38] - |D| - [90246164] - C:\Program Files\DVD Maker
[18/03/2016 15:06:01] - |D| - [11132615098] - C:\Program Files\Epic Games
[24/07/2016 21:10:33] - |D| - [481605587] - C:\Program Files\Futuremark
[12/05/2014 13:06:56] - |D| - [896096] - C:\Program Files\Google
[12/05/2014 13:07:31] - |D| - [37205270] - C:\Program Files\Intel
[13/07/2009 20:20:08] - |D| - [30247757] - C:\Program Files\Internet Explorer
[04/11/2015 19:11:37] - |D| - [3922459] - C:\Program Files\iPod
[04/11/2015 19:11:37] - |D| - [193141793] - C:\Program Files\iTunes
[26/07/2016 14:41:07] - |D| - [185249971] - C:\Program Files\Java
[19/06/2015 12:01:22] - |D| - [134196992] - C:\Program Files\Logitech Gaming Software
[13/07/2009 22:32:38] - |D| - [149182514] - C:\Program Files\Microsoft Games
[10/06/2014 15:40:36] - |D| - [2250809585] - C:\Program Files\Microsoft Office 15
[18/05/2014 19:39:04] - |D| - [28723515] - C:\Program Files\Microsoft Security Client
[11/04/2016 13:42:35] - |D| - [8046914] - C:\Program Files\Microsoft Xbox 360 Accessories
[13/07/2009 22:32:38] - |D| - [25757] - C:\Program Files\MSBuild
[12/05/2014 13:14:47] - |D| - [5294117437] - C:\Program Files\NVIDIA Corporation
[15/05/2014 14:00:48] - |D| - [30831344] - C:\Program Files\Realtek
[13/07/2009 22:32:38] - |D| - [34600617] - C:\Program Files\Reference Assemblies
[15/05/2014 19:42:53] - |D| - [0] - C:\Program Files\stinger
[13/07/2009 22:09:26] - |HD| - [0] - C:\Program Files\Uninstall Information
[13/07/2009 22:32:38] - |D| - [4016640] - C:\Program Files\Windows Defender
[12/04/2011 01:28:24] - |D| - [9173624] - C:\Program Files\Windows Journal
[13/07/2009 20:20:08] - |D| - [6602240] - C:\Program Files\Windows Mail
[13/07/2009 22:32:38] - |D| - [7665069] - C:\Program Files\Windows Media Player
[13/07/2009 20:20:08] - |D| - [12492468] - C:\Program Files\Windows NT
[13/07/2009 22:32:38] - |D| - [5492504] - C:\Program Files\Windows Photo Viewer
[13/07/2009 22:32:38] - |D| - [244736] - C:\Program Files\Windows Portable Devices
[13/07/2009 22:32:38] - |D| - [7040380] - C:\Program Files\Windows Sidebar

---------- | C:\Program Files (x86)\Common Files

[04/11/2015 19:10:41] - |D| - [129667150] - C:\Program Files (x86)\Common Files\Apple
[19/09/2015 20:29:57] - |D| - [905920] - C:\Program Files (x86)\Common Files\BioWare
[23/07/2015 11:58:08] - |D| - [14040] - C:\Program Files (x86)\Common Files\DESIGNER
[15/10/2014 22:44:26] - |D| - [91915991] - C:\Program Files (x86)\Common Files\DivX Shared
[06/10/2015 23:07:06] - |HD| - [8003154] - C:\Program Files (x86)\Common Files\EAInstaller
[12/05/2014 12:03:27] - |D| - [3869727] - C:\Program Files (x86)\Common Files\InstallShield
[26/07/2016 14:43:41] - |D| - [1973320] - C:\Program Files (x86)\Common Files\Java
[13/07/2009 20:20:08] - |D| - [25237167] - C:\Program Files (x86)\Common Files\microsoft shared
[12/05/2014 13:07:09] - |D| - [196972] - C:\Program Files (x86)\Common Files\postureAgent
[13/07/2009 20:20:08] - |D| - [2702] - C:\Program Files (x86)\Common Files\Services
[08/12/2015 22:40:56] - |D| - [2399872] - C:\Program Files (x86)\Common Files\Skype
[13/07/2009 20:20:08] - |D| - [41103783] - C:\Program Files (x86)\Common Files\SpeechEngines
[15/05/2014 14:18:34] - |D| - [1450064] - C:\Program Files (x86)\Common Files\Steam
[13/07/2009 20:20:08] - |D| - [10195955] - C:\Program Files (x86)\Common Files\System
[28/08/2014 19:05:44] - |D| - [3722240] - C:\Program Files (x86)\Common Files\Wise Installation Wizard

---------- | C:\Program Files\Common files

[04/11/2015 19:10:50] - |D| - [171037755] - C:\Program Files\Common files\Apple
[20/01/2016 15:35:17] - |D| - [0] - C:\Program Files\Common files\INCA Shared
[15/05/2014 19:42:26] - |D| - [0] - C:\Program Files\Common files\McAfee
[13/07/2009 20:20:08] - |D| - [120375558] - C:\Program Files\Common files\Microsoft Shared
[13/07/2009 20:20:08] - |D| - [2702] - C:\Program Files\Common files\Services
[13/07/2009 20:20:08] - |D| - [608768] - C:\Program Files\Common files\SpeechEngines
[13/07/2009 20:20:08] - |D| - [12145651] - C:\Program Files\Common files\System

---------- | Tasks

[MD5.F1A6CD5ADAAB953A6764EA364E17BFB8] - [13/07/2009 22:08:49] - |AH| - [6] - C:\Windows\Tasks\SA.DAT
[MD5.E4B5D7ADB28D3B156EAFFA7B23F2BA16] - [13/07/2009 22:08:49] - |A| - [32576] - C:\Windows\Tasks\SCHEDLGU.TXT
[MD5.00000000000000000000000000000000] - [04/11/2015 19:11:11] - |D| - [0] - C:\Windows\System32\Tasks\Apple
[MD5.00000000000000000000000000000000] - [13/07/2009 20:20:13] - |D| - [290974] - C:\Windows\System32\Tasks\Microsoft
[MD5.00000000000000000000000000000000] - [10/06/2014 15:42:28] - |D| - [4728] - C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
[MD5.00000000000000000000000000000000] - [13/07/2009 22:09:57] - |D| - [4486] - C:\Windows\System32\Tasks\WPD
[MD5.00000000000000000000000000000000] - [13/07/2009 20:20:14] - |D| - [0] - C:\Windows\Syswow64\Tasks\Microsoft

---------- | Firewall

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\FirewallRules]
"Netlogon-NamedPipe-In"=v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|LPort=445|App=System|Name=@netlogon.dll,-1003|Desc=@netlogon.dll,-1006|EmbedCtxt=@netlogon.dll,-1010|
"TCP Query User{D55AB257-5A8A-4104-8A69-AF1F4A68DF43}C:\users\sambone\appdata\roaming\utorrent\utorrent.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\users\sambone\appdata\roaming\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|
"UDP Query User{5B04C497-1F01-4DBD-BA62-15C6BD20B4DF}C:\users\sambone\appdata\roaming\utorrent\utorrent.exe"=v2.10|Action=Block|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\users\sambone\appdata\roaming\utorrent\utorrent.exe|Name=µTorrent|Desc=µTorrent|
"TCP Query User{E74A84FA-4CBD-4C4B-856C-6936931403FD}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefronttrial.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefronttrial.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User|
"UDP Query User{B1D12FFD-30FD-493A-88B7-D5B3A5225E88}C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefronttrial.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\origin games\star wars battlefront\starwarsbattlefronttrial.exe|Name=STAR WARS™ Battlefront™|Desc=STAR WARS™ Battlefront™|Defer=User|
"TCP Query User{D1978B65-4B39-4FF1-AE87-98AE5B5C5BF5}C:\program files (x86)\origin games\battlefield 4\bf4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\origin games\battlefield 4\bf4.exe|Name=Battlefield 4™|Desc=Battlefield 4™|Defer=User|
"UDP Query User{973D58A0-D09C-497E-A867-640781BA49CB}C:\program files (x86)\origin games\battlefield 4\bf4.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\origin games\battlefield 4\bf4.exe|Name=Battlefield 4™|Desc=Battlefield 4™|Defer=User|
"TCP Query User{E19B041A-29BC-4CA0-80FF-98DAF48A8305}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User|
"UDP Query User{E63E6403-A42C-4E5E-AE50-3E6539E9704A}C:\program files (x86)\overwatch\overwatch.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\program files (x86)\overwatch\overwatch.exe|Name=Overwatch Application|Desc=Overwatch Application|Defer=User|
"TCP Query User{A80137C5-6CBA-412B-A1EC-D72343F79773}C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|
"UDP Query User{8086F52E-78FA-489A-B2C4-2168ADE624EB}C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe"=v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe|Name=QuickDiag|Desc=QuickDiag|Defer=User|

[HKLM\SYSTEM\CurrentControlSet\Services\sharedaccess\Parameters\FirewallPolicy\standardprofile\authorizedapplications\list]
"C:\Users\Sambone\Downloads\adsfix_3_26.07.2016.3.exe"=C:\Users\Sambone\Downloads\adsfix_3_26.07.2016.3.exe:*:Enabled:adsfix_3_26.07.2016.3
"C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe"=C:\Users\Sambone\Downloads\quickdiag_2_24.07.2016.1.exe:*:Enabled:quickdiag_2_24.07.2016.1


---------- | Control\Class

[HKLM\SYSTEM\CurrentControlSet\Control\Class\{0475BB51-5A02-4EE0-B36C-29040FAD2650}] : (nvlddmkm) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{1264760F-A5C8-4BFE-B314-D56A7B44A362}] : (DXGKrnl) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{25DBCE51-6C8F-4A72-8A6D-B54C2B4FC835}] : (WCEUSBS) []  -> @%SystemRoot%\System32\SysClass.Dll,-3026
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}] : (USB) []  -> @%SystemRoot%\System32\SysClass.Dll,-3025
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4116F60B-25B3-4662-B732-99A6111EDC0B}] : (IPMIDRV) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{43675D81-502A-4A82-9F84-B75F418C5DEA}] : (Media Center Extender) []  -> @%SystemRoot%\system32\McxDriv.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4658EE7E-F050-11D1-B6BD-00C04FA372A7}] : (PnpPrinters) []  -> @%systemroot%\system32\ntprint.dll,-1300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{48721B56-6795-11D2-B1A8-0080C72E74A2}] : (Dot4) []  -> @%SystemRoot%\system32\sysclass.dll,-3023
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{49CE6AC8-6F86-11D2-B1E5-0080C72E74A2}] : (Dot4Print) []  -> @%SystemRoot%\system32\sysclass.dll,-3024
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}] : (CDROM) []  -> @%SystemRoot%\System32\StorProp.dll,-17001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E966-E325-11CE-BFC1-08002BE10318}] : (Computer) []  -> @%SystemRoot%\System32\SysClass.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}] : (DiskDrive) []  -> @%SystemRoot%\System32\StorProp.dll,-17000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}] : (Display) []  -> @DispCI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}] : (fdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3013
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}] : (hdc) []  -> @%SystemRoot%\System32\SysClass.Dll,-3001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96B-E325-11CE-BFC1-08002BE10318}] : (Keyboard) []  -> @%SystemRoot%\System32\SysClass.Dll,-3002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96C-E325-11CE-BFC1-08002BE10318}] : (MEDIA) []  -> @mmci.dll,-3000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] : (Modem) []  -> @%SystemRoot%\System32\mdminst.dll,-14100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96E-E325-11CE-BFC1-08002BE10318}] : (Monitor) []  -> @Montr_CI.dll,-3100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96F-E325-11CE-BFC1-08002BE10318}] : (Mouse) []  -> @%SystemRoot%\System32\SysClass.Dll,-3004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E970-E325-11CE-BFC1-08002BE10318}] : (MTD) []  -> @SysClass.Dll,-3021
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E971-E325-11CE-BFC1-08002BE10318}] : (MultiFunction) []  -> @%SystemRoot%\System32\SysClass.Dll,-3014
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}] : (Net) []  -> @NetCfgx.dll,-1502
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E973-E325-11CE-BFC1-08002BE10318}] : (NetClient) []  -> @NetCfgx.dll,-1504
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E974-E325-11CE-BFC1-08002BE10318}] : (NetService) []  -> @NetCfgx.dll,-1505
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E975-E325-11CE-BFC1-08002BE10318}] : (NetTrans) []  -> @NetCfgx.dll,-1503
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E977-E325-11CE-BFC1-08002BE10318}] : (PCMCIA) []  -> @%SystemRoot%\System32\SysClass.Dll,-3010
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E978-E325-11CE-BFC1-08002BE10318}] : (Ports) []  -> @%SystemRoot%\System32\msports.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E979-E325-11CE-BFC1-08002BE10318}] : (Printer) []  -> @%systemroot%\system32\ntprint.dll,-1004
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}] : (SCSIAdapter) []  -> @%SystemRoot%\System32\SysClass.Dll,-3005
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}] : (System) []  -> @%SystemRoot%\System32\SysClass.Dll,-3008
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}] : (Unknown) []  -> @%SystemRoot%\System32\SysClass.Dll,-3009
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}] : (FloppyDisk) []  -> @%SystemRoot%\System32\SysClass.Dll,-3015
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50127DC3-0F36-415E-A6CC-4CB3BE910B65}] : (Processor) []  -> @%SystemRoot%\system32\procinst.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50906CB8-BA12-11D1-BF5D-0000F805F530}] : (MultiPortSerial) []  -> @%SystemRoot%\system32\sysclass.dll,-3022
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5099944A-F6B9-4057-A056-8C550228544C}] : (Memory) []  -> @%SystemRoot%\System32\SysClass.Dll,-3018
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] : (SmartCardReader) []  -> @StorProp.dll,-17002
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{5175D334-C371-4806-B3BA-71FD53C9258D}] : (Sensor) []  -> @%systemroot%\system32\SensorsCpl.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : (VolumeSnapshot) []  -> @%SystemRoot%\System32\SysClass.Dll,-3011
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{53D29EF7-377C-4D14-864B-EB3A85769359}] : (BiometricDevice) []  -> @%SystemRoot%\System32\SysClass.DLL,-3028
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] : (1394) []  -> @%SystemRoot%\System32\SysClass.Dll,-3016
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC5-810F-11D0-BEC7-08002BE2092F}] : (Infrared) []  -> @NetCfgx.dll,-1501
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6BDD1FC6-810F-11D0-BEC7-08002BE2092F}] : (Image) []  -> @%systemroot%\system32\sti_ci.dll,-52
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6D807884-7D21-11CF-801C-08002BE10318}] : (TapeDrive) []  -> @%SystemRoot%\System32\SysClass.Dll,-3006
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{6FAE73B7-B735-4B50-A0DA-0DC2484B1F1A}] : (nvlddmkm) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] : (Volume) []  -> @%SystemRoot%\System32\SysClass.Dll,-3007
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{72631E54-78A4-11D0-BCF7-00AA00B7B32A}] : (Battery) []  -> @%SystemRoot%\system32\batt.dll,-100
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] : (HIDClass) []  -> @hid.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{7EBEFBC0-3200-11D2-B4C2-00A0C9697D07}] : (61883) []  -> @%SystemRoot%\System32\SysClass.Dll,-3019
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}] : (LegacyDriver) []  -> @%SystemRoot%\System32\SysClass.Dll,-3003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{990A2BD7-E738-46C7-B26F-1CF8FB9F1391}] : (SmartCard) []  -> @sccls.dll,-300
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{997B5D8D-C442-4F2E-BAF3-9C8E671E9E21}] : (SideShow) []  -> @%systemroot%\system32\AuxiliaryDisplayClassInstaller.dll,-10000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A0A588A4-C46F-4B37-B7EA-C82FE89870C6}] : (SDHost) []  -> @%SystemRoot%\System32\SysClass.Dll,-3012
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{A73C93F1-9727-4D1D-ACE1-0E333BA4E7DB}] : (nvlddmkm) []  -> 
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{BC103702-DD72-406F-9B28-95C868337B59}] : (Transfer Cable) []  -> @%SystemRoot%\System32\migwiz\migres.dll,-20
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{C06FF265-AE09-48F0-812C-16753D7CBA83}] : (AVC) []  -> @%SystemRoot%\System32\SysClass.Dll,-3027
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{CE5939AE-EBDE-11D0-B181-0000F8753EC4}] : (MediumChanger) []  -> @%SystemRoot%\System32\StorProp.dll,-17003
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] : (SBP2) []  -> @%SystemRoot%\System32\SysClass.Dll,-3017
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D61CA365-5AF4-4486-998B-9DB4734C6CA3}] : (XnaComposite) []  -> @%SystemRoot%\system32\XInput9_1_0.dll,-1000
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] : (SecurityDevices) []  -> @%SystemRoot%\System32\SysClass.Dll,-3020
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{DB4F6DDD-9C0E-45E4-9597-78DBBAD0F412}] : (SmartCardFilter) []  -> @sccls.dll,-301
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{E0CBF06C-CD8B-4647-BB8A-263B43F0F974}] : (Bluetooth) []  -> @%SystemRoot%\system32\bthci.dll,-4001
[HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEC5AD98-8080-425F-922A-DABF3DE3F69A}] : (WPD) []  -> @wpd_ci.dll,-101
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{2D64B439-6CAF-4f6b-B688-E5D0F4FAA7D7}] : (Script Detection) [@elscore.dll,-2]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{A22D52C1-DBFD-40cb-AE78-E3BA9EE1D88F}] : (Transliteration) [@elscore.dll,-5]  -> elstrans.dll (Copyright (c) Microsoft Corporation.)
[HKLM\SYSTEM\CurrentControlSet\Control\Els\Services\{CF7E00B1-909B-4d95-A8F4-611F7C377702}] : (Language Detection) [@elscore.dll,-1]  -> ElsLad.dll (Copyright (c) Microsoft Corporation.)

---------- | Loaded modules (whitelist)

[29/06/2016 15:59:45] - (8.98.0.0) - (REALiX(tm) - HWiNFO AMD64 Kernel Driver) - C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
[26/07/2016 14:21:07] - (10.18.13.6881) - (NVIDIA Corporation - NVIDIA Windows Kernel Mode Driver, Version 368.81) - C:\Windows\system32\DRIVERS\nvlddmkm.sys
[01/08/2013 17:01:32] - (1.0.8.0) - ( - Intel(R) Smart Connect Technology Device Driver) - C:\Windows\system32\DRIVERS\ISCTD64.sys
[15/02/2016 00:57:36] - (6.1.7600.16385) - (Windows (R) Win 7 DDK provider - RazerSurround VAD Audio driver) - C:\Windows\system32\drivers\RzSurroundVAD.sys
[19/05/2013 03:02:52] - (1.0.0.103) - (Scarlet.Crush Productions - Scp Virtual Bus Driver) - C:\Windows\system32\DRIVERS\ScpVBus.sys
[05/05/2016 10:38:10] - (1.2.40.0) - (NVIDIA Corporation - NVIDIA Virtual Audio Driver) - C:\Windows\system32\drivers\nvvad64v.sys
[24/07/2016 11:26:29] - (1.3.34.15) - (NVIDIA Corporation - NVIDIA HDMI Audio Driver) - C:\Windows\system32\drivers\nvhda64v.sys
[15/05/2014 14:00:28] - (6.10.0.8) - (Creative Technology Ltd. - Creative Audio Driver) - C:\Windows\system32\drivers\MBfilt64.sys
[13/08/2015 08:19:08] - (1.0.38.0) - (Razer Inc - Razer RzEndPt) - C:\Windows\system32\DRIVERS\rzendpt.sys
[13/08/2015 08:19:08] - (1.0.38.0) - (Razer Inc - Razer Rzudd Engine) - C:\Windows\system32\DRIVERS\rzudd.sys
[01/08/2013 17:01:34] - (1.0.11.0) - ( - Intel Mouse Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\imsevent.sys
[01/08/2013 17:01:32] - (1.0.11.0) - ( - Intel Keyboard Class Upper Filter Driver) - C:\Windows\system32\DRIVERS\ikbevent.sys
[14/04/2015 14:15:22] - (5.1.2.241) - (Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver) - C:\Windows\System32\ATMFD.DLL
[01/02/2015 20:55:32] - (1.0.2.7482) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpmgrk.sys
[01/02/2015 20:55:45] - (1.0.12.7465) - (Razer, Inc. - Razer Overlay Support) - C:\Windows\system32\drivers\rzpnk.sys
[13/07/2009 19:36:07] - (4.3.86.0) - (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. - Macrovision SECURITY Driver) - C:\Windows\System32\Drivers\secdrv.SYS
[06/10/2015 23:16:59] - (7.1.2081.7726) - (NVIDIA Corporation - Nvidia Streaming Kernel Service) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys

---------- | LoadOrderGroup

Name: System Reserved - DriverEnabled: True - GroupOrder: 1 - Status: OK
Name: EMS - DriverEnabled: True - GroupOrder: 2 - Status: OK
Name: WdfLoadGroup - DriverEnabled: True - GroupOrder: 3 - Status: OK
Name: Boot Bus Extender - DriverEnabled: True - GroupOrder: 4 - Status: OK
Name: System Bus Extender - DriverEnabled: True - GroupOrder: 5 - Status: OK
Name: SCSI miniport - DriverEnabled: True - GroupOrder: 6 - Status: OK
Name: Port - DriverEnabled: True - GroupOrder: 7 - Status: OK
Name: Primary Disk - DriverEnabled: True - GroupOrder: 8 - Status: OK
Name: SCSI Class - DriverEnabled: True - GroupOrder: 9 - Status: OK
Name: SCSI CDROM Class - DriverEnabled: True - GroupOrder: 10 - Status: OK
Name: FSFilter Infrastructure - DriverEnabled: True - GroupOrder: 11 - Status: OK
Name: FSFilter System - DriverEnabled: True - GroupOrder: 12 - Status: OK
Name: FSFilter Bottom - DriverEnabled: True - GroupOrder: 13 - Status: OK
Name: FSFilter Copy Protection - DriverEnabled: True - GroupOrder: 14 - Status: OK
Name: FSFilter Security Enhancer - DriverEnabled: True - GroupOrder: 15 - Status: OK
Name: FSFilter Open File - DriverEnabled: True - GroupOrder: 16 - Status: OK
Name: FSFilter Physical Quota Management - DriverEnabled: True - GroupOrder: 17 - Status: OK
Name: FSFilter Virtualization - DriverEnabled: True - GroupOrder: 18 - Status: OK
Name: FSFilter Encryption - DriverEnabled: True - GroupOrder: 19 - Status: OK
Name: FSFilter Compression - DriverEnabled: True - GroupOrder: 20 - Status: OK
Name: FSFilter Imaging - DriverEnabled: True - GroupOrder: 21 - Status: OK
Name: FSFilter HSM - DriverEnabled: True - GroupOrder: 22 - Status: OK
Name: FSFilter Cluster File System - DriverEnabled: True - GroupOrder: 23 - Status: OK
Name: FSFilter System Recovery - DriverEnabled: True - GroupOrder: 24 - Status: OK
Name: FSFilter Quota Management - DriverEnabled: True - GroupOrder: 25 - Status: OK
Name: FSFilter Content Screener - DriverEnabled: True - GroupOrder: 26 - Status: OK
Name: FSFilter Continuous Backup - DriverEnabled: True - GroupOrder: 27 - Status: OK
Name: FSFilter Replication - DriverEnabled: True - GroupOrder: 28 - Status: OK
Name: FSFilter Anti-Virus - DriverEnabled: True - GroupOrder: 29 - Status: OK
Name: FSFilter Undelete - DriverEnabled: True - GroupOrder: 30 - Status: OK
Name: FSFilter Activity Monitor - DriverEnabled: True - GroupOrder: 31 - Status: OK
Name: FSFilter Top - DriverEnabled: True - GroupOrder: 32 - Status: OK
Name: Filter - DriverEnabled: True - GroupOrder: 33 - Status: OK
Name: Boot File System - DriverEnabled: True - GroupOrder: 34 - Status: OK
Name: Base - DriverEnabled: True - GroupOrder: 35 - Status: OK
Name: Pointer Port - DriverEnabled: True - GroupOrder: 36 - Status: OK
Name: Keyboard Port - DriverEnabled: True - GroupOrder: 37 - Status: OK
Name: Pointer Class - DriverEnabled: True - GroupOrder: 38 - Status: OK
Name: Keyboard Class - DriverEnabled: True - GroupOrder: 39 - Status: OK
Name: Video Init - DriverEnabled: True - GroupOrder: 40 - Status: OK
Name: Video - DriverEnabled: True - GroupOrder: 41 - Status: OK
Name: Video Save - DriverEnabled: True - GroupOrder: 42 - Status: OK
Name: File System - DriverEnabled: True - GroupOrder: 43 - Status: OK
Name: Streams Drivers - DriverEnabled: True - GroupOrder: 44 - Status: OK
Name: NDIS Wrapper - DriverEnabled: True - GroupOrder: 45 - Status: OK
Name: COM Infrastructure - DriverEnabled: True - GroupOrder: 46 - Status: OK
Name: Event Log - DriverEnabled: True - GroupOrder: 47 - Status: OK
Name: AudioGroup - DriverEnabled: True - GroupOrder: 48 - Status: OK
Name: ProfSvc_Group - DriverEnabled: True - GroupOrder: 49 - Status: OK
Name: UIGroup - DriverEnabled: True - GroupOrder: 50 - Status: OK
Name: MS_WindowsLocalValidation - DriverEnabled: True - GroupOrder: 51 - Status: OK
Name: PlugPlay - DriverEnabled: True - GroupOrder: 52 - Status: OK
Name: Cryptography - DriverEnabled: True - GroupOrder: 53 - Status: OK
Name: PNP_TDI - DriverEnabled: True - GroupOrder: 54 - Status: OK
Name: NDIS - DriverEnabled: True - GroupOrder: 55 - Status: OK
Name: TDI - DriverEnabled: True - GroupOrder: 56 - Status: OK
Name: iSCSI - DriverEnabled: True - GroupOrder: 57 - Status: OK
Name: NetBIOSGroup - DriverEnabled: True - GroupOrder: 58 - Status: OK
Name: ShellSvcGroup - DriverEnabled: True - GroupOrder: 59 - Status: OK
Name: SchedulerGroup - DriverEnabled: True - GroupOrder: 60 - Status: OK
Name: SpoolerGroup - DriverEnabled: True - GroupOrder: 61 - Status: OK
Name: SmartCardGroup - DriverEnabled: True - GroupOrder: 62 - Status: OK
Name: NetworkProvider - DriverEnabled: True - GroupOrder: 63 - Status: OK
Name: MS_WindowsRemoteValidation - DriverEnabled: True - GroupOrder: 64 - Status: OK
Name: NetDDEGroup - DriverEnabled: True - GroupOrder: 65 - Status: OK
Name: Parallel arbitrator - DriverEnabled: True - GroupOrder: 66 - Status: OK
Name: Extended Base - DriverEnabled: True - GroupOrder: 67 - Status: OK
Name: PCI Configuration - DriverEnabled: True - GroupOrder: 68 - Status: OK
Name: MS Transactions - DriverEnabled: True - GroupOrder: 69 - Status: OK
Name: PnP Filter - DriverEnabled: False - GroupOrder: 70 - Status: OK
Name: Network - DriverEnabled: False - GroupOrder: 71 - Status: OK

---------- | LoadOrderGroupServiceDependencies

LoadOrderGroup.Name="NetBIOSGroup" - Service.Name="RemoteAccess"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdfs"

---------- | LoadOrderGroupServiceMembers

LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="AppIDSvc"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioEndpointBuilder"
LoadOrderGroup.Name="AudioGroup" - Service.Name="AudioSrv"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="BFE"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="Browser"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="DcomLaunch"
LoadOrderGroup.Name="TDI" - Service.Name="Dhcp"
LoadOrderGroup.Name="TDI" - Service.Name="Dnscache"
LoadOrderGroup.Name="TDI" - Service.Name="dot3svc"
LoadOrderGroup.Name="Event Log" - Service.Name="eventlog"
LoadOrderGroup.Name="AudioGroup" - Service.Name="FontCache"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="ACPI"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adp94xx"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpahci"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="adpu320"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="AFD"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="agp440"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="aliide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="amdide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdK8"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="AmdPPM"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdsata"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="amdsbs"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="amdxata"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="arc"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="arcsas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="atapi"
LoadOrderGroup.Name="base" - SystemDriver.Name="b06bdrv"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="b57nd60a"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Beep"
LoadOrderGroup.Name="Network" - SystemDriver.Name="bowser"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="BrFiltLo"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="BrFiltUp"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="cdfs"
LoadOrderGroup.Name="SCSI CDROM Class" - SystemDriver.Name="cdrom"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="circlass"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="CLFS"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="cmdide"
LoadOrderGroup.Name="Base" - SystemDriver.Name="CNG"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="Compbatt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="CompositeBus"
LoadOrderGroup.Name="Pnp Filter" - SystemDriver.Name="crcdisk"
LoadOrderGroup.Name="Network" - SystemDriver.Name="DfsC"
LoadOrderGroup.Name="Video Init" - SystemDriver.Name="DXGKrnl"
LoadOrderGroup.Name="base" - SystemDriver.Name="ebdrv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="elxstor"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ErrDev"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="exfat"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="gpsvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="LanmanWorkstation"
LoadOrderGroup.Name="TDI" - Service.Name="lmhosts"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="MpsSvc"
LoadOrderGroup.Name="iSCSI" - Service.Name="MSiSCSI"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="MsMpSvc"
LoadOrderGroup.Name="MS_WindowsRemoteValidation" - Service.Name="Netlogon"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="fastfat"
LoadOrderGroup.Name="FSFilter Bottom" - SystemDriver.Name="FileInfo"
LoadOrderGroup.Name="FSFilter Activity Monitor" - SystemDriver.Name="Filetrace"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="FltMgr"
LoadOrderGroup.Name="Filter" - SystemDriver.Name="FsDepends"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="fvevol"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="gagp30kx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="hcw85cir"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="HDAudBus"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidBth"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidIr"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="HidUsb"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="HpSAMD"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="i8042prt"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iaStorV"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="iirsp"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="intelide"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="intelppm"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="isapnp"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="iusb3hcs"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iusb3hub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="iusb3xhc"
LoadOrderGroup.Name="Keyboard Class" - SystemDriver.Name="kbdclass"
LoadOrderGroup.Name="Keyboard Port" - SystemDriver.Name="kbdhid"
LoadOrderGroup.Name="Base" - SystemDriver.Name="KSecDD"
LoadOrderGroup.Name="Cryptography" - SystemDriver.Name="KSecPkg"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="ksthunk"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="LGBusEnum"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="LGVirHid"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="lltdio"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_FC"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS"
LoadOrderGroup.Name="Video" - Service.Name="nvsvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="PlugPlay"
LoadOrderGroup.Name="Plugplay" - Service.Name="Power"
LoadOrderGroup.Name="profsvc_group" - Service.Name="ProfSvc"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcEptMapper"
LoadOrderGroup.Name="COM Infrastructure" - Service.Name="RpcSs"
LoadOrderGroup.Name="MS_WindowsLocalValidation" - Service.Name="SamSs"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="SCardSvr"
LoadOrderGroup.Name="SchedulerGroup" - Service.Name="Schedule"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="SENS"
LoadOrderGroup.Name="ShellSvcGroup" - Service.Name="ShellHWDetection"
LoadOrderGroup.Name="SpoolerGroup" - Service.Name="Spooler"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SAS2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="LSI_SCSI"
LoadOrderGroup.Name="FSFilter Virtualization" - SystemDriver.Name="luafv"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="megasas"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="MegaSR"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MEIx64"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Modem"
LoadOrderGroup.Name="Pointer Class" - SystemDriver.Name="mouclass"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="mouhid"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="mountmgr"
LoadOrderGroup.Name="FSFilter Anti-Virus" - SystemDriver.Name="MpFilter"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="mpio"
LoadOrderGroup.Name="network" - SystemDriver.Name="mpsdrv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb10"
LoadOrderGroup.Name="Network" - SystemDriver.Name="mrxsmb20"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="msahci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="msdsm"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Msfs"
LoadOrderGroup.Name="Base" - SystemDriver.Name="mshidkmdf"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="msisadrv"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSKSSRV"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPCLOCK"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSPQM"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MSTEE"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="MTConfig"
LoadOrderGroup.Name="Network" - SystemDriver.Name="Mup"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NativeWifiP"
LoadOrderGroup.Name="NDIS Wrapper" - SystemDriver.Name="NDIS"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="NdisCap"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Ndisuio"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NDProxy"
LoadOrderGroup.Name="NetBIOSGroup" - SystemDriver.Name="NetBIOS"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="NetBT"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="netr28ux"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nfrd960"
LoadOrderGroup.Name="File system" - SystemDriver.Name="Npfs"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="Ntfs"
LoadOrderGroup.Name="Base" - SystemDriver.Name="Null"
LoadOrderGroup.Name="Video" - SystemDriver.Name="nvlddmkm"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="nvraid"
LoadOrderGroup.Name="Video" - Service.Name="Stereo Service"
LoadOrderGroup.Name="PlugPlay" - Service.Name="TabletInputService"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="Themes"
LoadOrderGroup.Name="ProfSvc_Group" - Service.Name="TrustedInstaller"
LoadOrderGroup.Name="UIGroup" - Service.Name="UxSms"
LoadOrderGroup.Name="SmartCardGroup" - Service.Name="WbioSrvc"
LoadOrderGroup.Name="NetworkProvider" - Service.Name="WebClient"
LoadOrderGroup.Name="TDI" - Service.Name="Wlansvc"
LoadOrderGroup.Name="PlugPlay" - Service.Name="wudfsvc"
LoadOrderGroup.Name="TDI" - Service.Name="WwanSvc"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="nvstor"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="nv_agp"
LoadOrderGroup.Name="Parallel arbitrator" - SystemDriver.Name="Parport"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="partmgr"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="pci"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pciide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="pcmcia"
LoadOrderGroup.Name="Base" - SystemDriver.Name="pcw"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="Processor"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="Psched"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ql2300"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="ql40xx"
LoadOrderGroup.Name="Streams Drivers" - SystemDriver.Name="RasAcd"
LoadOrderGroup.Name="Network" - SystemDriver.Name="rdbss"
LoadOrderGroup.Name="Video Save" - SystemDriver.Name="RDPCDD"
LoadOrderGroup.Name="Video Save" - SystemDriver.Name="RDPENCDD"
LoadOrderGroup.Name="Video Save" - SystemDriver.Name="RDPREFMP"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="rdyboost"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="rspndr"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="RTL8167"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="rzendpt"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="scfilter"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="ScpVBus"
LoadOrderGroup.Name="PNP Filter" - SystemDriver.Name="Serenum"
LoadOrderGroup.Name="Extended base" - SystemDriver.Name="Serial"
LoadOrderGroup.Name="Pointer Port" - SystemDriver.Name="sermouse"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid2"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="SiSRaid4"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Smb"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srv2"
LoadOrderGroup.Name="Network" - SystemDriver.Name="srvnet"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="stexstor"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="Tcpip"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="tdx"
LoadOrderGroup.Name="base" - SystemDriver.Name="TsUsbFlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="TsUsbGD"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="tunnel"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uagp35"
LoadOrderGroup.Name="Boot File System" - SystemDriver.Name="udfs"
LoadOrderGroup.Name="PnP Filter" - SystemDriver.Name="uliagpkx"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="umbus"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="UmPass"
LoadOrderGroup.Name="Base" - SystemDriver.Name="USBAAPL64"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbccgp"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="usbcir"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbehci"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbhub"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbohci"
LoadOrderGroup.Name="extended base" - SystemDriver.Name="usbprint"
LoadOrderGroup.Name="Base" - SystemDriver.Name="usbuhci"
LoadOrderGroup.Name="Boot Bus Extender" - SystemDriver.Name="vdrvroot"
LoadOrderGroup.Name="Video" - SystemDriver.Name="vga"
LoadOrderGroup.Name="Video Save" - SystemDriver.Name="VgaSave"
LoadOrderGroup.Name="SCSI miniport" - SystemDriver.Name="vhdmp"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="viaide"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgr"
LoadOrderGroup.Name="System Bus Extender" - SystemDriver.Name="volmgrx"
LoadOrderGroup.Name="SCSI Miniport" - SystemDriver.Name="vsmraid"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="vwififlt"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WacomPen"
LoadOrderGroup.Name="WdfLoadGroup" - SystemDriver.Name="Wdf01000"
LoadOrderGroup.Name="NDIS" - SystemDriver.Name="WfpLwf"
LoadOrderGroup.Name="FSFilter Infrastructure" - SystemDriver.Name="WIMMount"
LoadOrderGroup.Name="Extended Base" - SystemDriver.Name="WmiAcpi"
LoadOrderGroup.Name="PNP_TDI" - SystemDriver.Name="ws2ifsl"
LoadOrderGroup.Name="base" - SystemDriver.Name="WudfPf"

---------- | Services | 0 : Starting up | 1 : System | 2 : Automatic | 3 : Manual | 4 : Disabled | R : Running service | S : Stopped service

R0 - ACPI (Microsoft ACPI Driver) -> system32\drivers\ACPI.sys
R0 - amdxata () -> system32\drivers\amdxata.sys
R0 - atapi (IDE Channel) -> system32\drivers\atapi.sys
R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) -> System32\CLFS.sys
R0 - CNG () -> System32\Drivers\cng.sys
R0 - Disk (Disk Driver) -> system32\drivers\disk.sys
R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) -> system32\drivers\fileinfo.sys
R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) -> system32\drivers\fltmgr.sys
S0 - Fs_Rec () -> (?)
R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) -> System32\DRIVERS\fvevol.sys
R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) -> System32\drivers\hwpolicy.sys
R0 - iusb3hcs (Intel(R) USB 3.0 Host Controller Switch Driver) -> system32\DRIVERS\iusb3hcs.sys
R0 - KSecDD () -> System32\Drivers\ksecdd.sys
R0 - KSecPkg () -> System32\Drivers\ksecpkg.sys
R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) -> System32\drivers\mountmgr.sys
R0 - MpFilter (Microsoft Malware Protection Driver) -> system32\DRIVERS\MpFilter.sys
R0 - msahci () -> system32\drivers\msahci.sys
R0 - msisadrv () -> system32\drivers\msisadrv.sys
R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) -> System32\Drivers\mup.sys
R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) -> system32\drivers\ndis.sys
R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) -> System32\drivers\partmgr.sys
R0 - pci (PCI Bus Driver) -> system32\drivers\pci.sys
R0 - pcw (Performance Counters for Windows Driver) -> System32\drivers\pcw.sys
R0 - rdyboost (ReadyBoost) -> System32\drivers\rdyboost.sys
R0 - spldr (Security Processor Loader Driver) -> (?)
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) -> System32\drivers\tcpip.sys
R0 - vdrvroot (Microsoft Virtual Drive Enumerator Driver) -> system32\drivers\vdrvroot.sys
R0 - volmgr (Volume Manager Driver) -> system32\drivers\volmgr.sys
R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) -> System32\drivers\volmgrx.sys
R0 - volsnap (Storage volumes) -> system32\drivers\volsnap.sys
R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) -> system32\drivers\Wdf01000.sys
R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) -> \SystemRoot\system32\drivers\afd.sys
R1 - Beep (Beep) -> (?)
R1 - blbdrive () -> system32\DRIVERS\blbdrive.sys
R1 - cdrom (CD-ROM Driver) -> system32\DRIVERS\cdrom.sys
R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) -> System32\Drivers\dfsc.sys
R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) -> System32\drivers\discache.sys
R1 - HWiNFO32 (HWiNFO32/64 Kernel Driver) -> \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
R1 - Msfs () -> (?)
R1 - mssmbios (Microsoft System Management BIOS Driver) -> system32\DRIVERS\mssmbios.sys
R1 - NetBIOS (NetBIOS Interface) -> system32\DRIVERS\netbios.sys
R1 - NetBT (@%SystemRoot%\system32\drivers\netbt.sys,-2) -> System32\DRIVERS\netbt.sys
R1 - Npfs () -> (?)
R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) -> system32\drivers\nsiproxy.sys
R1 - Null () -> (?)
R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) -> system32\DRIVERS\pacer.sys
R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) -> system32\DRIVERS\rdbss.sys
R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) -> System32\DRIVERS\RDPCDD.sys
R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) -> system32\drivers\rdpencdd.sys
R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) -> system32\drivers\rdprefmp.sys
S1 - Serial (Serial port driver) -> system32\DRIVERS\serial.sys
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) -> system32\DRIVERS\tdx.sys
R1 - TermDD (Terminal Device Driver) -> system32\DRIVERS\termdd.sys
R1 - VgaSave () -> \SystemRoot\System32\drivers\vga.sys
R1 - vwififlt (Virtual WiFi Filter Driver) -> system32\DRIVERS\vwififlt.sys
R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) -> system32\DRIVERS\wanarp.sys
R1 - WfpLwf (WFP Lightweight Filter) -> system32\DRIVERS\wfplwf.sys
R1 - ws2ifsl (Windows Socket 2.0 Non-IFS Service Provider Support Environment) -> \SystemRoot\system32\drivers\ws2ifsl.sys
R2 - Apple Mobile Device Service (Apple Mobile Device Service) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) -> %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - Bonjour Service (Bonjour Service) -> "C:\Program Files\Bonjour\mDNSResponder.exe"
R2 - c2cautoupdatesvc (Skype Click to Call Updater) -> "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service
R2 - c2cpnrsvc (Skype Click to Call PNR Service) -> "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service
R2 - ClickToRunSvc (Microsoft Office ClickToRun Service) -> "C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe" /service
S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DcomLaunch (@oleres.dll,-5012) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) -> %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DPS (@%systemroot%\system32\dps.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R2 - GfExperienceService (NVIDIA GeForce Experience Service) -> "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe"
R2 - gpsvc (@gpapi.dll,-112) -> %systemroot%\system32\svchost.exe -k netsvcs
S2 - gupdate (Google Update Service (gupdate)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc
R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) -> %SystemRoot%\System32\svchost.exe -k NetSvcs
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) -> system32\DRIVERS\lltdio.sys
R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) -> \SystemRoot\system32\drivers\luafv.sys
R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - MsMpSvc (Microsoft Antimalware Service) -> "c:\Program Files\Microsoft Security Client\MsMpEng.exe"
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) -> %systemroot%\system32\svchost.exe -k LocalService
R2 - NvNetworkService (NVIDIA Network Service) -> "C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe"
R2 - NvStreamSvc (NVIDIA Streamer Service) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe"
R2 - nvsvc (NVIDIA Display Driver Service) -> "C:\Windows\system32\nvvsvc.exe"
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - PEAUTH (PEAUTH) -> system32\drivers\peauth.sys
R2 - PlaysService (Plays.tv Update Service) -> "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe"
R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - PnkBstrA (PnkBstrA) -> C:\Windows\system32\PnkBstrA.exe
R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - Razer Game Scanner Service (Razer Game Scanner) -> C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) -> %SystemRoot%\system32\svchost.exe -k RPCSS
R2 - RpcSs (@oleres.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (Link-Layer Topology Discovery Responder) -> system32\DRIVERS\rspndr.sys
R2 - rzpmgrk (rzpmgrk) -> \??\C:\Windows\system32\drivers\rzpmgrk.sys
R2 - rzpnk (rzpnk) -> \??\C:\Windows\system32\drivers\rzpnk.sys
R2 - RzSurroundVADStreamingService (RzSurroundVADStreamingService) -> "C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe"
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) -> %SystemRoot%\system32\lsass.exe
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - secdrv (Security Driver) -> (?)
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S2 - SkypeUpdate (Skype Updater) -> "C:\Program Files (x86)\Skype\Updater\Updater.exe"
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) -> %SystemRoot%\System32\spoolsv.exe
S2 - sppsvc (@%SystemRoot%\system32\sppsvc.exe,-101) -> %SystemRoot%\system32\sppsvc.exe
R2 - Stereo Service (NVIDIA Stereoscopic 3D Driver Service) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe"
S2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) -> %SystemRoot%\system32\svchost.exe -k imgsvc
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) -> %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - tcpipreg (TCP/IP Registry Compatibility) -> System32\drivers\tcpipreg.sys
R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) -> %systemroot%\system32\svchost.exe -k netsvcs
R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - WMPNetworkSvc (@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101) -> "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (@%systemroot%\system32\SearchIndexer.exe,-103) -> %systemroot%\system32\SearchIndexer.exe /Embedding
R2 - wuauserv (@%systemroot%\system32\wuaueng.dll,-105) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - 1394ohci (1394 OHCI Compliant Host Controller) -> \SystemRoot\system32\drivers\1394ohci.sys
S3 - AcpiPmi (ACPI Power Meter Driver) -> \SystemRoot\system32\drivers\acpipmi.sys
S3 - adp94xx () -> \SystemRoot\system32\drivers\adp94xx.sys
S3 - adpahci () -> \SystemRoot\system32\drivers\adpahci.sys
S3 - adpu320 () -> \SystemRoot\system32\drivers\adpu320.sys
R3 - AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - agp440 (Intel AGP Bus Filter) -> \SystemRoot\system32\drivers\agp440.sys
S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) -> %SystemRoot%\System32\alg.exe
S3 - aliide () -> \SystemRoot\system32\drivers\aliide.sys
S3 - amdide () -> \SystemRoot\system32\drivers\amdide.sys
S3 - AmdK8 (AMD K8 Processor Driver) -> \SystemRoot\system32\drivers\amdk8.sys
S3 - AmdPPM (AMD Processor Driver) -> \SystemRoot\system32\drivers\amdppm.sys
S3 - amdsata () -> \SystemRoot\system32\drivers\amdsata.sys
S3 - amdsbs () -> \SystemRoot\system32\drivers\amdsbs.sys
S3 - AppID (@%systemroot%\system32\appidsvc.dll,-102) -> \SystemRoot\system32\drivers\appid.sys
S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - arc () -> \SystemRoot\system32\drivers\arc.sys
S3 - arcsas () -> \SystemRoot\system32\drivers\arcsas.sys
S3 - aspnet_state (ASP.NET State Service) -> %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
R3 - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) -> system32\DRIVERS\asyncmac.sys
S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) -> %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
S3 - b06bdrv (Broadcom NetXtreme II VBD) -> \SystemRoot\system32\drivers\bxvbda.sys
S3 - b57nd60a (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0) -> system32\DRIVERS\b57nd60a.sys
S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - bowser (@%systemroot%\system32\browser.dll,-102) -> system32\DRIVERS\bowser.sys
S3 - BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) -> \SystemRoot\system32\drivers\BrFiltLo.sys
S3 - BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) -> \SystemRoot\system32\drivers\BrFiltUp.sys
S3 - Browser (@%systemroot%\system32\browser.dll,-100) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - Brserid (Brother MFC Serial Port Interface Driver (WDM)) -> \SystemRoot\System32\Drivers\Brserid.sys
S3 - BrSerWdm (Brother WDM Serial driver) -> \SystemRoot\System32\Drivers\BrSerWdm.sys
S3 - BRSptStub (BitRaider Mini-Support Service Stub Loader) -> "C:\ProgramData\BitRaider\BRSptStub.exe"
S3 - BrUsbMdm (Brother MFC USB Fax Only Modem) -> \SystemRoot\System32\Drivers\BrUsbMdm.sys
S3 - BrUsbSer (Brother MFC USB Serial WDM Driver) -> \SystemRoot\System32\Drivers\BrUsbSer.sys
S3 - BTHMODEM (Bluetooth Serial Communications Driver) -> \SystemRoot\system32\drivers\bthmodem.sys
S3 - bthserv (@%SystemRoot%\System32\bthserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k bthsvcs
S3 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) -> %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - circlass (Consumer IR Devices) -> \SystemRoot\system32\drivers\circlass.sys
S3 - CmBatt (Microsoft ACPI Control Method Battery Driver) -> \SystemRoot\system32\drivers\CmBatt.sys
S3 - cmdide () -> \SystemRoot\system32\drivers\cmdide.sys
S3 - Compbatt () -> \SystemRoot\system32\drivers\compbatt.sys
R3 - CompositeBus (Composite Bus Enumerator Driver) -> system32\DRIVERS\CompositeBus.sys
S3 - COMSysApp (@comres.dll,-947) -> %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) -> %SystemRoot%\system32\svchost.exe -k defragsvc
S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - drmkaud (Microsoft Trusted Audio Drivers) -> \SystemRoot\system32\drivers\drmkaud.sys
R3 - DXGKrnl (LDDM Graphics Subsystem) -> \SystemRoot\System32\drivers\dxgkrnl.sys
R3 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - EasyAntiCheat (EasyAntiCheat) -> C:\Windows\system32\EasyAntiCheat.exe
S3 - ebdrv (Broadcom NetXtreme II 10 GigE VBD) -> \SystemRoot\system32\drivers\evbda.sys
S3 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) -> %SystemRoot%\System32\lsass.exe
S3 - ehRecvr (@%SystemRoot%\ehome\ehrecvr.exe,-101) -> %systemroot%\ehome\ehRecvr.exe
S3 - ehSched (@%SystemRoot%\ehome\ehsched.exe,-101) -> %systemroot%\ehome\ehsched.exe
S3 - elxstor () -> \SystemRoot\system32\drivers\elxstor.sys
S3 - ErrDev (Microsoft Hardware Error Device Driver) -> \SystemRoot\system32\drivers\errdev.sys
S3 - exfat (exFAT File System Driver) -> (?)
R3 - fastfat (FAT12/16/32 File System Driver) -> (?)
S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) -> %systemroot%\system32\fxssvc.exe
S3 - fdc (Floppy Disk Controller Driver) -> \SystemRoot\system32\drivers\fdc.sys
R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) -> system32\drivers\filetrace.sys
S3 - flpydisk (Floppy Disk Driver) -> \SystemRoot\system32\drivers\flpydisk.sys
S3 - FontCache3.0.0.0 (@%SystemRoot%\system32\PresentationHost.exe,-3309) -> %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) -> System32\drivers\FsDepends.sys
S3 - Futuremark SystemInfo Service (Futuremark SystemInfo Service) -> "C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe"
S3 - gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) -> \SystemRoot\system32\drivers\gagp30kx.sys
S3 - gupdatem (Google Update Service (gupdatem)) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc
S3 - gusvc (Google Software Updater) -> "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"
S3 - hcw85cir (Hauppauge Consumer Infrared Receiver) -> \SystemRoot\system32\drivers\hcw85cir.sys
S3 - HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) -> system32\drivers\HdAudio.sys
R3 - HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) -> system32\DRIVERS\HDAudBus.sys
S3 - HidBatt (HID UPS Battery Driver) -> \SystemRoot\system32\drivers\HidBatt.sys
S3 - HidBth (Microsoft Bluetooth HID Miniport) -> \SystemRoot\system32\drivers\hidbth.sys
S3 - HidIr (Microsoft Infrared HID Driver) -> \SystemRoot\system32\drivers\hidir.sys
R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HidUsb (Microsoft HID Class Driver) -> system32\DRIVERS\hidusb.sys
S3 - hkmsvc (@%SystemRoot%\system32\kmsvc.dll,-6) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 - HpSAMD () -> \SystemRoot\system32\drivers\HpSAMD.sys
R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) -> system32\drivers\HTTP.sys
S3 - i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) -> \SystemRoot\system32\drivers\i8042prt.sys
S3 - iaStorV () -> \SystemRoot\system32\drivers\iaStorV.sys
S3 - idsvc (@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193) -> "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe"
S3 - IEEtwCollectorService (@%SystemRoot%\system32\ieetwcollectorres.dll,-1000) -> %SystemRoot%\system32\IEEtwCollector.exe /V
S3 - iirsp () -> \SystemRoot\system32\drivers\iirsp.sys
R3 - ikbevent (Intel Upper keyboard Class Filter Driver) -> system32\DRIVERS\ikbevent.sys
R3 - imsevent (Intel Upper Mouse Class Filter Driver) -> system32\DRIVERS\imsevent.sys
S3 - INETMON (INETMON) -> \??\C:\Windows\System32\Drivers\INETMON.sys
R3 - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) -> system32\drivers\RTKVHD64.sys
S3 - intelide () -> \SystemRoot\system32\drivers\intelide.sys
R3 - intelppm (Intel Processor Driver) -> system32\DRIVERS\intelppm.sys
S3 - IPBusEnum (@%systemroot%\system32\IPBusEnum.dll,-102) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) -> system32\DRIVERS\ipfltdrv.sys
S3 - IPMIDRV () -> \SystemRoot\system32\drivers\IPMIDrv.sys
S3 - IPNAT (IP Network Address Translator) -> System32\drivers\ipnat.sys
S3 - iPod Service (iPod Service) -> "C:\Program Files\iPod\bin\iPodService.exe"
S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) -> system32\drivers\irenum.sys
S3 - isapnp () -> \SystemRoot\system32\drivers\isapnp.sys
S3 - iScsiPrt (iScsiPort Driver) -> \SystemRoot\system32\drivers\msiscsi.sys
R3 - ISCT (Intel(R) Smart Connect Technology Device Driver) -> system32\DRIVERS\ISCTD64.sys
R3 - iusb3hub (Intel(R) USB 3.0 Hub Driver) -> system32\DRIVERS\iusb3hub.sys
R3 - iusb3xhc (Intel(R) USB 3.0 eXtensible Host Controller Driver) -> system32\DRIVERS\iusb3xhc.sys
R3 - kbdclass (Keyboard Class Driver) -> system32\DRIVERS\kbdclass.sys
R3 - kbdhid (Keyboard HID Driver) -> system32\DRIVERS\kbdhid.sys
R3 - KeyIso (@keyiso.dll,-100) -> %SystemRoot%\system32\lsass.exe
R3 - ksthunk (Kernel Streaming Thunks) -> \SystemRoot\system32\drivers\ksthunk.sys
S3 - KtmRm (@comres.dll,-2946) -> %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
S3 - LADF_CaptureOnly (LADF Capture Filter Driver) -> system32\DRIVERS\ladfGSCamd64.sys
S3 - LADF_RenderOnly (LADF Render Filter Driver) -> system32\DRIVERS\ladfGSRamd64.sys
R3 - LGBusEnum (Logitech GamePanel Virtual Bus Enumerator Driver) -> system32\drivers\LGBusEnum.sys
S3 - LGVirHid (Logitech Gamepanel Virtual HID Device Driver) -> system32\drivers\LGVirHid.sys
S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - LSI_FC () -> \SystemRoot\system32\drivers\lsi_fc.sys
S3 - LSI_SAS () -> \SystemRoot\system32\drivers\lsi_sas.sys
S3 - LSI_SAS2 () -> \SystemRoot\system32\drivers\lsi_sas2.sys
S3 - LSI_SCSI () -> \SystemRoot\system32\drivers\lsi_scsi.sys
R3 - MBfilt () -> system32\drivers\MBfilt64.sys
S3 - megasas () -> \SystemRoot\system32\drivers\megasas.sys
S3 - MegaSR () -> \SystemRoot\system32\drivers\MegaSR.sys
R3 - MEIx64 (Intel(R) Management Engine Interface) -> system32\DRIVERS\TeeDriverx64.sys
S3 - Modem () -> system32\drivers\modem.sys
R3 - monitor (Microsoft Monitor Class Function Driver Service) -> system32\DRIVERS\monitor.sys
R3 - mouclass (Mouse Class Driver) -> system32\DRIVERS\mouclass.sys
R3 - mouhid (Mouse HID Driver) -> system32\DRIVERS\mouhid.sys
S3 - mpio () -> \SystemRoot\system32\drivers\mpio.sys
R3 - mpsdrv (@%SystemRoot%\system32\FirewallAPI.dll,-23092) -> System32\drivers\mpsdrv.sys
S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) -> \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) -> system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) -> system32\DRIVERS\mrxsmb10.sys
R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) -> system32\DRIVERS\mrxsmb20.sys
S3 - msdsm () -> \SystemRoot\system32\drivers\msdsm.sys
S3 - MSDTC (@comres.dll,-2797) -> %SystemRoot%\System32\msdtc.exe
S3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) -> \SystemRoot\System32\drivers\mshidkmdf.sys
S3 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) -> %systemroot%\system32\svchost.exe -k netsvcs
S3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) -> %systemroot%\system32\msiexec.exe /V
S3 - MSKSSRV (Microsoft Streaming Service Proxy) -> system32\drivers\MSKSSRV.sys
S3 - MSPCLOCK (Microsoft Streaming Clock Proxy) -> system32\drivers\MSPCLOCK.sys
S3 - MSPQM (Microsoft Streaming Quality Manager Proxy) -> system32\drivers\MSPQM.sys
S3 - MsRPC () -> (?)
S3 - MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) -> system32\drivers\MSTEE.sys
S3 - MTConfig (Microsoft Input Configuration Driver) -> \SystemRoot\system32\drivers\MTConfig.sys
S3 - napagent (@%SystemRoot%\system32\qagentrt.dll,-6) -> %SystemRoot%\System32\svchost.exe -k NetworkService
R3 - NativeWifiP (NativeWiFi Filter) -> system32\DRIVERS\nwifi.sys
S3 - NdisCap (NDIS Capture LightWeight Filter) -> system32\DRIVERS\ndiscap.sys
R3 - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) -> system32\DRIVERS\ndistapi.sys
R3 - Ndisuio (NDIS Usermode I/O Protocol) -> system32\DRIVERS\ndisuio.sys
R3 - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) -> system32\DRIVERS\ndiswan.sys
R3 - NDProxy (NDIS Proxy) -> (?)
S3 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) -> %systemroot%\system32\lsass.exe
R3 - Netman (@%SystemRoot%\system32\netman.dll,-109) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - netprofm (@%SystemRoot%\system32\netprofm.dll,-202) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - netr28ux (RT2870 USB Wireless LAN Card Driver for Vista) -> system32\DRIVERS\netr28ux.sys
S3 - nfrd960 () -> \SystemRoot\system32\drivers\nfrd960.sys
S3 - NisDrv (Microsoft Network Inspection System) -> system32\DRIVERS\NisDrvWFP.sys
S3 - NisSrv (@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243) -> "c:\Program Files\Microsoft Security Client\NisSrv.exe"
S3 - npggsvc (nProtect GameGuard Service) -> C:\Windows\system32\GameMon.des -service
R3 - Ntfs () -> (?)
R3 - NVHDA (Service for NVIDIA High Definition Audio Driver) -> system32\drivers\nvhda64v.sys
R3 - nvlddmkm () -> system32\DRIVERS\nvlddmkm.sys
S3 - nvraid () -> \SystemRoot\system32\drivers\nvraid.sys
S3 - nvstor () -> \SystemRoot\system32\drivers\nvstor.sys
R3 - NvStreamKms (NvStreamKms) -> \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
R3 - NvStreamNetworkSvc (NVIDIA Streamer Network Service) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe"
R3 - nvvad_WaveExtensible (NVIDIA Virtual Audio Device (Wave Extensible) (WDM)) -> system32\drivers\nvvad64v.sys
S3 - nv_agp (NVIDIA nForce AGP Bus Filter) -> \SystemRoot\system32\drivers\nv_agp.sys
S3 - ohci1394 (1394 OHCI Compliant Host Controller (Legacy)) -> \SystemRoot\system32\drivers\ohci1394.sys
S3 - Origin Client Service (Origin Client Service) -> "C:\Program Files (x86)\Origin\OriginClientService.exe"
S3 - ose (Office  Source Engine) -> "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
S3 - osppsvc (Office Software Protection Platform) -> "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
R3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - Parport (Parallel port driver) -> system32\DRIVERS\parport.sys
S3 - pciide () -> \SystemRoot\system32\drivers\pciide.sys
S3 - pcmcia () -> \SystemRoot\system32\drivers\pcmcia.sys
S3 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) -> %SystemRoot%\SysWow64\perfhost.exe
S3 - pla (@%systemroot%\system32\pla.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) -> %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) -> %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
R3 - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) -> system32\DRIVERS\raspptp.sys
S3 - Processor (Processor Driver) -> \SystemRoot\system32\drivers\processr.sys
S3 - ProtectedStorage (@%systemroot%\system32\psbase.dll,-300) -> %SystemRoot%\system32\lsass.exe
S3 - ql2300 () -> \SystemRoot\system32\drivers\ql2300.sys
S3 - ql40xx () -> \SystemRoot\system32\drivers\ql40xx.sys
S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) -> %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) -> \SystemRoot\system32\drivers\qwavedrv.sys
S3 - RasAcd (Remote Access Auto Connection Driver) -> System32\DRIVERS\rasacd.sys
R3 - RasAgileVpn (WAN Miniport (IKEv2)) -> system32\DRIVERS\AgileVpn.sys
S3 - RasAuto (@%Systemroot%\system32\rasauto.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) -> system32\DRIVERS\rasl2tp.sys
S3 - RasMan (@%Systemroot%\system32\rasmans.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) -> system32\DRIVERS\raspppoe.sys
R3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) -> system32\DRIVERS\rassstp.sys
S3 - rdpbus (Remote Desktop Device Redirector Bus Driver) -> \SystemRoot\system32\drivers\rdpbus.sys
S3 - RDPWD (RDP Winstation Driver) -> (?)
S3 - RemoteRegistry (@regsvc.dll,-1) -> %SystemRoot%\system32\svchost.exe -k regsvc
S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) -> %SystemRoot%\system32\locator.exe
R3 - RTL8167 (Realtek 8167 NT Driver) -> system32\DRIVERS\Rt64win7.sys
R3 - rzendpt (rzendpt) -> system32\DRIVERS\rzendpt.sys
R3 - RZSURROUNDVADService (Razer Surround Audio Service) -> system32\drivers\RzSurroundVAD.sys
R3 - rzudd (Razer Mouse Driver) -> system32\DRIVERS\rzudd.sys
S3 - sbp2port () -> \SystemRoot\system32\drivers\sbp2port.sys
S3 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) -> System32\DRIVERS\scfilter.sys
S3 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) -> %SystemRoot%\system32\svchost.exe -k netsvcs
R3 - ScpVBus (Scp Virtual Bus Driver) -> system32\DRIVERS\ScpVBus.sys
R3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) -> %SystemRoot%\system32\svchost.exe -k SDRSVC
S3 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) -> %windir%\system32\svchost.exe -k netsvcs
S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - Serenum (Serenum Filter Driver) -> system32\DRIVERS\serenum.sys
S3 - sermouse (Serial Mouse Driver) -> \SystemRoot\system32\drivers\sermouse.sys
S3 - SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - sffdisk (SFF Storage Class Driver) -> \SystemRoot\system32\drivers\sffdisk.sys
S3 - sffp_mmc (SFF Storage Protocol Driver for MMC) -> \SystemRoot\system32\drivers\sffp_mmc.sys
S3 - sffp_sd (SFF Storage Protocol Driver for SDBus) -> \SystemRoot\system32\drivers\sffp_sd.sys
S3 - sfloppy (High-Capacity Floppy Disk Drive) -> \SystemRoot\system32\drivers\sfloppy.sys
S3 - SiSRaid2 () -> \SystemRoot\system32\drivers\SiSRaid2.sys
S3 - SiSRaid4 () -> \SystemRoot\system32\drivers\sisraid4.sys
S3 - Smb (@%SystemRoot%\system32\tcpipcfg.dll,-50005) -> system32\DRIVERS\smb.sys
S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) -> %SystemRoot%\System32\snmptrap.exe
S3 - sppuinotify (@%SystemRoot%\system32\sppuinotify.dll,-103) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - srv (@%systemroot%\system32\srvsvc.dll,-102) -> System32\DRIVERS\srv.sys
R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) -> System32\DRIVERS\srv2.sys
R3 - srvnet () -> System32\DRIVERS\srvnet.sys
R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Steam Client Service (Steam Client Service) -> "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
S3 - stexstor () -> \SystemRoot\system32\drivers\stexstor.sys
R3 - swenum (Software Bus Driver) -> system32\DRIVERS\swenum.sys
S3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) -> %SystemRoot%\System32\svchost.exe -k swprv
S3 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - TBS (@%SystemRoot%\system32\tbssvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - TCPIP6 (Microsoft IPv6 Protocol Driver) -> system32\DRIVERS\tcpip.sys
S3 - TDPIPE (TDPIPE) -> system32\drivers\tdpipe.sys
S3 - TDTCP (TDTCP) -> system32\drivers\tdtcp.sys
S3 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - THREADORDER (@%systemroot%\system32\mmcss.dll,-102) -> %SystemRoot%\system32\svchost.exe -k LocalService
R3 - TrustedInstaller (@%SystemRoot%\servicing\TrustedInstaller.exe,-100) -> %SystemRoot%\servicing\TrustedInstaller.exe
S3 - tssecsrv (@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101) -> System32\DRIVERS\tssecsrv.sys
S3 - TsUsbFlt () -> system32\drivers\tsusbflt.sys
S3 - TsUsbGD (Remote Desktop Generic USB Device) -> \SystemRoot\system32\drivers\TsUsbGD.sys
R3 - tunnel (Microsoft Tunnel Miniport Adapter Driver) -> system32\DRIVERS\tunnel.sys
S3 - uagp35 (Microsoft AGPv3.5 Filter) -> \SystemRoot\system32\drivers\uagp35.sys
S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) -> %SystemRoot%\system32\UI0Detect.exe
S3 - uliagpkx (Uli AGP Bus Filter) -> \SystemRoot\system32\drivers\uliagpkx.sys
R3 - umbus (UMBus Enumerator Driver) -> system32\DRIVERS\umbus.sys
S3 - UmPass (Microsoft UMPass Driver) -> \SystemRoot\system32\drivers\umpass.sys
R3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - USBAAPL64 (Apple Mobile USB Driver) -> System32\Drivers\usbaapl64.sys
S3 - usbaudio (USB Audio Driver (WDM)) -> system32\drivers\usbaudio.sys
R3 - usbccgp (Microsoft USB Generic Parent Driver) -> system32\DRIVERS\usbccgp.sys
S3 - usbcir (eHome Infrared Receiver (USBCIR)) -> \SystemRoot\system32\drivers\usbcir.sys
R3 - usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) -> \SystemRoot\system32\drivers\usbehci.sys
R3 - usbhub (Microsoft USB Standard Hub Driver) -> system32\DRIVERS\usbhub.sys
S3 - usbohci (Microsoft USB Open Host Controller Miniport Driver) -> \SystemRoot\system32\drivers\usbohci.sys
S3 - usbprint (Microsoft USB PRINTER Class) -> \SystemRoot\system32\drivers\usbprint.sys
S3 - USBSTOR (USB Mass Storage Driver) -> \SystemRoot\system32\drivers\USBSTOR.SYS
S3 - usbuhci (Microsoft USB Universal Host Controller Miniport Driver) -> \SystemRoot\system32\drivers\usbuhci.sys
S3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) -> %SystemRoot%\system32\lsass.exe
S3 - vds (@%SystemRoot%\system32\vds.exe,-100) -> %SystemRoot%\System32\vds.exe
S3 - vga () -> system32\DRIVERS\vgapnp.sys
S3 - vhdmp () -> \SystemRoot\system32\drivers\vhdmp.sys
S3 - viaide () -> \SystemRoot\system32\drivers\viaide.sys
S3 - vsmraid () -> \SystemRoot\system32\drivers\vsmraid.sys
S3 - VSS (@%systemroot%\system32\vssvc.exe,-102) -> %systemroot%\system32\vssvc.exe
S3 - vwifibus (Virtual WiFi Bus Driver) -> system32\DRIVERS\vwifibus.sys
S3 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WacomPen (Wacom Serial Pen HID Driver) -> \SystemRoot\system32\drivers\wacompen.sys
S3 - WANARP (@%systemroot%\system32\rascfg.dll,-32011) -> system32\DRIVERS\wanarp.sys
S3 - WatAdminSvc (@%SystemRoot%\system32\Wat\WatUX.exe,-601) -> %SystemRoot%\system32\Wat\WatAdminSvc.exe
S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) -> "%systemroot%\system32\wbengine.exe"
S3 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) -> %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - WcsPlugInService (@%SystemRoot%\system32\WcsPlugInService.dll,-200) -> %SystemRoot%\system32\svchost.exe -k wcssvc
S3 - Wd () -> \SystemRoot\system32\drivers\wd.sys
R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) -> %SystemRoot%\System32\svchost.exe -k LocalService
S3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) -> %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) -> %SystemRoot%\system32\svchost.exe -k NetworkService
S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) -> %SystemRoot%\System32\svchost.exe -k WerSvcGroup
S3 - WIMMount (WIMMount) -> system32\drivers\wimmount.sys
S3 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) -> %SystemRoot%\System32\svchost.exe -k secsvcs
S3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) -> %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - Winsock () -> (?)
S3 - WinUsb (WinUsb) -> system32\DRIVERS\WinUsb.sys
R3 - WmiAcpi (Microsoft Windows Management Interface for ACPI) -> system32\DRIVERS\wmiacpi.sys
S3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) -> %systemroot%\system32\wbem\WmiApSrv.exe
S3 - WPCSvc (@%SystemRoot%\system32\wpcsvc.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
S3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) -> system32\drivers\WudfPf.sys
S3 - WUDFRd () -> system32\DRIVERS\WUDFRd.sys
S3 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) -> %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) -> %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
S3 - xusb21 (Xbox 360 Wireless Receiver Driver Service 21) -> system32\DRIVERS\xusb21.sys
S4 - AdobeFlashPlayerUpdateSvc (Adobe Flash Player Update Service) -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
S4 - cdfs (CD/DVD File System Reader) -> system32\DRIVERS\cdfs.sys
S4 - clr_optimization_v2.0.50727_32 (Microsoft .NET Framework NGEN v2.0.50727_X86) -> %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
S4 - clr_optimization_v2.0.50727_64 (Microsoft .NET Framework NGEN v2.0.50727_X64) -> %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
S4 - crcdisk (Crcdisk Filter Driver) -> \SystemRoot\system32\drivers\crcdisk.sys
S4 - HiPatchService (Hi-Rez Studios Authenticate and Update Service) -> C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
S4 - Intel(R) Capability Licensing Service Interface (Intel(R) Capability Licensing Service Interface) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
S4 - Intel(R) Capability Licensing Service TCP IP Interface (Intel(R) Capability Licensing Service TCP IP Interface) -> "C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe"
S4 - ISCTAgent (Intel(R) Smart Connect Technology Agent) -> "C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe" 
S4 - jhi_service (Intel(R) Dynamic Application Loader Host Interface Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe"
S4 - LMS (Intel(R) Management and Security Application Local Management Service) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
S4 - Mcx2Svc (@%SystemRoot%\ehome\ehres.dll,-15501) -> %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S4 - MozillaMaintenance (Mozilla Maintenance Service) -> "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
S4 - MSI_Trigger_Service () -> "C:\Program Files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe"
S4 - NetMsmqActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195) -> "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
S4 - NetPipeActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 - NetTcpActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 - NetTcpPortSharing (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) -> %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - udfs (udfs) -> system32\DRIVERS\udfs.sys

---------- | System files (Microsoft Files whitelisted)

[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - [10/06/2009 13:36:24] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) - [479.58 Ko] - (1.6.6.4) - C:\Windows\System32\Drivers\adp94xx.sys
[MD5.597F78224EE9224EA1A13D6350CED962] - [13/07/2009 14:59:32] - (.Copyright © 2006 Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) - [331.58 Ko] - (1.6.6.1) - C:\Windows\System32\Drivers\adpahci.sys
[MD5.E109549C90F62FB570B9540C4B148E54] - [13/07/2009 14:59:33] - (.Copyright © 2003 Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) - [178.58 Ko] - (7.2.0.0) - C:\Windows\System32\Drivers\adpu320.sys
[MD5.5812713A477A3AD7363C7438CA2EE038] - [13/07/2009 16:19:47] - (.Copyright (C) Acer Laboratories Inc.  2000  - ALi mini IDE Driver.) - [15.08 Ko] - (1.2.0.0) - C:\Windows\System32\Drivers\aliide.sys
[MD5.1FF8B4431C353CE385C875F194924C0C] - [13/07/2009 16:19:49] - (.Copyright (C) AMD 2003 - AMD IDE Driver.) - [15.08 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\amdide.sys
[MD5.D4121AE6D0C0E7E13AA221AA57EF2D49] - [17/06/2013 11:02:11] - (.Copyright © 2008-2010 AMD, Inc. - AHCI 1.2 Device Driver.) - [105.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdsata.sys
[MD5.F67F933E79241ED32FF46A4F29B5120B] - [10/06/2009 13:37:35] - (.2008 Advanced Micro Devices, Inc. - AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform.) - [189.58 Ko] - (3.6.1540.127) - C:\Windows\System32\Drivers\amdsbs.sys
[MD5.540DAF1CEA6094886D72126FD7C33048] - [17/06/2013 11:02:11] - (.Copyright © 2008-2010 AMD, Inc. - Storage Filter Driver.) - [26.38 Ko] - (1.1.2.5) - C:\Windows\System32\Drivers\amdxata.sys
[MD5.C484F8CEB1717C540242531DB7845C4E] - [13/07/2009 14:59:33] - (.Copyright 2007 Adaptec, Inc. - Adaptec RAID Storport Driver.) - [85.58 Ko] - (5.2.0.10384) - C:\Windows\System32\Drivers\arc.sys
[MD5.019AF6924AEFE7839F61C830227FE79C] - [13/07/2009 14:59:33] - (.Copyright 2008 Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) - [95.56 Ko] - (5.2.0.16119) - C:\Windows\System32\Drivers\arcsas.sys
[MD5.B5ACE6968304A3900EEB1EBFD9622DF2] - [10/06/2009 13:34:23] - (.Copyright 2000-2008, Broadcom Corporation. - Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver..) - [264.5 Ko] - (10.100.4.0) - C:\Windows\System32\Drivers\b57nd60a.sys
[MD5.F09EEE9EDC320B5E1501F749FDE686C8] - [13/07/2009 18:19:59] - (.Copyright (C) Brother Industries, Ltd. 2001-2003 - Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver.) - [18 Ko] - (1.10.0.2) - C:\Windows\System32\Drivers\BrFiltLo.sys
[MD5.B114D3098E9BDB8BEA8B053685831BE6] - [13/07/2009 18:20:21] - (.Copyright (C) Brother Industries, Ltd. 2001 - Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver.) - [8.5 Ko] - (1.4.0.1) - C:\Windows\System32\Drivers\BrFiltUp.sys
[MD5.43BEA8D483BF1870F018E2D02E06A5BD] - [13/07/2009 18:19:06] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Brotehr Serial I/F Driver (WDM).) - [280 Ko] - (1.0.1.6) - C:\Windows\System32\Drivers\BrSerId.sys
[MD5.A6ECA2151B08A09CACECA35C07F05B42] - [13/07/2009 18:20:11] - (.Copyright (C) Brother Industries Ltd.1997-2003 - Brother Serial driver (WDM version).) - [46 Ko] - (1.0.0.20) - C:\Windows\System32\Drivers\BrSerWdm.sys
[MD5.B79968002C277E869CF38BD22CD61524] - [13/07/2009 18:20:26] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB MDM Driver.) - [14.63 Ko] - (1.0.0.12) - C:\Windows\System32\Drivers\BrUsbMdm.sys
[MD5.A87528880231C54E75EA7A44943B38BF] - [13/07/2009 18:20:15] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother USB Serial Driver.) - [14.38 Ko] - (1.0.1.3) - C:\Windows\System32\Drivers\BrUsbSer.sys
[MD5.3E5B191307609F7514148C6832BB0842] - [10/06/2009 13:34:28] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) - [457.5 Ko] - (4.8.2.0) - C:\Windows\System32\Drivers\bxvbda.sys
[MD5.E19D3F095812725D88F9001985B94EDD] - [13/07/2009 16:19:48] - (.Copyright (C) CMD Technology, Inc. 1999-2000 - CMD PCI IDE Bus Driver.) - [17.08 Ko] - (2.0.7.0) - C:\Windows\System32\Drivers\cmdide.sys
[MD5.0E5DA5369A0FCAEA12456DD852545184] - [10/06/2009 13:36:49] - (.Copyright © 2003-2009 Emulex - Storport Miniport Driver for LightPulse HBAs.) - [518.06 Ko] - (7.2.10.211) - C:\Windows\System32\Drivers\elxstor.sys
[MD5.DC5D737F51BE844D8C82C695EB17372F] - [10/06/2009 13:34:33] - (.(c) COPYRIGHT 2001-2008 Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) - [3209 Ko] - (4.8.13.0) - C:\Windows\System32\Drivers\evbda.sys
[MD5.F2523EF6460FC42405B12248338AB2F0] - [13/07/2009 15:53:43] - (.Copyright ©2007-2009 Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) - [30.5 Ko] - (1.31.27127.0) - C:\Windows\System32\Drivers\hcw85cir.sys
[MD5.39D2ABCD392F3D8A6DCE7B60AE7B8EFC] - [20/11/2010 20:23:47] - (.Copyright (c) 2004-2010 Hewlett-Packard Development Company, L.P. - Smart Array SAS/SATA Controller Media Driver.) - [76.88 Ko] - (6.12.6.64) - C:\Windows\System32\Drivers\HpSAMD.sys
[MD5.AAAF44DB3BD0B9D1FB6969B23ECC8366] - [17/06/2013 11:02:11] - (.Copyright(C) Intel Corporation 1994-2008  - Intel Matrix Storage Manager driver - x64.) - [400.88 Ko] - (8.6.2.1014) - C:\Windows\System32\Drivers\iaStorV.sys
[MD5.5C18831C61933628F5BB0EA2675B9D21] - [13/07/2009 14:59:33] - (.Copyright © 2002-05 Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) - [43.08 Ko] - (5.4.22.0) - C:\Windows\System32\Drivers\iirsp.sys
[MD5.39F3C7E218CE9118106D166F09AE1352] - [01/08/2013 17:01:32] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Keyboard Class Upper Filter Driver.) - [20.91 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\ikbevent.sys
[MD5.404906005D768E48BF16218B420249C7] - [01/08/2013 17:01:34] - (.Copyright (C) 2011 - 2013 Intel Corporation - Intel Mouse Class Upper Filter Driver.) - [21.41 Ko] - (1.0.11.0) - C:\Windows\System32\Drivers\imsevent.sys
[MD5.3F2BB021CB280880F8C1B7A6FEF9B447] - [12/05/2014 13:21:04] - (.-.) - [28.41 Ko] - (0.0.0.0) - C:\Windows\System32\Drivers\INETMON.sys
[MD5.4EE2423C38F43D37F8497A672FD10BDC] - [01/08/2013 17:01:32] - (.Copyright (C) 2011-2012 - Intel(R) Smart Connect Technology Device Driver.) - [45.48 Ko] - (1.0.8.0) - C:\Windows\System32\Drivers\ISCTD64.sys
[MD5.78D369F8A81A341109FBA1DB64B4C512] - [12/05/2014 13:08:21] - (.(C) 2010-2013 Intel Corporation - Intel(R) USB 3.0 Host Controller Switch Driver.) - [19.98 Ko] - (2.5.0.19) - C:\Windows\System32\Drivers\iusb3hcs.sys
[MD5.5B632ABA038CE2E2D5D2D1115C6B26D1] - [14/06/2013 14:14:02] - (.(C) 2010-2013 Intel Corporation - Intel(R) USB 3.0 Hub Driver.) - [359.48 Ko] - (2.5.0.19) - C:\Windows\System32\Drivers\iusb3hub.sys
[MD5.EA841584EF59528D11F20355770E427E] - [14/06/2013 14:14:02] - (.(C) 2010-2013 Intel Corporation - Intel(R) USB 3.0 eXtensible Host Controller Driver.) - [767.98 Ko] - (2.5.0.19) - C:\Windows\System32\Drivers\iusb3xhc.sys
[MD5.305BB2AC00D46542E0A653AB63F4ABB1] - [15/04/2013 11:51:52] - (.Copyright(c) 2013 Logitech Inc. - Capture Filter Driver.) - [400.4 Ko] - (8.46.19.1) - C:\Windows\System32\Drivers\ladfGSCamd64.sys
[MD5.28CDDC7D478A6313F55077416DCBD0DE] - [15/04/2013 11:51:58] - (.Copyright(c) 2013 Logitech Inc. - DPL2/EQ Filter Driver.) - [100.4 Ko] - (8.46.19.1) - C:\Windows\System32\Drivers\ladfGSRamd64.sys
[MD5.FA529FB35694C24BF98A9EF67C1CD9D0] - [23/11/2009 17:37:50] - (.© 2004-2009 Logitech.  - Logitech WingMan Virtual Bus Enumerator Driver.) - [21.88 Ko] - (3.4.131.0) - C:\Windows\System32\Drivers\LGBusEnum.sys
[MD5.94B29CE153765E768F004FB3440BE2B0] - [23/11/2009 17:38:00] - (.© 2004-2009 Logitech.  - Logitech GamePanel Virtual Hid Device Driver.) - [15.63 Ko] - (3.4.131.0) - C:\Windows\System32\Drivers\LGVirHid.sys
[MD5.1A93E54EB0ECE102495A51266DCDB6A6] - [13/07/2009 14:59:34] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT FC Driver (StorPort).) - [112.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_fc.sys
[MD5.1047184A9FDC8BDBFF857175875EE810] - [13/07/2009 14:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SAS Driver (StorPort).) - [104.06 Ko] - (1.28.3.52) - C:\Windows\System32\Drivers\lsi_sas.sys
[MD5.30F5C0DE1EE8B5BC9306C1F0E4A75F93] - [13/07/2009 14:59:34] - (.Copyright © LSI Corporation 2009 - LSI SAS Gen2 Driver (StorPort).) - [64.06 Ko] - (2.0.2.71) - C:\Windows\System32\Drivers\lsi_sas2.sys
[MD5.0504EACAFF0D3C8AED161C4B0D369D4A] - [13/07/2009 14:59:33] - (.Copyright © LSI Corporation 2008 - LSI Fusion-MPT SCSI Driver (StorPort).) - [113.06 Ko] - (1.28.3.67) - C:\Windows\System32\Drivers\lsi_scsi.sys
[MD5.78BFF5425E044086E74E78650A359FBB] - [15/05/2016 11:29:31] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [26.38 Ko] - (0.1.16.0) - C:\Windows\System32\Drivers\mbam.sys
[MD5.1239597BAB7EED2BB16D035AF87E65D9] - [15/05/2016 11:29:31] - (.© Malwarebytes. - Malwarebytes Chameleon Protection Driver.) - [137.38 Ko] - (1.1.22.0) - C:\Windows\System32\Drivers\mbamchameleon.sys
[MD5.78488AF2AB2111D67B3C4044707A519B] - [15/05/2016 11:29:55] - (.© Malwarebytes. - Malwarebytes Anti-Malware.) - [187.71 Ko] - (0.3.0.4) - C:\Windows\System32\Drivers\MBAMSwissArmy.sys
[MD5.8FF2D95CBA49B405C5DE27039FF0BF35] - [15/05/2014 14:00:28] - (.Copyright © Creative Technology Ltd. 2009 - Creative Audio Driver.) - [31.59 Ko] - (6.10.0.8) - C:\Windows\System32\Drivers\MBfilt64.sys
[MD5.A55805F747C6EDB6A9080D7C633BD0F4] - [10/06/2009 13:37:14] - (.Copyright © LSI Corporation          - MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64.) - [34.56 Ko] - (4.5.1.64) - C:\Windows\System32\Drivers\megasas.sys
[MD5.BAF74CE0072480C3B6B7C13B2A94D6B3] - [13/07/2009 14:59:33] - (.Copyright (C) 2007 LSI Corporation. - LSI MegaRAID Software RAID Driver.) - [278.06 Ko] - (13.5.409.2009) - C:\Windows\System32\Drivers\MegaSR.sys
[MD5.452ACB7A9914398D9E18CCCFFCF92208] - [15/05/2016 11:29:31] - (.© Malwarebytes Corporation. - Malwarebytes Web Access Control.) - [63.38 Ko] - (1.0.6.0) - C:\Windows\System32\Drivers\mwac.sys
[MD5.618C55B392238B9467F9113E13525C49] - [10/06/2009 13:35:36] - (.Copyright (C) @ 2002-2009 Ralink Technology Corporation. - Ralink 802.11n Wireless Adapter Driver.) - [847 Ko] - (3.0.0.60) - C:\Windows\System32\Drivers\netr28ux.sys
[MD5.77889813BE4D166CDAB78DDBA990DA92] - [13/07/2009 14:59:33] - (.(C) Copyright IBM Corp. 1994, 2002. - IBM ServeRAID Controller Driver.) - [50.06 Ko] - (7.10.0.0) - C:\Windows\System32\Drivers\nfrd960.sys
[MD5.62CE6D6AA873D2E4AE2F64ED89E6CD83] - [24/07/2016 11:26:29] - (.(C) NVIDIA Corporation. - NVIDIA HDMI Audio Driver.) - [209.56 Ko] - (1.3.34.15) - C:\Windows\System32\Drivers\nvhda64v.sys
[MD5.1C5855A8A7186513BE3E301CEE171496] - [26/07/2016 14:21:07] - (.(C) 2016 NVIDIA Corporation. - NVIDIA Windows Kernel Mode Driver, Version 368.81.) - [13263.55 Ko] - (10.18.13.6881) - C:\Windows\System32\Drivers\nvlddmkm.sys
[MD5.0A92CB65770442ED0DC44834632F66AD] - [17/06/2013 11:02:11] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) RAID Driver.) - [144.88 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvraid.sys
[MD5.DAB0E87525C10052BF65F06152F37E4A] - [17/06/2013 11:02:11] - (.Copyright(C) 2001-2010 NVIDIA Corporation - NVIDIA® nForce(TM) Sata Performance Driver.) - [162.38 Ko] - (10.6.0.18) - C:\Windows\System32\Drivers\nvstor.sys
[MD5.F37FE6B15A987AEEC08EEF531F2FAED7] - [05/05/2016 10:38:10] - (.(C) NVIDIA Corporation. - NVIDIA Virtual Audio Driver.) - [55.06 Ko] - (1.2.40.0) - C:\Windows\System32\Drivers\nvvad64v.sys
[MD5.A53A15A11EBFD21077463EE2C7AFEEF0] - [10/06/2009 13:37:36] - (.Copyright © QLogic Corporation 1996-2009 - QLogic Fibre Channel Stor Miniport Driver.) - [1489.08 Ko] - (9.1.8.6) - C:\Windows\System32\Drivers\ql2300.sys
[MD5.4F6D12B51DE1AAEFF7DC58C4D75423C8] - [13/07/2009 14:59:34] - (.© QLogic Corporation. - QLogic iSCSI Storport Miniport Driver.) - [125.58 Ko] - (2.1.3.20) - C:\Windows\System32\Drivers\ql40xx.sys
[MD5.DCF7221D6588EDA8CD77CB27AE9B1844] - [16/04/2015 22:55:51] - (.Copyright (C) 2015 Realtek Semiconductor Corporation. All Right Reserved.             - Realtek 8136/8168/8169 NDIS 6.20 64-bit Driver               .) - [954.71 Ko] - (7.92.115.2015) - C:\Windows\System32\Drivers\Rt64win7.sys
[MD5.69976169745EDFB3225D9ABEB5E91155] - [15/05/2014 14:00:30] - (.Copyright (c) Realtek Semiconductor Corp.1998-2013 - Realtek(r) High Definition Audio Function Driver.) - [3682.96 Ko] - (6.0.1.7111) - C:\Windows\System32\Drivers\RTKVHD64.sys
[MD5.5709A79EC6011BF109C7167DDC6EC603] - [13/08/2015 08:19:08] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer RzEndPt.) - [49.21 Ko] - (1.0.38.0) - C:\Windows\System32\Drivers\rzendpt.sys
[MD5.434A22267365AEF88B3AD451B65988AE] - [01/02/2015 20:55:32] - (.Copyright (C) 2010-2014 - Razer Overlay Support.) - [36.31 Ko] - (1.0.2.7482) - C:\Windows\System32\Drivers\rzpmgrk.sys
[MD5.F8A13D4413A93DD005FAD116CBD6B6F7] - [01/02/2015 20:55:45] - (.Copyright (C) 2010-2014 - Razer Overlay Support.) - [127.81 Ko] - (1.0.12.7465) - C:\Windows\System32\Drivers\rzpnk.sys
[MD5.630BD8493D336E3FF45F1148A26A9819] - [15/02/2016 00:57:36] - (.Copyright (C) Razer.2012 - RazerSurround VAD Audio driver.) - [39.69 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\RzSurroundVAD.sys
[MD5.E7E36EA112048AC5AC8AA15B6EC35109] - [13/08/2015 08:19:08] - (.Copyright © 2015 Razer Inc. All rights reserved - Razer Rzudd Engine.) - [196.71 Ko] - (1.0.38.0) - C:\Windows\System32\Drivers\rzudd.sys
[MD5.0447065A6E10774EFCECFDD0EB970A79] - [19/05/2013 03:02:52] - (.Copyright © 2012, 2013 Scarlet.Crush Productions. - Scp Virtual Bus Driver.) - [38.25 Ko] - (1.0.0.103) - C:\Windows\System32\Drivers\ScpVBus.sys
[MD5.3EA8A16169C26AFBEB544E0E48421186] - [13/07/2009 19:36:07] - (.© 2006 Macrovision Corporation  - Macrovision SECURITY Driver.) - [22.5 Ko] - (4.3.86.0) - C:\Windows\System32\Drivers\secdrv.sys
[MD5.C1D8E28B2C2ADFAEC4BA89E9FDA69BD6] - [13/07/2009 17:00:40] - (.Copyright (C) Brother Industries Ltd.1997-2006 - Brotehr Serial I/F Driver (WDM).) - [92 Ko] - (6.1.7600.16385) - C:\Windows\System32\Drivers\serial.sys
[MD5.843CAF1E5FDE1FFD5FF768F23A51E2E1] - [10/06/2009 13:37:40] - (.Copyright (c) SiS Corp. 2000-2010 - SiS RAID Stor Miniport Driver.) - [42.56 Ko] - (5.1.1039.2600) - C:\Windows\System32\Drivers\sisraid2.sys
[MD5.6A6C106D42E9FFFF8B9FCB4F754F6DA4] - [13/07/2009 14:59:33] - (.Copyright (c) SiS Corp. 2007-2013 - SiS AHCI Stor-Miniport Driver.) - [78.58 Ko] - (5.1.1039.3600) - C:\Windows\System32\Drivers\sisraid4.sys
[MD5.F3817967ED533D08327DC73BC4D5542A] - [13/07/2009 14:59:33] - (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) - [24.08 Ko] - (5.0.1.1) - C:\Windows\System32\Drivers\stexstor.sys
[MD5.E0EF6C1399A9B1AAA0B28590411BED04] - [12/05/2014 13:07:06] - (.Copyright © 2006-2013, Intel Corporation. - Intel(R) Management Engine Interface.) - [96.96 Ko] - (9.5.15.1730) - C:\Windows\System32\Drivers\TeeDriverx64.sys
[MD5.F957092C63CD71D85903CA0D8370F473] - [17/06/2015 18:04:24] - (.© Apple, Inc.  - Apple Mobile Device USB Driver.) - [53.5 Ko] - (1.67.0.0) - C:\Windows\System32\Drivers\usbaapl64.sys
[MD5.E5689D93FFE4E5D66C0178761240DD54] - [13/07/2009 16:19:50] - (.Copyright (C) VIA Technologies, Inc. 2000-2007 - VIA Generic PCI IDE Bus Driver.) - [17.08 Ko] - (6.0.6000.170) - C:\Windows\System32\Drivers\viaide.sys
[MD5.5E2016EA6EBACA03C04FEAC5F330D997] - [10/06/2009 13:37:58] - (.Copyright (C) VIA Technologies 1992-2007 - VIA RAID DRIVER FOR AMD-X86-64.) - [158.08 Ko] - (6.0.6000.6210) - C:\Windows\System32\Drivers\vsmraid.sys
[MD5.EF558A02D734A1403583E95CCEEC2487] - [29/06/2016 15:59:45] - (.Copyright (c)1999-2015 Martin Malík - REALiX - HWiNFO AMD64 Kernel Driver.) - [26.91 Ko] - (8.98.0.0) - C:\Windows\Syswow64\Drivers\HWiNFO64A.SYS

---------- | Uninstall

[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DGC-PlanetSide 2] : (PlanetSide 2.-.Daybreak Game Company) -> C:\Users\Public\Daybreak Game Company\Installed Games\PlanetSide 2\Uninstaller.exe
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Flux] : (f.lux.-.) -> "C:\Users\Sambone\AppData\Local\FluxSoftware\Flux\uninstall.exe"
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Spotify] : (Spotify.-.Spotify AB) -> "C:\Users\Sambone\AppData\Roaming\Spotify\Spotify.exe" /uninstall
[HKU\S-1-5-21-2847832888-1738266169-4025173231-1000\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\uTorrent] : (µTorrent.-.BitTorrent Inc.) -> "C:\Users\Sambone\AppData\Roaming\uTorrent\uTorrent.exe" /UNINSTALL
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Branding] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CCleaner] : (CCleaner.-.Piriform) -> "C:\Program Files\CCleaner\uninst.exe"
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\CPUID HWMonitor_is1] : (CPUID HWMonitor 1.29.-.) -> "C:\Program Files\CPUID\HWMonitor\unins000.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\DXM_Runtime] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Logitech Gaming Software] : (Logitech Gaming Software 8.58.-.Logitech Inc.) -> C:\Program Files\Logitech Gaming Software\uninstallhlpr.exe /bitness=x64 /silentmode=off /langid=ENU /downgrade=no
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\McAfee Security Scan] : (McAfee Security Scan Plus.-.McAfee, Inc.) -> "C:\Program Files\McAfee Security Scan\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\MPlayer2] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\PotPlayer64] : (Potplayer-64 Bits.-.Kakao Corp.) -> "C:\Program Files\DAUM\PotPlayer\uninstall.exe"
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\Steam App 311690] : (Enter the Gungeon.-.Dodge Roll) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/311690
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.11.1] : (Vulkan Run Time Libraries 1.0.11.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.11.1\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.11.1-2] : (Vulkan Run Time Libraries 1.0.11.1.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.11.1\Instance_2\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\VulkanRT1.0.3.0] : (Vulkan Run Time Libraries 1.0.3.0.-.LunarG, Inc.) -> C:\Program Files (x86)\VulkanRT\1.0.3.0\UninstallVulkanRT.exe
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{0DE0A178-AC7B-4650-806C-CF226DE03766}] : (Apple Application Support (64-bit).-.Apple Inc.) -> MsiExec.exe /I{0DE0A178-AC7B-4650-806C-CF226DE03766}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F64180101F0}] : (Java 8 Update 101 (64-bit).-.Oracle Corporation) -> MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F64180101F0}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{3540181E-340A-4E7A-B409-31663472B2F7}] : (Apple Mobile Device Support.-.Apple Inc.) -> MsiExec.exe /I{3540181E-340A-4E7A-B409-31663472B2F7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}] : (Bonjour.-.Apple Inc.) -> MsiExec.exe /X{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{66C5838F-B854-4A55-89E6-A6138747A4DF}] : (Epic Games Launcher Prerequisites (x64).-.Epic Games, Inc.) -> MsiExec.exe /X{66C5838F-B854-4A55-89E6-A6138747A4DF}
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{690285C2-2481-44FB-8402-162EA970A6DD}] : (Logitech Gaming Software.-.Logitech Inc.) -> MsiExec.exe /I{690285C2-2481-44FB-8402-162EA970A6DD}
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel] : (Ansel.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision] : (NVIDIA 3D Vision Driver 368.81.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.3DVision
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel] : (NVIDIA Control Panel 368.81.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver] : (NVIDIA Graphics Driver 368.81.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience] : (NVIDIA GeForce Experience 2.11.4.0.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.GFExperience
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB] : (NVIDIA 3D Vision Controller Driver 364.44.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NVIRUSB
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX] : (NVIDIA PhysX System Software 9.16.0318.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.PhysX
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update] : (NVIDIA Update 2.11.4.0.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer] : (NVIDIA LED Visualizer 1.0.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv] : (SHIELD Streaming.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService] : (NVIDIA GeForce Experience Service.-.NVIDIA Corporation) -> 
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver] : (NVIDIA HD Audio Driver 1.3.34.15.-.NVIDIA Corporation) -> "C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer] : (NVIDIA Install Application.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service] : (NVIDIA Network Service.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay] : (NVIDIA ShadowPlay 2.11.4.0.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController] : (SHIELD Wireless Controller Driver.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core] : (NVIDIA Update Core.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver] : (NVIDIA Virtual Audio 1.2.40.-.NVIDIA Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{B5E06417-A4AC-4225-B36E-7E34C91616E7}] : (Intel® Trusted Connect Service Client.-.Intel Corporation) -> MsiExec.exe /I{B5E06417-A4AC-4225-B36E-7E34C91616E7}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}] : (Intel(R) Smart Connect Technology.-.Intel Corporation) -> MsiExec.exe /I{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}
[HKLM\SOFTWARE\Microsoft\windows\CurrentVersion\Uninstall\{E690A491-702F-4DEC-9977-C015D1DBB57C}] : (iTunes.-.Apple Inc.) -> MsiExec.exe /I{E690A491-702F-4DEC-9977-C015D1DBB57C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\AddressBook] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX] : (Adobe Flash Player 21 ActiveX.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_ActiveX.exe -maintain activex
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Adobe Flash Player NPAPI] : (Adobe Flash Player 19 NPAPI.-.Adobe Systems Incorporated) -> C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_226_Plugin.exe -maintain plugin
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battle.net] : (Battle.net.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=battle.net --displayname="Battle.net"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Battlelog Web Plugins] : (Battlelog Web Plugins.-.EA Digital Illusions CE AB) -> C:\Program Files (x86)\Battlelog Web Plugins\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\BitRaider Streaming Client] : (BitRaider Streaming Client.-.BitRaider, LLC) -> C:\ProgramData\BitRaider\common\brwc.exe -brremoveclient
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Connection Manager] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Creative Software AutoUpdate] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\CrystalDiskInfo_is1] : (CrystalDiskInfo 7.0.0.-.Crystal Dew World) -> "C:\Program Files (x86)\CrystalDiskInfo\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Device Doctor_is1] : (Device Doctor v3.1.-.Device Doctor Software Inc.) -> "C:\Program Files (x86)\Device Doctor\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Diablo III] : (Diablo III.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=diablo3_enus --displayname="Diablo III"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DirectDrawEx] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\DivX Setup] : (DivX Setup.-.DivX, LLC) -> C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\ESN Sonar-0.70.4] : (ESN Sonar.-.ESN Social Software AB) -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fontcore] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Fraps] : (Fraps.-.) -> "C:\Fraps\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Google Chrome] : (Google Chrome.-.Google Inc.) -> "C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.106\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Hearthstone] : (Hearthstone.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=hs_beta --displayname="Hearthstone"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Heroes of the Storm] : (Heroes of the Storm.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=heroes --displayname="Heroes of the Storm"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\HOST_AUDIO_SOUNDCORE_MANAGER] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE40] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE4Data] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IE5BAKEX] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IEData] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\InstallShield Uninstall Information] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\IObitUninstall] : (IObit Uninstaller.-.IObit) -> "C:\Program Files (x86)\IObit\IObit Uninstaller\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\League of Legends 3.0.1] : (League of Legends.-.Riot Games) -> msiexec.exe /x {79BF4901-1EC4-4726-B3C2-A7859706C6E7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] : (Malwarebytes Anti-Malware version 2.2.1.1043.-.Malwarebytes) -> "C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\McAfee Security Scan] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Middle Earth - Shadow of Mordor_R.G. Mechanics_is1] : (Middle Earth - Shadow of Mordor.-.R.G. Mechanics, spider91) -> "C:\Users\Sambone\AppData\Roaming\Middle Earth - Shadow of Mordor\Uninstall\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MobileOptionPack] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Mozilla Firefox 37.0.1 (x86 en-US)] : (Mozilla Firefox 37.0.1 (x86 en-US).-.Mozilla) -> "C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\MozillaMaintenanceService] : (Mozilla Maintenance Service.-.Mozilla) -> "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NCLauncher_NCWest] : (NCSOFT Game Launcher.-.NCSOFT) -> C:\Program Files (x86)\NCWest\NCLauncher\Uninstall.exe
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\NVIDIAStereo] : (NVIDIA Stereoscopic 3D Driver.-.NVIDIA Corporation) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\OCCT] : (OCCT 4.4.2.-.Ocbase.com) -> C:\Program Files (x86)\OCCTPT\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Origin] : (Origin.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Origin\OriginUninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Overwatch] : (Overwatch.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=prometheus --displayname="Overwatch"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Overwatch Test] : (Overwatch Test.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=prometheus_test --displayname="Overwatch Test"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PlanetSide 2] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\PlaysTV] : (PlaysTV.-.Plays.tv, LLC) -> "C:\Program Files (x86)\Raptr Inc\PlaysTV\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\RaidCall] : (RaidCall.-.raidcall.com) -> C:\Program Files (x86)\RaidCall\uninst.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Razer Surround] : (Razer Surround.-.Razer Inc.) -> "C:\ProgramData\Razer\Synapse\ProductUpdates\Uninstallers\Razer Surround\Razer Surround_Uninstaller.exe" /S
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SBCinema] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\SchedulingAgent] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Sound Blaster Cinema] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\StarCraft II] : (StarCraft II.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=s2_enus --displayname="StarCraft II"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam] : (Steam.-.Valve Corporation) -> C:\Program Files (x86)\Steam\uninstall.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 211420] : (Dark Souls: Prepare to Die Edition.-.FromSoftware) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/211420
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 377160] : (Fallout 4.-.Bethesda Game Studios) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/377160
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 437220] : (The Culling.-.Xaviant) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/437220
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 500] : (Left 4 Dead.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/500
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 550] : (Left 4 Dead 2.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/550
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 55110] : (Red Faction: Armageddon.-.Volition) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/55110
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\Steam App 730] : (Counter-Strike: Global Offensive.-.Valve) -> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/730
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\swtor_swtor] : (Star Wars The Old Republic.-.Bioware/EA) -> c:\program files (x86)\electronic arts\bioware\star wars - the old republic\BitRaider\bin\brwc.exe id=swtor_swtor -bruninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] : (TeamSpeak 3 Client.-.TeamSpeak Systems GmbH) -> "C:\Program Files (x86)\TeamSpeak 3 Client\uninstall.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\WIC] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\World of Warcraft] : (World of Warcraft.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=wow_enus --displayname="World of Warcraft"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\World of Warcraft Beta] : (World of Warcraft Beta.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=wow_beta --displayname="World of Warcraft Beta"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\World of Warcraft Public Test] : (World of Warcraft Public Test.-.Blizzard Entertainment) -> "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" --lang=enUS --uid=wow_ptr_enus --displayname="World of Warcraft Public Test"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}] : (Razer Synapse.-.Razer Inc.) -> MsiExec.exe /I{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}] : (InputMapper.-.DSDCS) -> MsiExec.exe /X{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{1F561AD0-55E0-4B00-9429-C727DD525977}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1F561AD0-55E0-4B00-9429-C727DD525977}\setup.exe" -l0x9 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2091F234-EB58-4B80-8C96-8EB78C808CF7}] : (Facebook Video Calling 3.1.0.521.-.Skype Limited) -> MsiExec.exe /X{2091F234-EB58-4B80-8C96-8EB78C808CF7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] : (Google Toolbar for Internet Explorer.-.Google Inc.) -> "C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}] : (Intel(R) USB 3.0 eXtensible Host Controller Driver.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F03217065FB}] : (.-.) -> 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}] : (Star Wars: The Old Republic.-.Electronic Arts, Inc.) -> C:\Program Files (x86)\Common Files\BioWare\Uninstall Star Wars - The Old Republic.exe
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}] : (Hi-Rez Studios Authenticate and Update Service.-.Hi-Rez Studios) -> "C:\Program Files (x86)\InstallShield Installation Information\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}\setup.exe" -runfromtemp -l0x0409  -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4620A9CA-A0D7-4F15-BA89-4545B5372345}] : (Epic Games Launcher.-.Epic Games, Inc.) -> MsiExec.exe /X{4620A9CA-A0D7-4F15-BA89-4545B5372345}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}] : (Java Auto Updater.-.Oracle Corporation) -> 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}] : (Apple Application Support (32-bit).-.Apple Inc.) -> MsiExec.exe /I{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}] : (Intel(R) Management Engine Components.-.Intel Corporation) -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{6A0549A9-1B96-498C-ACBC-3943001FEB19}] : (Skype™ 7.15.-.Skype Technologies S.A.) -> MsiExec.exe /X{6A0549A9-1B96-498C-ACBC-3943001FEB19}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}] : (PCMark 7.-.Futuremark) -> "C:\Program Files (x86)\InstallShield Installation Information\{75C3C9C0-6CE6-42FA-A0E9-658E8F539124}\setup.exe" -runfromtemp -l0x0409  -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{789289CA-F73A-4A16-A331-54D498CE069F}] : (Ventrilo Client.-.Flagship Industries, Inc.) -> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] : (League of Legends.-.Riot Games) -> MsiExec.exe /X{79BF4901-1EC4-4726-B3C2-A7859706C6E7}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{809ACFAE-9A4D-4C60-9223-D8B615CD8CBA}}_is1] : (VGA Boost.-.MSI) -> "C:\Program Files (x86)\MSI\MSITrigger\VGA Boost\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}] : (Sound Blaster Cinema.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}\Setup.exe" -l0x9  /remove
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] : (Realtek Ethernet Controller Driver.-.Realtek) -> C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{88B1984E-36F0-47B8-B8DC-728966807A9C}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\setup.exe" -l0x9 
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}] : (.-.Creative Technology Limited) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8A83AB8D-8F49-4DB1-BDF6-D74037508614}\setup.exe" -l0x9 
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{933B4015-4618-4716-A828-5289FC03165F}] : (VC80CRTRedist - 8.0.50727.6195.-.DivX, Inc) -> MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] : (Google Update Helper.-.Google Inc.) -> MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}] : (Mumble 1.2.8.-.Thorvald Natvig) -> MsiExec.exe /I{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{ABADE36E-EC37-413B-8179-B432AD3FACE7}] : (Battlefield 4™.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\Battlefield 4\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}] : (Futuremark SystemInfo.-.Futuremark Corporation) -> "C:\Program Files (x86)\InstallShield Installation Information\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}\setup.exe" -runfromtemp -l0x0409  -removeonly
[{Hidden}][HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}] : (Launcher Prerequisites (x64).-.Epic Games, Inc.) -> "C:\ProgramData\Package Cache\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}\LauncherPrereqSetup_x64.exe"  /uninstall
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{D55ED80F-FAFD-40E1-99FC-89AF8614A9B5}_is1] : (World of Warcraft Classic.-.Blizzard Entertainment) -> "C:\Program Files (x86)\World of Warcraft Classic\unins000.exe"
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}] : (Curse.-.Curse) -> MsiExec.exe /X{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{E402D891-4E45-4ce9-B41F-DD35864EF170}] : (STAR WARS™ Battlefront™.-.Electronic Arts) -> "C:\Program Files (x86)\Common Files\EAInstaller\STAR WARS Battlefront\Cleanup.exe" uninstall_game -autologging
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] : (Realtek High Definition Audio Driver.-.Realtek Semiconductor Corp.) -> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F2AC2743-7D6D-48A8-9F8C-0876FDC5C58B}] : (System Requirements Lab Detection.-.Husdawg, LLC) -> MsiExec.exe /X{F2AC2743-7D6D-48A8-9F8C-0876FDC5C58B}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}] : (System Requirements Lab CYRI.-.Husdawg, LLC) -> MsiExec.exe /I{F3FCB08B-E752-444D-86A0-0634A4F3B23D}
[HKLM\SOFTWARE\WOW6432Node\Microsoft\windows\CurrentVersion\Uninstall\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}] : (Apple Software Update.-.Apple Inc.) -> MsiExec.exe /I{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}

---------- | Ports 


---------- | Microsoft Specifications

CheckID: AAFDE9CF_9E01_43FE_869C_F81D4708C0CF0{DEE70742-F4E9-44CA-B2B9-EE95DCF37295} -  -> AAFDE9CF_9E01_43FE_869C_F81D4708C0CF
CheckID: Access_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT ACCESSC2RINSTALLED) -> Access_PIA
CheckID: Ace_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT C2RINSTALLED) -> Ace_PIA
CheckID: dummy_MSCOMCTL_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT C2RINSTALLED) -> dummy_MSCOMCTL_PIA
CheckID: dummy_Office_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT C2RINSTALLED) -> dummy_Office_PIA
CheckID: Excel_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT EXCELC2RINSTALLED) -> Excel_PIA
CheckID: Forms_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT C2RINSTALLED) -> Forms_PIA
CheckID: Graph_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT (ACCESSC2RINSTALLED OR EXCELC2RINSTALLED OR POWERPOINTC2RINSTALLED OR WORDC2RINSTALLED)) -> Graph_PIA
CheckID: OneNotePIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT ONENOTEC2RINSTALLED) -> OneNotePIA
CheckID: Outlook_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT OUTLOOKC2RINSTALLED) -> Outlook_PIA
CheckID: PowerPoint_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT POWERPOINTC2RINSTALLED) -> PowerPoint_PIA
CheckID: Publisher_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT PUBLISHERC2RINSTALLED) -> Publisher_PIA
CheckID: SmartTag_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT (ACCESSC2RINSTALLED OR EXCELC2RINSTALLED OR WORDC2RINSTALLED)) -> SmartTag_PIA
CheckID: VSCommonPIAHidden0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT C2RINSTALLED) -> VSCommonPIAHidden
CheckID: Word_PIA0{90150000-008C-0000-0000-0000000FF1CE} - REMOVE~<>"ALL" AND C2RINT AND (NOT WORDC2RINSTALLED) -> Word_PIA
CheckID: VSTO0{90150000-008C-0000-0000-0000000FF1CE} - CLICK2RUN -> VSTO
CheckID: VSTOCLR350{90150000-008C-0000-0000-0000000FF1CE} - CLICK2RUN -> VSTOCLR35
CheckID: VSTOCLR400{90150000-008C-0000-0000-0000000FF1CE} - CLICK2RUN -> VSTOCLR40
CheckID: VSTOCLR40Intl_10330{90150000-008C-0409-0000-0000000FF1CE} - CLICK2RUN -> VSTOCLR40Intl_1033
CheckID: D2BCE474_49DC_4169_8EFD_7CAB0921B6140{79BF4901-1EC4-4726-B3C2-A7859706C6E7} - NOT ( ( ( Version9X OR VersionNT64)) ) -> D2BCE474_49DC_4169_8EFD_7CAB0921B614
CheckID: LoLDesktopShortcut1{79BF4901-1EC4-4726-B3C2-A7859706C6E7} - AI_DESKTOP_SH -> LoLDesktopShortcut
CheckID: LoLStartMenuShortcut1{79BF4901-1EC4-4726-B3C2-A7859706C6E7} - AI_STARTMENU_SH -> LoLStartMenuShortcut
CheckID: VSTA_Runtime_CLR350{9495AEB4-AB97-39DE-8C42-806EEF75ECA7} - (NOT NETFX35_INSTALLED) AND (NOT NETCLIENT35_INSTALLED) -> VSTA_Runtime_CLR35
CheckID: VSTA_Runtime_CLR400{9495AEB4-AB97-39DE-8C42-806EEF75ECA7} - (NOT NETFX40_INSTALLED) AND (NOT NETCLIENT40_INSTALLED) -> VSTA_Runtime_CLR40
CheckID: VSTO_Runtime_CLR350{9495AEB4-AB97-39DE-8C42-806EEF75ECA7} - (NOT NETFX35_INSTALLED) AND (NOT NETCLIENT35_INSTALLED) -> VSTO_Runtime_CLR35
CheckID: VSTO_Runtime_CLR400{9495AEB4-AB97-39DE-8C42-806EEF75ECA7} - (NOT NETFX40_INSTALLED) AND (NOT NETCLIENT40_INSTALLED) -> VSTO_Runtime_CLR40
CheckID: NIS0{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78} - (VersionNT < 600) OR (VersionNT = 600 AND ServicePackLevel = 0) -> NIS
CheckID: EppOobe0{3061DCA5-2D0B-48F9-800F-9D7C1FEB5E78} - InstallOOBEComponents = "0" -> EppOobe
CheckID: GAC_NGEN_ALL_Feature0{3FE312D5-B862-40CE-8E4E-A6D8ABF62736} - NOT VersionNT64 -> GAC_NGEN_ALL_Feature
CheckID: ISCTClientProductFeature0{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D} - NOT NETFRAMEWORK40FULL -> ISCTClientProductFeature
CheckID: PreviousDeviceDriversFeature0{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D} - VersionNT > 602 -> PreviousDeviceDriversFeature
CheckID: FTRE_ChromeExt0{6D1221A9-17BF-4EC0-81F2-27D30EC30701} - NOT CHROME_IS_INSTALLED -> FTRE_ChromeExt
CheckID: FTRE_FFAddOn0{6D1221A9-17BF-4EC0-81F2-27D30EC30701} - NOT FF_IS_INSTALLED -> FTRE_FFAddOn
CheckID: FTRE_IEAddOn0{6D1221A9-17BF-4EC0-81F2-27D30EC30701} - NOT IE_IS_INSTALLED -> FTRE_IEAddOn

---------- | CLSID


---------- | Listing No Microsoft signed files | system32 (Not necessary Malwares)

[MD5.02515F0C9C38A3179756850FECA24EEE] - |D| - [13/07/2009 21:45:49] - (.-.) - [28.27 Ko] - (0.0.0.0) - C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[MD5.02515F0C9C38A3179756850FECA24EEE] - |D| - [13/07/2009 21:45:49] - (.-.) - [28.27 Ko] - (0.0.0.0) - C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[MD5.4C1B4268BE202665A8534F0471F449EF] - |D| - [12/05/2014 13:06:21] - (.-.) - [317.5 Ko] - (1.0.305.0) - C:\Windows\system32\APOMgr64.DLL
[MD5.22D9945B4AAE36DD59620A918F2E65F4] - |D| - [10/06/2009 14:06:00] - (.-.) - [3096 Ko] - (0.0.0.0) - C:\Windows\system32\boot.sdi
[MD5.405E1EF8E3C88E9BCD2853382BB12430] - |D| - [10/06/2009 13:48:31] - (.-.) - [22.45 Ko] - (0.0.0.0) - C:\Windows\system32\bopomofo.uce
[MD5.F02F93D5AEC524052E4A37C1BB7CCF31] - |D| - [13/07/2009 18:20:24] - (.Copyright(C)Brother Industries Ltd.1997-2006 - Brother Multi Function CoInstaller.) - [19 Ko] - (1.0.0.20) - C:\Windows\system32\brcoinst.dll
[MD5.7D00FF6A4315FDF4ACAFBB4EF157EA9F] - |D| - [13/07/2009 17:07:04] - (.Copyright (C) 2008 - Bthpan Context Handler.) - [91.5 Ko] - (1.0.0.1) - C:\Windows\system32\BthpanContextHandler.dll
[MD5.718B2F97951B3A5F2968E91DE7DE74E5] - |D| - [13/07/2009 16:57:57] - (.Copyright (C) 2008 - ContextH Application.) - [67.5 Ko] - (1.0.0.1) - C:\Windows\system32\BWContextHandler.dll
[MD5.7B4B38A7F2CA50DBB416FAF9000AC3B7] - |D| - [12/05/2014 13:06:24] - (.Copyright (c) 2011 Creative Technology Ltd. - Creative Host SoundCore Module.) - [325.13 Ko] - (1.0.3.0) - C:\Windows\system32\ChezSC64.DLL
[MD5.D58C89E30CE713B90701A35C80CEF8F8] - |D| - [12/05/2014 13:06:21] - (.-.) - [87.5 Ko] - (1.0.64.0) - C:\Windows\system32\CmdRtr64.DLL
[MD5.6E14F444A2506049EEC25CB5EDFE0905] - |D| - [15/05/2014 14:00:26] - (.2013 © Real Sound Lab SIA, iSoft Solutions - CONEQ™ Media Suite APO GUI Library.) - [110.91 Ko] - (1.0.0.4) - C:\Windows\system32\CONEQMSAPOGUILibrary.dll
[MD5.079B8AEB4A55BF8493BD1EC70285D920] - |D| - [13/07/2009 21:57:09] - (.-.) - [0.07 Ko] - (0.0.0.0) - C:\Windows\system32\desktop.ini
[MD5.5386B001836AA5CDA15D3235603FFA04] - |D| - [15/02/2016 00:55:24] - (.Copyright (C) 2012 - Installation Helper Custom Actions for wix.) - [68 Ko] - (1.0.0.1) - C:\Windows\system32\DriverInstallCA.dll
[MD5.A28FD71F4E5B631B2D0AF6F67C80D6A7] - |D| - [15/02/2016 00:55:26] - (.Copyright (C) 2010 - A-Volute CA installation for drivers.) - [240 Ko] - (1.0.0.1) - C:\Windows\system32\DriverInstallCACMD.exe
[MD5.8C6F56F4CDDE6A1FD01F4FCF2773298E] - |D| - [13/07/2009 19:34:42] - (.-.) - [210.88 Ko] - (0.0.0.0) - C:\Windows\system32\dssec.dat
[MD5.0A05D6A4DE27C77D924F89635987FDA9] - |D| - [13/07/2009 14:36:47] - (.-.) - [17.51 Ko] - (0.0.0.0) - C:\Windows\system32\EventViewer_EventDetails.xsl
[MD5.67D4ADBEF7DE3EDC8837C459DAF92479] - |D| - [13/07/2009 21:45:34] - (.-.) - [421.58 Ko] - (0.0.0.0) - C:\Windows\system32\FNTCACHE.DAT
[MD5.4413DA3F90138EAC46FA23CADEBA826D] - |D| - [05/09/2015 01:09:14] - (.Copyright © Beepa P/L 2013 - Fraps.) - [103.5 Ko] - (3.5.99.15623) - C:\Windows\system32\frapsv64.dll
[MD5.2AE808CB0D9A667B0CF41EA74B3B9BAC] - |D| - [10/06/2009 13:36:24] - (.-.) - [39.6 Ko] - (0.0.0.0) - C:\Windows\system32\gatherNetworkInfo.vbs
[MD5.4FDED87068052EEB9B72A97FDBC141DB] - |D| - [13/07/2009 16:56:51] - (.-.) - [23.44 Ko] - (0.0.0.0) - C:\Windows\system32\gb2312.uce
[MD5.BC9189406BE84EC297464A514221406D] - |D| - [22/08/2014 21:21:34] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\system32\HRUPPROG.EXIT
[MD5.F899139DF5E1059396431415E770C6DD] - |D| - [22/08/2014 21:21:29] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\system32\HRUPPROG.TXT
[MD5.ECD81B99477AB4A93D7838EB40B870D0] - |D| - [13/07/2009 19:34:28] - (.-.) - [8.59 Ko] - (0.0.0.0) - C:\Windows\system32\icrav03.rat
[MD5.038F6AD6CEE43585D814CDBC7CDFD3EC] - |D| - [13/07/2009 16:56:51] - (.-.) - [59.04 Ko] - (0.0.0.0) - C:\Windows\system32\ideograf.uce
[MD5.2CBD6D22499EB13A2666F62EF33D00E2] - |D| - [14/04/2015 14:13:04] - (.-.) - [15.92 Ko] - (0.0.0.0) - C:\Windows\system32\ieuinit.inf
[MD5.AAA0C03BF54FC8A4E895B576861A9848] - |D| - [20/11/2010 20:07:41] - (.-.) - [29.12 Ko] - (0.0.0.0) - C:\Windows\system32\InstallPackage_ETW.Log
[MD5.7C0C25F4BA1084C4ABBEEA2C74194C5F] - |D| - [13/07/2009 16:56:51] - (.-.) - [6.79 Ko] - (0.0.0.0) - C:\Windows\system32\kanji_1.uce
[MD5.529BBD63519BBD654EF328454019693F] - |D| - [13/07/2009 16:56:51] - (.-.) - [8.29 Ko] - (0.0.0.0) - C:\Windows\system32\kanji_2.uce
[MD5.7A7A04370A6030B9B0E8178DAD4A6E41] - |D| - [13/07/2009 16:56:51] - (.-.) - [12.57 Ko] - (0.0.0.0) - C:\Windows\system32\korean.uce
[MD5.C1B7AB03AC2F3C990A40BC2E18E02CF1] - |D| - [13/07/2009 19:35:50] - (.-.) - [11687.04 Ko] - (0.0.0.0) - C:\Windows\system32\korwbrkr.lex
[MD5.5046E55184021406C27E8D48A1B2C9D2] - |D| - [13/07/2009 17:22:31] - (.Copyright © 1996-1999 Fraunhofer Institut Integrierte Schaltungen IIS - MPEG Layer-3 Audio Codec for MSACM.) - [79.5 Ko] - (1.9.0.401) - C:\Windows\system32\l3codeca.acm
[MD5.3F209D551A39797CF5F47E2D5B683ADA] - |D| - [13/07/2009 17:23:57] - (.Copyright © 2004 Fraunhofer IIS - MPEG Audio Layer-3 Codec for MSACM.) - [178 Ko] - (3.4.0.0) - C:\Windows\system32\l3codecp.acm
[MD5.1023CDFCD48E60066CC3CFEA2E9AC4B6] - |D| - [15/04/2013 11:52:02] - (.Copyright (C) 2011 Logitech, Inc. - GSeriesR Coinstaller for XP.) - [75.77 Ko] - (1.3.0.0) - C:\Windows\system32\ladfGSRCoinst_amd64.dll
[MD5.531FE5A2634D87A078017259F21D9736] - |D| - [10/06/2009 14:01:55] - (.-.) - [206.97 Ko] - (0.0.0.0) - C:\Windows\system32\lcphrase.tbl
[MD5.D3C85593F8C4576FCF9B42AC48CA4368] - |D| - [13/07/2009 14:25:31] - (.-.) - [23.55 Ko] - (0.0.0.0) - C:\Windows\system32\lcptr.tbl
[MD5.55F5EB370DB26CD95A916F70AA811E17] - |D| - [13/07/2009 22:01:34] - (.-.) - [105.69 Ko] - (0.0.0.0) - C:\Windows\system32\license.rtf
[MD5.E89C001FB4D9E08CC7072CE774CDB999] - |D| - [20/11/2010 19:52:07] - (.-.) - [0.01 Ko] - (0.0.0.0) - C:\Windows\system32\LocalGroupAdminAdd.log
[MD5.563C3703A9B57CC9B370A76D6173D09C] - |D| - [20/11/2010 19:52:08] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\system32\Local_LLU.log
[MD5.EA63CC5BCAE1631C6DA5ACE9299BABB6] - |D| - [10/06/2009 13:31:50] - (.-.) - [2.66 Ko] - (0.0.0.0) - C:\Windows\system32\locationnotificationsview.xml
[MD5.7A495CA1402C2F9F5D035092AD808669] - |D| - [13/07/2009 13:17:48] - (.-.) - [0.85 Ko] - (0.0.0.0) - C:\Windows\system32\manage-bde.wsf
[MD5.75616F8DB5C092A8A50AFEC273859DD7] - |D| - [15/05/2014 14:00:27] - (.© Waves Audio Ltd. - MaxxAudio APO.) - [311.34 Ko] - (2.2.9.0) - C:\Windows\system32\MaxxAudioAPO20.dll
[MD5.D956C3D6ECE65A10A1018A72E08C4973] - |D| - [15/05/2014 14:00:28] - (.Copyright (C) 2010-2013 - MaxxAudio APO Shell.) - [989.75 Ko] - (4.12.5.0) - C:\Windows\system32\MaxxAudioAPOShell64.dll
[MD5.1A6C91215105B6B6C48B0F531E1CD8FA] - |D| - [15/05/2014 14:00:28] - (.Copyright © 1996-2012 -.) - [1989.25 Ko] - (4.1.0.0) - C:\Windows\system32\MaxxAudioEQ64.dll
[MD5.4B6EAA192F2FBBDC6A91A15337F04C39] - |D| - [15/05/2014 14:00:28] - (.Copyright (c) 2006-2013 Creative Technology Ltd. - Creative Audio Processing Object Module.) - [1951.27 Ko] - (1.2.16.44) - C:\Windows\system32\MBAPO264.dll
[MD5.7AAB733392C6CA841E6804AB3EE9C638] - |D| - [12/05/2014 13:06:24] - (.Copyright (C) 2011 -.) - [39.63 Ko] - (1.20.0.0) - C:\Windows\system32\MBCfg64.dll
[MD5.F55DC8BFC0B4EEBA996FA297817CC682] - |D| - [12/05/2014 13:06:24] - (.Copyright (c) 2009 Creative Technology Ltd. -.) - [144.63 Ko] - (0.0.0.6) - C:\Windows\system32\MBCfg64.exe
[MD5.0D8796F3A9EA024DEEDBB04F060FD097] - |D| - [12/05/2014 13:06:24] - (.-.) - [8.37 Ko] - (0.0.0.0) - C:\Windows\system32\MBCfg64.ini
[MD5.222FAD09ACEA780623E9E8364EFDB6B8] - |D| - [12/05/2014 13:06:24] - (.-.) - [5.72 Ko] - (0.0.0.0) - C:\Windows\system32\MBCfgUninstall64.ini
[MD5.AFC0794ABE84EA81F8B886F21A7858F4] - |D| - [15/05/2014 14:00:28] - (.Copyright (c) 2006-2010 Creative Technology Ltd. - Audio Processing Object Chaining Module.) - [388.27 Ko] - (1.0.0.250) - C:\Windows\system32\MBWrp64.dll
[MD5.39E801545FFF6230C80140E0F8A06629] - |D| - [13/07/2009 21:57:09] - (.-.) - [1.21 Ko] - (0.0.0.0) - C:\Windows\system32\migwiz.lnk
[MD5.ED434A3EBE29070A7E0138C42482EB93] - |D| - [10/06/2009 13:44:02] - (.-.) - [657.31 Ko] - (0.0.0.0) - C:\Windows\system32\mlang.dat
[MD5.86166DAA04A6C154826508304CC6D4AC] - |D| - [10/06/2009 13:35:23] - (.-.) - [0.55 Ko] - (0.0.0.0) - C:\Windows\system32\NdfEventView.xml
[MD5.CD48AD912839B9FB6CCA5D4AA9B37500] - |D| - [13/07/2009 15:01:19] - (.-.) - [21.3 Ko] - (0.0.0.0) - C:\Windows\system32\NetTrace.PLA.Diagnostics.xml
[MD5.8E24A7BCAEF2045DA1FF29217622843E] - |D| - [20/11/2010 19:52:07] - (.-.) - [0.04 Ko] - (0.0.0.0) - C:\Windows\system32\Network_LLU.log
[MD5.5A34DB0802A96719F9DC08DFC7F356D1] - |D| - [13/07/2009 19:35:50] - (.-.) - [1.66 Ko] - (0.0.0.0) - C:\Windows\system32\NOISE.CHS
[MD5.6C114885CC2C983BA24F9A4EDE9A48FA] - |D| - [13/07/2009 19:35:50] - (.-.) - [1.66 Ko] - (0.0.0.0) - C:\Windows\system32\NOISE.CHT
[MD5.DE78E0C57BC478D47CC2F470B68E1A45] - |D| - [13/07/2009 19:35:51] - (.-.) - [0.72 Ko] - (0.0.0.0) - C:\Windows\system32\NOISE.DAT
[MD5.C04D36BBEF5B9BAA8D8DA0B57F22BE20] - |D| - [10/06/2009 13:49:51] - (.-.) - [2.01 Ko] - (0.0.0.0) - C:\Windows\system32\noise.jpn
[MD5.1C96B3DA6ABE5E18B63C64DF75884F6A] - |D| - [13/07/2009 19:35:51] - (.-.) - [1.45 Ko] - (0.0.0.0) - C:\Windows\system32\noise.kor
[MD5.BDD9B70A185CA6DEFEAA59BB55B70644] - |D| - [13/07/2009 19:35:51] - (.-.) - [0.68 Ko] - (0.0.0.0) - C:\Windows\system32\NOISE.THA
[MD5.78B1DD0BE630C276E98347088A76CE30] - |D| - [25/07/2016 23:53:26] - (.-.) - [0.58 Ko] - (0.0.0.0) - C:\Windows\system32\nv-vk64.json
[MD5.D23AA49C9F00120B6E3CC40466D258CC] - |D| - [26/07/2016 14:21:07] - (.-.) - [39040.94 Ko] - (0.0.0.0) - C:\Windows\system32\nvcompiler.dll
[MD5.DD34EBE0060036AB633EE3487AC9CB36] - |D| - [25/07/2016 23:43:07] - (.-.) - [7042.9 Ko] - (0.0.0.0) - C:\Windows\system32\nvcoproc.bin
[MD5.ABE55A76C2CFF8C3B74F6827E62D37AF] - |D| - [25/07/2016 23:53:26] - (.-.) - [678.39 Ko] - (0.0.0.0) - C:\Windows\system32\nvfatbinaryLoader.dll
[MD5.6A9A361267ED3C5943F7A67A7E99B299] - |D| - [17/04/2015 11:30:29] - (.-.) - [38.21 Ko] - (0.0.0.0) - C:\Windows\system32\nvinfo.pb
[MD5.E1992A663628B72907E84798AACCD458] - |D| - [25/07/2016 23:53:26] - (.-.) - [10406.36 Ko] - (0.0.0.0) - C:\Windows\system32\nvptxJitCompiler.dll
[MD5.42256DDFDF673E3FB6C236CB1FF49FE0] - |D| - [18/03/2016 15:57:59] - (.-.) - [109.59 Ko] - (0.0.0.0) - C:\Windows\system32\NvRtmpStreamer64.dll
[MD5.5D27362AF3BCAA75A418F5416A35934E] - |D| - [13/07/2009 16:14:22] - (.-.) - [0.26 Ko] - (0.0.0.0) - C:\Windows\system32\odbcconf.rsp
[MD5.2901049544FDF863362FABA2363EB647] - |D| - [13/07/2009 13:24:21] - (.-.) - [0.82 Ko] - (0.0.0.0) - C:\Windows\system32\onlinesetup.cmd
[MD5.E1589266E4DA276B58582DB4CFC9556D] - |D| - [25/07/2016 23:42:52] - (.Copyright © The Khronos Group Inc 2011 - OpenCL Client DLL.) - [208.94 Ko] - (1.2.11.0) - C:\Windows\system32\OpenCL.dll
[MD5.A029A434A3035429628CA35102FFB907] - |D| - [13/07/2009 16:16:33] - (.-.) - [0.11 Ko] - (0.0.0.0) - C:\Windows\system32\pcl.sep
[MD5.912B5573C83DBE1AD5889CC26A631023] - |D| - [13/07/2009 19:36:59] - (.-.) - [609.93 Ko] - (0.0.0.0) - C:\Windows\system32\perfc009.dat
[MD5.B7795BC96C1CEB86E04E8DC843E9C784] - |D| - [10/06/2009 13:33:35] - (.-.) - [113.56 Ko] - (0.0.0.0) - C:\Windows\system32\PerfCenterCpl.ico
[MD5.7AAA3E23CE4C7845B112F7A79B110E60] - |D| - [13/07/2009 19:36:59] - (.-.) - [30.81 Ko] - (0.0.0.0) - C:\Windows\system32\perfd009.dat
[MD5.F1832BAF002F0AF6E3D638C3BF1E9FB6] - |D| - [13/07/2009 19:36:59] - (.-.) - [2097.88 Ko] - (0.0.0.0) - C:\Windows\system32\perfh009.dat
[MD5.C4ACE931C5CA3263F218A82B0EE6AAF0] - |D| - [13/07/2009 22:13:15] - (.-.) - [6.07 Ko] - (0.0.0.0) - C:\Windows\system32\PerfStringBackup.INI
[MD5.CD421DDB5C6E5458CE52EDC36DE7DC5B] - |D| - [24/07/2016 11:04:48] - (.-.) - [74.37 Ko] - (0.0.0.0) - C:\Windows\system32\PnkBstrA.exe
[MD5.C09741B9886EF0D15EC3B1443352FB62] - |D| - [13/07/2009 16:16:33] - (.-.) - [0.05 Ko] - (0.0.0.0) - C:\Windows\system32\pscript.sep
[MD5.C236A8735A48B165A2A7724357DBE332] - |D| - [20/11/2010 20:24:16] - (.-.) - [103.08 Ko] - (0.0.0.0) - C:\Windows\system32\RacRules.xml
[MD5.3A77C18665A4C8428768CE186A5BC1EF] - |D| - [10/06/2009 13:59:55] - (.-.) - [1.78 Ko] - (0.0.0.0) - C:\Windows\system32\rasctrnm.h
[MD5.91F5D442F081FC900953F45ED1EE9C17] - |D| - [29/05/2014 07:32:14] - (.Copyright © 2014 Razer Inc. All rights reserved - RazerCoinstaller.) - [78.5 Ko] - (0.0.0.5) - C:\Windows\system32\RazerCoinstaller.dll
[MD5.43E7D0AB6A8564F5BF375FBF0934FAD1] - |D| - [13/07/2009 14:18:33] - (.-.) - [0.7 Ko] - (0.0.0.0) - C:\Windows\system32\RestartManager.mof
[MD5.3F75A221A01F68D6CE67FE99A868BD8F] - |D| - [13/07/2009 14:18:33] - (.-.) - [0.17 Ko] - (0.0.0.0) - C:\Windows\system32\RestartManagerUninstall.mof
[MD5.E9D4A333DF15D06C68AC4BFB9B6581CB] - |D| - [15/05/2014 14:00:30] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DAA Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\system32\RP3DAA64.dll
[MD5.B6FE01558CC03F3866C9AD0ED19261D8] - |D| - [15/05/2014 14:00:30] - (.© 2008,2009 Dolby Laboratories, Inc. - PCEE3 DHT Control Panel x64.) - [302.84 Ko] - (6.0.6001.18) - C:\Windows\system32\RP3DHT64.dll
[MD5.A6286A6C7A1BBFCBA17AA54384A21D1C] - |D| - [15/05/2014 14:00:30] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 COM DLL x64.) - [199.34 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEED64A.dll
[MD5.6F4CD493196100EEF349D7132CECAFD9] - |D| - [15/05/2014 14:00:30] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 GFX APO x64.) - [76.84 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEG64A.dll
[MD5.ECAEC5FBBBEF8612AF0A866AFA5F7EF2] - |D| - [15/05/2014 14:00:30] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 LFX APO x64.) - [98.84 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEL64A.dll
[MD5.D0D0D82B7366E691275E433CD34F89B2] - |D| - [15/05/2014 14:00:30] - (.©2009 Dolby Laboratories, Inc. - Dolby PCEE3 Control Panel x64.) - [366.34 Ko] - (6.1.6001.33) - C:\Windows\system32\RTEEP64A.dll
[MD5.D41D8CD98F00B204E9800998ECF8427E] - |D| - [19/06/2016 20:21:19] - (.-.) - [0 Ko] - (0.0.0.0) - C:\Windows\system32\RzSurroundVADAudioDeviceManager_log.txt
[MD5.5C18CD22BE4628865FCB63337A6E5EF6] - |D| - [20/11/2010 20:24:25] - (.-.) - [10.18 Ko] - (0.0.0.0) - C:\Windows\system32\ScavengeSpace.xml
[MD5.8CA32E9D986FA76F60EFBCFCD9D80A58] - |D| - [13/07/2009 16:56:51] - (.-.) - [16.35 Ko] - (0.0.0.0) - C:\Windows\system32\ShiftJIS.uce
[MD5.38482A5013D8AB40DF0FB15EAE022C57] - |D| - [10/06/2009 13:59:12] - (.-.) - [110.97 Ko] - (0.0.0.0) - C:\Windows\system32\slmgr.vbs
[MD5.C74D61FCA22F36791105D7878AF73572] - |D| - [10/06/2009 14:08:17] - (.-.) - [8.09 Ko] - (0.0.0.0) - C:\Windows\system32\spcinstrumentation.man
[MD5.A88BE9A6C4E646A2B2A1BD3A7F4B58E7] - |D| - [15/05/2014 14:00:38] - (.(c) 2007 SRS Labs, Inc.  - COM object implementing SRS Headphone 360.) - [194.23 Ko] - (1.1.0.0) - C:\Windows\system32\SRSHP64.dll
[MD5.A028717B791416182959B325D5B40679] - |D| - [15/05/2014 14:00:38] - (.Copyright (c) 2006 SRS Labs, Inc..  - TruSurround HD and HD4 COM object for Windows.) - [206.23 Ko] - (1.1.4.0) - C:\Windows\system32\SRSTSH64.dll
[MD5.018D3D2478754AA411DE6DA6DE5F8F21] - |D| - [15/05/2014 14:00:38] - (.Copyright 2002 SRS Labs, Inc. - TruSurroundXT Module.) - [506.73 Ko] - (3.2.0.0) - C:\Windows\system32\SRSTSX64.dll
[MD5.2FCADCC14F8E540F6ADE4BF92BD8AEDD] - |D| - [15/05/2014 14:00:38] - (.(c) 2006 SRS Labs, Inc.  - WOW HD COM object for Windows.) - [152.23 Ko] - (1.1.3.0) - C:\Windows\system32\SRSWOW64.dll
[MD5.30F5568679A54042F99CA9EC1102EBCD] - |D| - [13/07/2009 16:56:51] - (.-.) - [91.51 Ko] - (0.0.0.0) - C:\Windows\system32\SubRange.uce
[MD5.74943B60374CB5F9C6F9907F8BD2F79A] - |D| - [10/06/2009 14:01:15] - (.-.) - [3.14 Ko] - (0.0.0.0) - C:\Windows\system32\sysprint.sep
[MD5.9E1F3509104FCEB377A58A16E8243D39] - |D| - [13/07/2009 16:16:33] - (.-.) - [3.49 Ko] - (0.0.0.0) - C:\Windows\system32\sysprtj.sep
[MD5.5EC92F0EAE3CA59F647C3CA5AA7CB053] - |D| - [20/11/2010 20:24:36] - (.-.) - [339.75 Ko] - (0.0.0.0) - C:\Windows\system32\systemsf.ebd
[MD5.C059C6B7518A9D6DE3616A3143392FE6] - |D| - [10/06/2009 14:01:24] - (.-.) - [1.02 Ko] - (0.0.0.0) - C:\Windows\system32\tcpbidi.xml
[MD5.47F22CAD4A16BB40153555D631546B94] - |D| - [10/06/2009 14:01:25] - (.-.) - [58.71 Ko] - (0.0.0.0) - C:\Windows\system32\tcpmon.ini
[MD5.6D21D0A95286DCD09E354B612F592EB7] - |D| - [13/07/2009 19:34:28] - (.-.) - [1.94 Ko] - (0.0.0.0) - C:\Windows\system32\ticrf.rat
[MD5.05F9840831C29F5BE93AD8BE810D5614] - |D| - [13/07/2009 21:45:37] - (.-.) - [18 Ko] - (0.0.0.0) - C:\Windows\system32\umstartup.etl
[MD5.F736AA948D0C3CBCE212B7B2CB0EF115] - |D| - [13/07/2009 21:45:37] - (.-.) - [45 Ko] - (0.0.0.0) - C:\Windows\system32\umstartup000.etl
[MD5.D70BEDB9436DBCA77D3E470C1BAB373E] - |D| - [03/05/2016 19:22:42] - (.-.) - [127.78 Ko] - (0.0.0.0) - C:\Windows\system32\vulkan-1-1-0-11-1.dll
[MD5.B0ECA1A7A27554613D52FF60328D75DA] - |D| - [13/02/2016 18:46:26] - (.-.) - [123.27 Ko] - (0.0.0.0) - C:\Windows\system32\vulkan-1-1-0-3-0.dll
[MD5.D70BEDB9436DBCA77D3E470C1BAB373E] - |D| - [25/07/2016 23:05:57] - (.-.) - [127.78 Ko] - (0.0.0.0) - C:\Windows\system32\vulkan-1.dll
[MD5.0597F21B1DCADAB5F28806671670CDE4] - |D| - [03/05/2016 19:22:10] - (.-.) - [44.28 Ko] - (0.0.0.0) - C:\Windows\system32\vulkaninfo-1-1-0-11-1.exe
[MD5.8B3FD814D7DD1D35540C8C8883E83FF2] - |D| - [13/02/2016 18:45:26] - (.-.) - [44.77 Ko] - (0.0.0.0) - C:\Windows\system32\vulkaninfo-1-1-0-3-0.exe
[MD5.0597F21B1DCADAB5F28806671670CDE4] - |D| - [25/07/2016 23:05:57] - (.-.) - [44.28 Ko] - (0.0.0.0) - C:\Windows\system32\vulkaninfo.exe
[MD5.0C089E47D8BD3996742F0939DE7E2D48] - |D| - [15/05/2014 14:00:38] - (.Copyright © 1996-2012 - General Library for Plug-Ins.) - [2053.75 Ko] - (4.4.3.0) - C:\Windows\system32\WavesGUILib64.dll
[MD5.6EDD021A8B6457DDE09DE7B7FA4E8C8B] - |D| - [13/07/2009 14:54:15] - (.-.) - [0.6 Ko] - (0.0.0.0) - C:\Windows\system32\WdsUnattendTemplate.xml
[MD5.150A43E51A708A5F38C761F1A62F9D85] - |D| - [26/07/2016 14:41:28] - (.Copyright © 2016 - Java(TM) Platform SE binary.) - [107.56 Ko] - (8.0.1010.13) - C:\Windows\system32\WindowsAccessBridge-64.dll
[MD5.33C138E3A498083EF8792EAC3FD707BA] - |D| - [10/06/2009 14:00:54] - (.-.) - [0.03 Ko] - (0.0.0.0) - C:\Windows\system32\winrm.cmd
[MD5.5B49271AEC5D5A221E91C7B4F3BC2F4C] - |D| - [13/07/2009 15:53:10] - (.-.) - [196.32 Ko] - (0.0.0.0) - C:\Windows\system32\winrm.vbs
[MD5.3C436603213561E2E7DD3D4459DBB7D4] - |D| - [13/07/2009 15:53:10] - (.-.) - [4.57 Ko] - (0.0.0.0) - C:\Windows\system32\wsmanconfig_schema.xml
[MD5.D6CBFA113B69C491DE370E85EBAC80E9] - |D| - [13/07/2009 15:53:10] - (.-.) - [1.52 Ko] - (0.0.0.0) - C:\Windows\system32\WsmPty.xsl
[MD5.B2EDF82825D979928AE07CBE9C7A2160] - |D| - [13/07/2009 15:53:10] - (.-.) - [2.37 Ko] - (0.0.0.0) - C:\Windows\system32\WsmTxt.xsl
[MD5.9D6B8FC71167D22849424084F0F3D9E9] - |D| - [10/06/2009 13:31:09] - (.-.) - [74.28 Ko] - (0.0.0.0) - C:\Windows\system32\xpsrchvw.xml
[MD5.CFB89001DDE4224FB10C47E3DB3F5956] - |D| - [10/06/2009 14:03:31] - (.-.) - [3.95 Ko] - (0.0.0.0) - C:\Windows\system32\xwizard.dtd

---------- | Installer

[HKCR\Installer\Products\00005109C80000000000000000F01FEC] : Office 15 Click-to-Run Extensibility Component
[HKCR\Installer\Products\00005109C80090400000000000F01FEC] : Office 15 Click-to-Run Localization Component
[HKCR\Installer\Products\00005109F80000000100000000F01FEC] : Office 15 Click-to-Run Licensing Component
[HKCR\Installer\Products\1094FB974CE162743B2C7A5879606C7E] : League of Legends -> C:\Windows\Installer\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}\lol.launcher_1.exe
[HKCR\Installer\Products\18555481990E8AB4CBB63FB4F26006C0] : Google Toolbar for Internet Explorer
[HKCR\Installer\Products\194A096EF207CED499770C511DBD5BC7] : iTunes -> C:\Windows\Installer\{E690A491-702F-4DEC-9977-C015D1DBB57C}\Installer.ico
[HKCR\Installer\Products\1F7F1DFF9CA14CB49A8060686D53BAFA] : Apple Software Update -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\Installer.ico
[HKCR\Installer\Products\2C5820961842BF44482061E29A076ADD] : Logitech Gaming Software
[HKCR\Installer\Products\2EEB87D0FF8F8944FAA1F38FC1DEA86C] : Razer Synapse -> C:\Windows\Installer\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}\ARPPRODUCTICON.exe
[HKCR\Installer\Products\3472CA2FD6D78A84F9C88067DF5C5CB8] : System Requirements Lab Detection -> C:\Windows\Installer\{F2AC2743-7D6D-48A8-9F8C-0876FDC5C58B}\icon.ico
[HKCR\Installer\Products\4EA42A62D9304AC4784BF2468110100F] : Java 8 Update 101 (64-bit) -> C:\Program Files\Java\jre1.8.0_101\\bin\javaws.exe
[HKCR\Installer\Products\5104B339816461748A822598CF3061F5] : VC80CRTRedist - 8.0.50727.6195
[HKCR\Installer\Products\618FBF6D8BCACC64CA6C8CBB8AF594D7] : Intel(R) Smart Connect Technology -> C:\Windows\Installer\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}\ISCT.ico
[HKCR\Installer\Products\71460E5BCA4A52243BE6E7439C61617E] : Intel® Trusted Connect Service Client
[HKCR\Installer\Products\871A0ED0B7CA056408C6FC22D60E7366] : Apple Application Support (64-bit) -> C:\Windows\Installer\{0DE0A178-AC7B-4650-806C-CF226DE03766}\WinInstall.ico
[HKCR\Installer\Products\8BFDDD6597F70844985D521E5FA22BF8] : Bonjour -> C:\Windows\Installer\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}\Bonjour.ico
[HKCR\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E] : Google Update Helper
[HKCR\Installer\Products\99E80CA9B0328e74791254777B1F42AE] : 
[HKCR\Installer\Products\9A1221D6FB710CE4182F723DE03C7010] : Skype Click to Call -> C:\Windows\Installer\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}\ICON_PRODUCT
[HKCR\Installer\Products\9A9450A669B1C894CACB933400F1BE91] : Skype™ 7.15 -> C:\Windows\Installer\{6A0549A9-1B96-498C-ACBC-3943001FEB19}\SkypeIcon.exe
[HKCR\Installer\Products\9DF1A9462985DA64D80F4C4AF36FC17B] : Apple Application Support (32-bit) -> C:\Windows\Installer\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}\WinInstall.ico
[HKCR\Installer\Products\A089CE062ADB6BC44A720BA745894BAC] : Google Update Helper
[HKCR\Installer\Products\A13DBD9AF90AE7C4681DB3125C09001D] : Mumble 1.2.8 -> C:\Windows\Installer\{A9DBD31A-A09F-4C7E-86D1-3B21C59000D1}\mumble.ico
[HKCR\Installer\Products\A65044A18D7C1654CB340AAAD7A7AA46] : InputMapper -> C:\Windows\Installer\{1A44056A-C7D8-4561-BC43-A0AA7D7AAA64}\InputMapper.exe
[HKCR\Installer\Products\AC982987A37F61A43A13454D89EC60F9] : Ventrilo Client
[HKCR\Installer\Products\AC9A02647D0A51F4AB9854545B733254] : Epic Games Launcher -> C:\Windows\Installer\{4620A9CA-A0D7-4F15-BA89-4545B5372345}\UnrealEngineLauncher.ico
[HKCR\Installer\Products\B80BCF3F257ED444680A60434A3F2BD3] : System Requirements Lab CYRI
[HKCR\Installer\Products\D139E7FE48CDB174D86B8A3385904547] : 
[HKCR\Installer\Products\D2A425F405350054677A7A857BC03200] : Search App by Ask -> C:\Windows\Installer\{4F524A2D-5350-4500-76A7-A758B70C2300}\ToolbarIcon.exe
[HKCR\Installer\Products\E1810453A043A7E44B90136643272B7F] : Apple Mobile Device Support -> C:\Windows\Installer\{3540181E-340A-4E7A-B409-31663472B2F7}\Installer.ico
[HKCR\Installer\Products\F60730A4A66673047777F5728467D401] : Java Auto Updater
[HKCR\Installer\Products\F8385C66458B55A4986E6A3178744AFD] : Epic Games Launcher Prerequisites (x64) -> C:\Windows\Installer\{66C5838F-B854-4A55-89E6-A6138747A4DF}\UnrealEngineLauncher.ico

---------- | ADS


---------- | Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

---------- | MBR

Windows Version:        Windows 7 Home Premium Edition
Windows Information:        Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer:    MSI
BIOS Manufacturer:        American Megatrends Inc.
System Manufacturer:        MSI
System Product Name:        MS-7850
Logical Drives Mask:        0x0000000c

Analysis of file "C:\QuickDiag\MBR.bin":
Windows 7 MBR code detected

64 bits not supported by MBR.exe, Dump : C:\QuickDiag\MBR.Bin

---------- | 20 LastEventLog

Unexpected or missing value (name: 'PackageName', value: '') in key 'HKLM\Software\Classes\Installer\Products\D139E7FE48CDB174D86B8A3385904547\SourceList'
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
. This is often caused by incorrect security settings in either the writer or requestor process. 

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {ba373c3e-59e5-440c-b653-23996608b06a}
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Faulting application name: adsfix_3_26.07.2016.3.exe, version: 26.7.2016.3, time stamp: 0x5797b81b
Faulting module name: ltc_help32-114622.dll_unloaded, version: 0.0.0.0, time stamp: 0x57901016
Exception code: 0xc0000005
Fault offset: 0x60ae4022
Faulting process id: 0xb48
Faulting application start time: 0x01d1e78c4dd8c3a4
Faulting application path: C:\Users\Sambone\Downloads\adsfix_3_26.07.2016.3.exe
Faulting module path: ltc_help32-114622.dll
Report Id: 80125838-5380-11e6-b4ee-448a5b877319
------------

Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ltc_help64-114622.dll_unloaded, version: 0.0.0.0, time stamp: 0x5790119e
Exception code: 0xc0000005
Fault offset: 0x000007feec8c4c45
Faulting process id: 0x720
Faulting application start time: 0x01d1e78043a11619
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: ltc_help64-114622.dll
Report Id: 8001ae96-5380-11e6-b4ee-448a5b877319
------------

Product: Office 15 Click-to-Run Localization Component -- Error 1704. An installation for Office 15 Click-to-Run Licensing Component is currently suspended.  You must undo the changes made by that installation to continue.  Do you want to undo those changes?
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

The program GFExperience.exe version 2.11.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 1114
 Start Time: 01d1e709665bd455
 Termination Time: 27
 Application Path: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe
 Report Id: e8fe55fe-52fc-11e6-9408-448a5b877319

------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

Faulting application name: starwarsbattlefronttrial.exe, version: 1.0.5.56688, time stamp: 0x5784bcde
Faulting module name: ltc_game64-114622.dll_unloaded, version: 0.0.0.0, time stamp: 0x57901209
Exception code: 0xc0000005
Fault offset: 0x000007fee9e036b0
Faulting process id: 0x468
Faulting application start time: 0x01d1e701ed60816f
Faulting application path: C:\Program Files (x86)\Origin Games\STAR WARS Battlefront\starwarsbattlefronttrial.exe
Faulting module path: ltc_game64-114622.dll
Report Id: 36f6728e-52f5-11e6-b081-448a5b877319
------------

Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
------------

The program rads_user_kernel.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 Process ID: 1448
 Start Time: 01d1e6c129cdfeb7
 Termination Time: 2
 Application Path: C:\Users\Sambone\Downloads\PBE_Client_Shell\PBE\RADS\system\rads_user_kernel.exe
 Report Id: 7a852521-52b4-11e6-b0ab-448a5b877319

------------


----------( EOF)---------- - 5524 | 01:27:55
 

Share this post


Link to post
Share on other sites

Ccleaner To disable Useless Startups.

 

Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.

CCleaner - Free Download - Piriform
[IMG]

Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up then under the Windows Tab select each item then disable. Also under the scheduled task tab, you are safe to disable all task. Only disable items under the windows tab and scheduled task tab!

[IMG]

Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.

To do this:

 

  • Hit options.
  • Settings.
  • Place a tick to run Ccleaner when the computer starts.

[IMG]

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.

[IMG]

Reboot the machine after.

 

 

Zoek Scan

Disable your antivirus prior to this scan.
Download Zoek
Save the file to your desktop.
Right click Zoek.exe and run as administrator. (Xp Users double click)
Copy and paste the items in red below and paste them into Zoek.       

                                                                                                        

createsrpoint;
emptyfolderscheck;delete
emptyclsid;
emptyalltemp;
ipconfig /flushdns;b
ResetHosts;

autoclean;

 


 

Now hit the run script button.
The log will appear after a reboot, also you can find it on the C: drive.
Post the log in your next reply.

Share this post


Link to post
Share on other sites

@sambone1122 After the above, lets see a couple other logs. :)

 

HijackThis.

 

1- Please click HERE to download HijackThis.
2- Run the program.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.

 


Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.
 

Speccy Scan.

  • Please go here and download Speccy.
  • Install and run the program.
  • Upon Completion:
  • Hit File
  • Publish Snap Shot
  • A link will appear, post that link.

 

 

Share this post


Link to post
Share on other sites


Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Sambone on Wed 07/27/2016 at 12:43:09.75.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sambone\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

7/27/2016 12:47:10 PM Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 

# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 

# For example: 

#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\PROGRA~2\NCSOFT deleted successfully
C:\Program Files\stinger deleted successfully
C:\Program Files\Common Files\McAfee deleted successfully
C:\Users\Sambone\AppData\Roaming\Awesomium deleted successfully
C:\Users\Sambone\AppData\Local\Adobe deleted successfully
C:\Users\Sambone\AppData\Local\CrashDumps deleted successfully
C:\Users\Sambone\AppData\Local\NCSOFT deleted successfully
C:\Users\Sambone\AppData\Local\SKIDROW deleted successfully
C:\Users\Sambone\AppData\Local\Ubisoft Game Launcher deleted successfully
C:\Users\Sambone\AppData\Local\WarThunder deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_USERS\S-1-5-21-2847832888-1738266169-4025173231-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6C8C7D9-CE4E-406e-8D98-2B84BBE5E897} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4D91-8333-CF10577473F7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default

user.js not found
---- Lines Oasis Space removed from prefs.js ----
user_pref("extensions.Oasis Space.asul", "1465684456274");
user_pref("extensions.Oasis Space.aul", "1460073790537");
user_pref("extensions.Oasis Space.irl", true);
user_pref("extensions.Oasis Space.is", "thin");
user_pref("extensions.Oasis Space.ug", "228b905c-8147-821c-3bab-3d992dcc221e");
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.selectedEngine", "Yahoo");
---- FireFox user.js and prefs.js backups ---- 

prefs_20160727_1255_.backup

==== Batch Command(s) Run By Tool======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\NCSOFT not found
C:\Users\Sambone\AppData\Local\NCSOFT not found
C:\Users\Sambone\AppData\Local\lile deleted
C:\Users\Sambone\AppData\Roaming\Curse Client deleted
C:\PROGRA~2\Device Doctor deleted
C:\Users\Public\QiYi deleted
C:\ppsfile deleted
C:\Look_my_hardware.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Sambone\Downloads\DeviceDoctor_Bundle.exe deleted
C:\Users\Sambone\Downloads\driver_booster_setup_cnet.exe deleted
C:\Users\Sambone\Downloads\League_Screensaver.exe deleted
C:\Users\Sambone\AppData\LocalLow\Unity deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
"C:\PROGRA~2\Mozilla Firefox\browser\searchplugins\yahoo.xml" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Sambone\AppData\Roaming\Mozilla\Firefox\Profiles\s6mcv95a.default
3C39B899EB79C85746124ABF44B83587    - C:\Users\Sambone\AppData\Roaming\raidcall\plugins\nprcplugin.dll -    Raidcall plugin
18CF51689186AEB9D1D149AEB0E92D03    - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL -    Microsoft Office 2013
863AF0003392FEBC2667A8A790DED955    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll -    Shockwave Flash
3CD19649B2C3023D65E67C056457A2BC    - C:\Users\Sambone\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -    Facebook Video Calling Plugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[05/25/2016 10:31 AM]

Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Application Data\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype Click to Call - Sambone\AppData\Local\Chromium\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Skype - Sambone\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
HKCU\SearchScopes\{E8161232-B939-482D-A803-B91316C7E2EA} - http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MSIM_enUS588

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Device Doctor_is1 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D2A425F405350054677A7A857BC03200 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Application Data\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat will be deleted at reboot
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Sambone\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache will be emptied at reboot
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Application Data\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
C:\Users\Sambone\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=923 folders=133 459622653 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Sambone\AppData\Local\Temp will be emptied at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Sambone\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_0" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_1" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_2" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\data_3" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000002" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000003" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000004" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000005" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000006" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000007" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000008" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000009" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000a" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000b" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000c" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000d" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000e" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00000f" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000010" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000011" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000012" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000013" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000014" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000015" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000016" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000017" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000018" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000019" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001a" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001b" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001c" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001d" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001e" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00001f" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000020" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000021" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000022" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000023" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000024" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000025" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000026" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000027" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000028" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000029" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002a" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002b" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002c" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002d" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002e" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00002f" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000030" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000032" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000034" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000035" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000036" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000037" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000038" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000039" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00003a" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00003b" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00003c" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00003d" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00003e" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000041" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000042" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000043" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000045" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000046" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000047" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000048" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000049" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004a" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004b" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004c" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004d" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004e" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_00004f" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000050" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000051" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000052" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000053" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000054" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000055" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\f_000056" not found
"C:\Users\Sambone\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Cache\index" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on Wed 07/27/2016 at 13:03:03.76 ======================
 

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:05:28 PM, on 7/27/2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17728)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\Sambone\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
C:\Users\Sambone\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O4 - HKCU\..\Run: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - (no file)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BitRaider Mini-Support Service Stub Loader (BRSptStub) - BitRaider, LLC - C:\ProgramData\BitRaider\BRSptStub.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Network Service (NvStreamNetworkSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzSurroundVADStreamingService - Unknown owner - C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzSurroundVADStreamingService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9089 bytes

Share this post


Link to post
Share on other sites

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms"    ""    ""    ""    "11/20/2010 8:33 PM"    ""
+ "rdpclip"    ""    ""    "File not found: rdpclip"    ""    ""
"HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"    ""    ""    ""    "7/27/2016 12:39 PM"    ""
+ "CCleaner"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner64.exe"    "3/11/2015 11:19 AM"    ""
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "6/30/2016 7:25 PM"    ""
+ "Google Chrome"    "Google Chrome Installer"    "Google Inc."    "c:\program files (x86)\google\chrome\application\51.0.2704.106\installer\chrmstp.exe"    "6/22/2016 7:06 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files\windows mail\winmail.exe"    "7/13/2009 4:58 PM"    ""
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components"    ""    ""    ""    "7/26/2016 4:53 PM"    ""
+ "Microsoft Windows"    "Windows Mail"    "Microsoft Corporation"    "c:\program files (x86)\windows mail\winmail.exe"    "7/13/2009 4:42 PM"    ""
"HKLM\SOFTWARE\Classes\Protocols\Handler"    ""    ""    ""    "7/26/2016 4:16 PM"    ""
+ "skypec2c"    "Skype Click to Call IE Add-on"    "Microsoft Corporation"    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"    "5/25/2016 2:27 AM"    ""
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "1/29/2016 8:24 PM"    ""
+ "IObitUnstaler"    ""    ""    "File not found: C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll"    ""    ""
"HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "1/29/2016 8:24 PM"    ""
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes"    "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll"    "2/24/2016 10:14 AM"    ""
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "EPP"    "Microsoft Security Client Shell Extension"    "Microsoft Corporation"    "c:\program files\microsoft security client\shellext.dll"    "1/29/2016 8:24 PM"    ""
+ "IObitUnstaler"    ""    ""    "File not found: C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll"    ""    ""
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files\windows sidebar\sbdrop.dll"    "7/13/2009 6:32 PM"    ""
+ "NvCplDesktopContext"    "NVIDIA Display Shell Extension"    "NVIDIA Corporation"    "c:\windows\system32\nvshext.dll"    "7/10/2016 4:11 PM"    ""
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "Gadgets"    "Sidebar droptarget"    "Microsoft Corporation"    "c:\program files (x86)\windows sidebar\sbdrop.dll"    "7/13/2009 6:09 PM"    ""
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers"    ""    ""    ""    "7/26/2016 4:15 PM"    ""
+ "IObitUnstaler"    ""    ""    "File not found: C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll"    ""    ""
+ "MBAMShlExt"    "Malwarebytes Anti-Malware"    "Malwarebytes"    "c:\program files (x86)\malwarebytes anti-malware\mbamext.dll"    "2/24/2016 10:14 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers"    ""    ""    ""    "3/15/2016 4:00 PM"    ""
+ " SkyDrivePro1 (ErrorConflict)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\grooveex.dll"    "6/14/2016 3:25 AM"    ""
+ " SkyDrivePro2 (SyncInProgress)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\grooveex.dll"    "6/14/2016 3:25 AM"    ""
+ " SkyDrivePro3 (InSync)"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\grooveex.dll"    "6/14/2016 3:25 AM"    ""
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "7/27/2016 12:55 PM"    ""
+ "Java(tm) Plug-In 2 SSV Helper"    "Java(TM) Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre1.8.0_101\bin\jp2ssv.dll"    "6/22/2016 2:04 AM"    ""
+ "Java(tm) Plug-In SSV Helper"    "Java(TM) Platform SE binary"    "Oracle Corporation"    "c:\program files\java\jre1.8.0_101\bin\ssv.dll"    "6/22/2016 2:04 AM"    ""
+ "Microsoft SkyDrive Pro Browser Helper"    "Microsoft OneDrive for Business Extensions"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\grooveex.dll"    "6/14/2016 3:25 AM"    ""
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\urlredir.dll"    "6/14/2016 3:26 AM"    ""
+ "Skype for Business Browser Helper"    "Skype for Business"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\ochelper.dll"    "6/14/2016 3:21 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects"    ""    ""    ""    "7/27/2016 12:55 PM"    ""
+ "Office Document Cache Handler"    "Microsoft Office Document Cache Handler"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\office15\urlredir.dll"    "6/14/2016 2:40 AM"    ""
"HKLM\Software\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "5/25/2016 11:40 AM"    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\onbttnielinkednotes.dll"    "6/14/2016 3:24 AM"    ""
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\onbttnie.dll"    "6/14/2016 3:18 AM"    ""
+ "Skype Click to Call settings"    "Skype Click to Call IE Add-on"    "Microsoft Corporation"    "c:\program files (x86)\skype\toolbars\internet explorer x64\skypeieplugin.dll"    "5/25/2016 2:27 AM"    ""
+ "Skype for Business Click to Call"    "Skype for Business"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\vfs\programfilesx64\microsoft office\office15\ochelper.dll"    "6/14/2016 3:21 AM"    ""
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions"    ""    ""    ""    "7/26/2016 4:16 PM"    ""
+ "OneNote Lin&ked Notes"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\office15\onbttnielinkednotes.dll"    "6/14/2016 2:45 AM"    ""
+ "Se&nd to OneNote"    "Microsoft OneNote Internet Explorer Add-in"    "Microsoft Corporation"    "c:\program files\microsoft office 15\root\office15\onbttnie.dll"    "6/14/2016 2:50 AM"    ""
"Task Scheduler"    ""    ""    ""    ""    ""
X "\CCleanerSkipUAC"    "CCleaner"    "Piriform Ltd"    "c:\program files\ccleaner\ccleaner.exe"    "3/11/2015 11:16 AM"    ""
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan"    "Microsoft Malware Protection Command Line Utility"    "Microsoft Corporation"    "c:\program files\microsoft security client\mpcmdrun.exe"    "1/29/2016 8:23 PM"    ""
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo"    ""    ""    "c:\windows\system32\gathernetworkinfo.vbs"    "6/10/2009 1:36 PM"    ""
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary"    "Windows Media Player Network Sharing Service Configuration Application"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnscfg.exe"    "7/13/2009 5:24 PM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "7/27/2016 12:55 PM"    ""
+ "Apple Mobile Device Service"    "Provides the interface to Apple mobile devices."    "Apple Inc."    "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"    "2/12/2015 8:18 PM"    ""
+ "Bonjour Service"    "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence."    "Apple Inc."    "c:\program files\bonjour\mdnsresponder.exe"    "8/12/2015 3:47 PM"    ""
+ "BRSptStub"    "BitRaider Helper for unelevated driver loading."    "BitRaider, LLC"    "c:\programdata\bitraider\brsptstub.exe"    "10/10/2014 12:10 PM"    ""
+ "c2cautoupdatesvc"    "Downloads and installs product updates."    "Microsoft Corporation"    "c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe"    "5/25/2016 2:23 AM"    ""
+ "c2cpnrsvc"    "Provides phone number recognition services."    "Microsoft Corporation"    "c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe"    "5/25/2016 2:23 AM"    ""
+ "ClickToRunSvc"    "Manages resource coordination, background streaming, and system integration of Microsoft Office products and their related updates. This service is required to run during the use of any Microsoft Office program, during initial streaming installation and all subsequent updates."    "Microsoft Corporation"    "c:\program files\microsoft office 15\clientx64\officeclicktorun.exe"    "7/1/2016 10:47 PM"    ""
+ "EasyAntiCheat"    "EasyAntiCheat Service"    "EasyAntiCheat Ltd"    "c:\windows\syswow64\easyanticheat.exe"    "2/11/2016 1:02 PM"    ""
+ "Futuremark SystemInfo Service"    "Futuremark SystemInfo Service"    "Futuremark Corporation"    "c:\program files (x86)\futuremark\futuremark systeminfo\fmsisvc.exe"    "12/17/2012 6:46 AM"    ""
+ "GfExperienceService"    "NVIDIA GeForce Experience Service"    "NVIDIA Corporation"    "c:\program files\nvidia corporation\geforce experience service\gfexperienceservice.exe"    "6/14/2016 3:34 AM"    ""
+ "gupdate"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "8/21/2015 7:13 PM"    ""
+ "gupdatem"    "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it."    "Google Inc."    "c:\program files (x86)\google\update\googleupdate.exe"    "8/21/2015 7:13 PM"    ""
+ "gusvc"    "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work."    "Google"    "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"    "3/2/2012 2:13 PM"    ""
+ "iPod Service"    "iPod hardware management services"    "Apple Inc."    "c:\program files\ipod\bin\ipodservice.exe"    "10/16/2015 2:19 AM"    ""
+ "MsMpSvc"    "Helps protect users from malware and other potentially unwanted software"    "Microsoft Corporation"    "c:\program files\microsoft security client\msmpeng.exe"    "1/29/2016 8:22 PM"    ""
+ "NisSrv"    "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols"    "Microsoft Corporation"    "c:\program files\microsoft security client\nissrv.exe"    "1/29/2016 8:23 PM"    ""
+ "npggsvc"    "nProtect GameGuard Service"    "INCA Internet Co., Ltd."    "c:\windows\syswow64\gamemon.des"    "1/10/2016 2:35 AM"    ""
+ "NvNetworkService"    "NVIDIA Network Service"    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe"    "12/22/2015 2:46 PM"    ""
+ "NvStreamNetworkSvc"    "Network Service for SHIELD Streaming"    "NVIDIA Corporation"    "c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe"    "6/14/2016 12:28 PM"    ""
+ "NvStreamSvc"    "Service for SHIELD Streaming"    "NVIDIA Corporation"    "c:\program files\nvidia corporation\nvstreamsrv\nvstreamservice.exe"    "6/14/2016 12:26 PM"    ""
+ "nvsvc"    "Provides system and desktop level support to the NVIDIA display driver"    "NVIDIA Corporation"    "c:\windows\system32\nvvsvc.exe"    "7/10/2016 4:11 PM"    ""
+ "Origin Client Service"    "OriginClientService"    "Electronic Arts"    "c:\program files (x86)\origin\originclientservice.exe"    "6/2/2016 6:35 PM"    ""
+ "ose"    "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports."    "Microsoft Corporation"    "c:\program files (x86)\common files\microsoft shared\source engine\ose.exe"    "11/7/2012 3:37 AM"    ""
+ "osppsvc"    "Enables the download, installation, and enforcement of digital licenses for Microsoft Office applications. These applications require this service for proper operation. It is strongly recommended that you keep this service enabled."    "Microsoft Corporation"    "c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe"    "7/5/2012 5:13 PM"    ""
+ "PlaysService"    "Automatically installs new updates to Plays.tv client"    "Plays.tv, LLC"    "c:\program files (x86)\raptr inc\playstv\plays_service.exe"    "4/7/2010 6:29 PM"    ""
+ "PnkBstrA"    "PunkBuster Service Component [v1041] http://www.evenbalance.com"    ""    "c:\windows\system32\pnkbstra.exe"    "6/2/2014 3:51 PM"    ""
+ "Razer Game Scanner Service"    "GameScannerService"    ""    "c:\program files (x86)\razer\razer services\gss\gamescannerservice.exe"    "11/4/2015 5:11 PM"    ""
+ "RzSurroundVADStreamingService"    "RazerSurround VAD Streaming Service"    "A-Volute"    "c:\programdata\razer\synapse\devices\razer surround\driver\rzsurroundvadstreamingservice.exe"    "2/15/2016 12:56 AM"    ""
+ "SkypeUpdate"    "Enables the detection, download and installation of updates for Skype."    "Skype Technologies"    "c:\program files (x86)\skype\updater\updater.exe"    "7/9/2015 5:12 AM"    ""
+ "Steam Client Service"    "Steam Client Service monitors and updates Steam content"    "Valve Corporation"    "c:\program files (x86)\common files\steam\steamservice.exe"    "7/8/2016 2:44 PM"    ""
+ "Stereo Service"    "Provides system support for NVIDIA Stereoscopic 3D driver"    "NVIDIA Corporation"    "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"    "7/10/2016 3:33 PM"    ""
+ "WinDefend"    "Protection against spyware and potentially unwanted software"    "Microsoft Corporation"    "c:\program files\windows defender\mpsvc.dll"    "5/26/2013 10:51 PM"    ""
+ "WMPNetworkSvc"    "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play"    "Microsoft Corporation"    "c:\program files\windows media player\wmpnetwk.exe"    "11/20/2010 4:18 AM"    ""
"HKLM\System\CurrentControlSet\Services"    ""    ""    ""    "7/27/2016 12:55 PM"    ""
+ "adp94xx"    "Adaptec Windows SAS/SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adp94xx.sys"    "12/5/2008 4:54 PM"    ""
+ "adpahci"    "Adaptec Windows SATA Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpahci.sys"    "5/1/2007 10:30 AM"    ""
+ "adpu320"    "Adaptec StorPort Ultra320 SCSI Driver (X64)"    "Adaptec, Inc."    "c:\windows\system32\drivers\adpu320.sys"    "2/27/2007 5:04 PM"    ""
+ "aliide"    "ALi mini IDE Driver"    "Acer Laboratories Inc."    "c:\windows\system32\drivers\aliide.sys"    "7/13/2009 4:19 PM"    ""
+ "amdsata"    "AHCI 1.2 Device Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdsata.sys"    "3/18/2010 5:45 PM"    ""
+ "amdsbs"    "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform"    "AMD Technologies Inc."    "c:\windows\system32\drivers\amdsbs.sys"    "3/20/2009 11:36 AM"    ""
+ "amdxata"    "Storage Filter Driver"    "Advanced Micro Devices"    "c:\windows\system32\drivers\amdxata.sys"    "3/19/2010 9:18 AM"    ""
+ "arc"    "Adaptec RAID Storport Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arc.sys"    "5/24/2007 2:27 PM"    ""
+ "arcsas"    "Adaptec SAS RAID WS03 Driver"    "Adaptec, Inc."    "c:\windows\system32\drivers\arcsas.sys"    "1/14/2009 12:27 PM"    ""
+ "b06bdrv"    "Broadcom NetXtreme II GigE VBD"    "Broadcom Corporation"    "c:\windows\system32\drivers\bxvbda.sys"    "2/13/2009 3:18 PM"    ""
+ "b57nd60a"    "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver."    "Broadcom Corporation"    "c:\windows\system32\drivers\b57nd60a.sys"    "4/26/2009 4:14 AM"    ""
+ "BrFiltLo"    "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltlo.sys"    "8/6/2006 6:51 PM"    ""
+ "BrFiltUp"    "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver"    "Brother Industries, Ltd."    "c:\windows\system32\drivers\brfiltu