Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Accidentally Installed Virus on my computer :( please help


  • Please log in to reply
3 replies to this topic

#1 AlfredoBilly

AlfredoBilly

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 06:11 AM

i downloaded some virus program:(

there was too much add on my browser. I cannot use my Google Chrome:( and there is something appear in my windows and then disappear but in only for a short period. it make auto Alt+tab / windows+D when I was playing my game :(

I already tried this steps : https://www.bleepingcomputer.com/forums/t/506321/i-accidentally-installed-some-adware/

what must I do then?

 

Please help :(



BC AdBot (Login to Remove)

 


#2 AlfredoBilly

AlfredoBilly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 06:15 AM

this is the JRT.txt file :

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Pro x64
Ran by Michael Stiven (Administrator) on Sun 01/08/2017 at 17:52:16.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\ProgramData\mntemp (File)
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/08/2017 at 17:54:43.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

this is the extra.txt file:

OTL Extras logfile created on: 1/8/2017 5:57:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Stiven\Downloads\Programs
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.86 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.37% Memory free
9.68 Gb Paging File | 7.42 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.00 Gb Total Space | 35.62 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
Drive D: | 361.33 Gb Total Space | 192.44 Gb Free Space | 53.26% Space Free | Partition Type: NTFS
Drive E: | 390.62 Gb Total Space | 251.55 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-R8F9G5O | User Name: Michael Stiven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = IE.HTTP] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = IE.HTTP] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Classes\<extension>]
.html [@ = IE.HTTP] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 BD F2 D1 F3 1C D2 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059E1BC7-FEE6-402F-A9C9-C48086DCE58D}" = lport=1688 | protocol=6 | dir=in | app=c:\windows\kms-r@1n.exe |
"{10A6BE1A-204E-43D6-B515-E0B7BA7355BF}" = lport=35043 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{28AB99E7-77E3-4C25-8C04-1267746A44E0}" = lport=47995 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{624E4A07-1302-4545-83E4-F89B938F39DB}" = lport=47998 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamuseragent.exe |
"{7BC4BE8D-3EC4-4470-9DF0-F61778EB490A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{8E6B2820-400B-4859-8EB8-8BF838D4E3F8}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{96C30753-8032-4940-B9CE-E1FEA9C48AD7}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{9F9EDD94-F471-44D4-966E-5AB7DC10F02E}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{A7B434BC-3CCF-4108-AE61-26437D6B1651}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{B9D07B57-E592-46C1-80C4-CDC7602D8CFE}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{C693A48D-0C63-42EE-A8ED-DF46C9A0E5B8}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{D0D73D0A-C9D8-4C5F-970F-952D897CDC65}" = lport=1688 | protocol=6 | dir=out | app=c:\windows\kms-r@1n.exe |
"{E087C534-8801-44FF-9C4D-2972F9449CBF}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{E94A1C73-243E-48BB-9BC3-5A930636C3CD}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamnetworkservice.exe |
"{E992A5A4-6DA6-4DD3-BD0E-D258AE32DC5A}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 14.0\common7\ide\devenv.exe |
"{ED7EEBC7-F368-43CB-8F7D-6844DB8D4A00}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{EE35387B-81FF-49E1-B07B-677ADF83064C}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA6687-45C0-46E8-A8C9-537FA756432C}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.576_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{01438056-4375-4A11-AA29-53E954D85927}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{017BDD8E-FD07-4114-B1C2-3DD95FB420E9}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{02CBA2EE-16A2-4D70-A8B0-A8C8529E0BDC}" = dir=in | name=xbox |
"{037C9109-55C0-4F7C-B4F8-3EA0093B07C3}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{0434BB77-4C17-4552-8E7C-F4DA953E0EC8}" = dir=out | name=xbox |
"{04F95FED-EA95-45F8-A4D2-2D066F3657F3}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{05388813-1BB1-40FB-9EA9-23391BA3E0CA}" = dir=out | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{06121CAF-31C1-40B2-90EF-363D42C1D68A}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{069EDD8C-D604-40A3-A860-04AD3A47AE83}" = dir=out | name=onenote |
"{06B16837-1DAE-481C-BA40-4D1AC8764A87}" = dir=out | name=@{microsoft.bingfinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{079058F4-119A-4196-B3AB-E39555C6EB96}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{080349F4-8CA3-455C-8D0A-F87CF6B0B4E4}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{09C80F22-5D8B-429B-8BB5-F1AD9259F0A1}" = dir=out | name=store purchase app |
"{09CB3ABB-74CD-4F94-AA9B-F70990709325}" = dir=out | name=twitter |
"{09D428C8-0683-4DC0-BEAB-11F9648DCA7A}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{0A76BED2-2ABE-4EBD-B25B-53A04E39DD49}" = dir=out | name=@{microsoft.lockapp_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{0A92B0EE-9C92-4B4C-831D-345CDCADF51E}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{0AC2693D-4FE3-4135-89B3-2D8F4FCFB19D}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{0DFE357C-4C5E-43FD-9DD1-6E7DEFD399DD}" = dir=out | name=@{microsoft.getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{0EC5B2C7-636A-40A3-BD37-C68BD2890A9A}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{0EDB20EF-9A57-490E-8032-F12831833642}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{0F36F195-3C3F-4DF2-B351-4EA67594D5DA}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{0FBC6BF3-AD2B-4792-8136-9275E930E6BB}" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\apps\pbid\pointblank.exe |
"{10273FD8-8F27-4F57-BF18-F0CE171A4DEA}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{10D5113C-C19F-496C-9E59-4806BECC0D2F}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{1210C549-9FD5-421E-9ED5-A6D22FC08546}" = dir=out | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{1228FDC1-D3C1-42FC-A62F-26B26D2644A3}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} |
"{12FAE7BB-B69F-4BFB-84FD-A47AA9348C63}" = protocol=6 | dir=in | app=e:\steam\steam.exe |
"{1377C840-C208-4311-B3BA-F45420617483}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{13A4211C-7EE6-4307-A84E-30C9CD20366F}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{16FFB484-96E5-4E9D-9757-4FCD4C4627BE}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{170E9143-3655-4A19-9653-C91D0BE75306}" = dir=in | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{180486DA-3F68-42F6-A4A3-75F94E3F4915}" = dir=in | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{189AAF60-581E-408C-8121-6F5626FC8047}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{19F907CD-5D07-40B2-A81B-635883CDDD99}" = protocol=6 | dir=in | app=c:\users\michael stiven\appdata\roaming\utorrent\utorrent.exe |
"{1A64F28B-BA5D-4B19-B191-AD82E574972E}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{1B562CEC-4C42-4370-8111-955422026028}" = dir=out | name=@{microsoft.windows.secureassessmentbrowser_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.secureassessmentbrowser/resources/packagedisplayname} |
"{1B9291A7-63E2-4661-8F39-EE7505EAA5D2}" = dir=out | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{1C2E1335-668E-44C8-8AC5-45F9EC86A1A6}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{1D8DEE55-84C9-4105-AFF8-557FE8C8F52B}" = dir=in | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{1FC9D0CA-05BF-49CB-A614-A781D561CA74}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{1FDBC7C1-D2A7-443E-BCDE-2B340BB5DC79}" = dir=out | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{1FEA878D-0A93-4425-9DFB-82B62DFFDF11}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{208FD606-D817-4ECD-9E91-9E78097CEC39}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{20EF06FA-CBD1-4A9A-8E49-D155AFD1EBBF}" = dir=out | name=sway |
"{211D26D2-2218-4A27-89E0-BD7170C4AFFD}" = protocol=6 | dir=in | app=d:\lostsaga\autoupgrade.exe |
"{2149DA67-F5F9-4F5B-8DBE-273361CEAF9F}" = dir=out | name=twitter |
"{22A47E9A-AB15-424C-9915-44C47EB9DE50}" = dir=out | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{239F86E4-5707-4EA5-A435-A16470988E8D}" = dir=in | name=@{microsoft.windowsstore_11602.1.26.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{24ADB49B-2E04-4A2E-9F03-F1AE751418D9}" = dir=in | name=@{microsoft.zunevideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{25EC3C7E-80A2-4A76-8587-4F449B8B22B2}" = dir=in | name=sway |
"{2670B27F-D273-4F15-A43D-957D4E5C59EF}" = protocol=6 | dir=in | app=d:\lostsaga\lostsaga.exe |
"{2800D070-7683-4959-BE25-64ABA34BEC4E}" = dir=in | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{28924DF5-52F1-4DCA-A5B8-DB70ABE57DD8}" = dir=out | name=@{microsoft.zunemusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{295D2AD1-E5D6-42F7-A90F-D6E8DDEFFF9D}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\chromecast\node.exe |
"{29E5DF7E-D887-4950-A70F-DC0FAB96645F}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{2AAE027C-C27A-4153-9637-AEDE16EC19A2}" = dir=out | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{2B59358E-A7C5-41AB-AE3F-E0AED3213886}" = dir=out | name=@{microsoft.bingsports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{2CC440C4-67CF-4EB8-B472-A5EDD2B2D3FF}" = protocol=17 | dir=in | app=e:\steam\steam.exe |
"{2CF6E604-3389-4365-8A36-489D93935719}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{2DBB6A00-0EE7-4757-88B2-C0FF7A308E71}" = dir=in | name=xbox |
"{2EC1C647-FA97-4FC7-9EE6-40332ED7BE5A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe |
"{2FD982C8-6B9A-407C-8E47-29721D28D2A3}" = protocol=6 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{339904ED-FE8A-4ABC-B4A9-B324E5B4A169}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{33EE4E2E-D58C-471D-887C-2B268CD70327}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{34F87B99-FB37-4FFE-AC04-38A9CE2698F4}" = dir=out | name=@{microsoft.windows.photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{358B1FB4-95E6-47DB-ABE1-D890353F2532}" = dir=out | name=store purchase app |
"{381F0229-49DA-4E33-8370-01E3DDEC371E}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{3A827AC9-43C6-4E67-A981-42C0CAB9BC43}" = protocol=17 | dir=in | app=d:\lostsaga\lostsaga.exe |
"{3A83BAE9-97B9-4451-A590-0D0E37C2F9DD}" = dir=out | name=windows_ie_ac_001 |
"{3BF24B1A-2A01-402A-819C-E4E21D166316}" = dir=out | name=onenote |
"{3D00714F-63FD-48A3-B0BB-6D40882507CD}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\paladins\binaries\win32\hirezbridge.exe |
"{3D4BCC29-50E2-4AAD-87EC-E47D371781C3}" = dir=in | name=microsoft solitaire collection |
"{3D6D3464-E55B-4826-BC1B-46AD865EA33E}" = dir=out | name=@{microsoft.bingnews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{3DBEDA48-AF18-4374-B3AA-CFE5A7416673}" = dir=out | name=@{microsoft.people_10.0.10811.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{3E1FF743-AF11-49A2-B9F3-9B4F25542FB7}" = dir=in | name=@{microsoft.microsoftofficehub_17.7031.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{3E22BDA4-F2A2-405E-A48D-BD46FB3A4934}" = protocol=6 | dir=in | app=e:\steam\bin\steamwebhelper.exe |
"{3E2C1254-8E07-4E01-A6B3-19FB854B9C69}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{3FE8951D-18FC-4F5B-83BB-B7B9DDA2F542}" = protocol=17 | dir=in | app=c:\program files (x86)\garenapbid\gamedata\apps\pbid\pointblank.exe |
"{4054BB9D-A49B-43CE-BCB2-3F2A89A9A566}" = protocol=17 | dir=in | app=e:\steam\bin\steamwebhelper.exe |
"{40D73881-819F-43AF-90A9-7E359718E2F8}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{4444BEF4-05F7-4C83-AD4F-1E1A48C26266}" = protocol=6 | dir=in | app=c:\program files\corel\coreldraw graphics suite x7\programs64\coreldrw.exe |
"{446C35E6-FCBD-4C34-98FA-4F01CBD503E0}" = dir=out | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{452C750D-176E-4235-A2C3-EAF61BABD7EE}" = dir=out | name=candy crush soda saga |
"{456624B8-2EDE-4892-B5DB-7BC3E213A195}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{45E260EE-288A-4672-9B9E-5846F79B7ACC}" = protocol=17 | dir=in | app=e:\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{46EBFD6A-5B02-40DF-BBBD-640A874234D5}" = protocol=6 | dir=in | app=c:\program files\corel\coreldraw graphics suite x7\programs64\corelpp.exe |
"{482D603A-6DB7-4FDE-97F8-15232448A010}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\lost castle\lost_castle.exe |
"{48544DAD-F729-4C7B-9AC7-5C72BC6E1AA8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\unturned\unturned_be.exe |
"{4D8C5295-8200-4BB8-B07F-CB3393BCB337}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{4E0214AF-C8D2-4596-909C-0F3A194653F8}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |
"{509D94B8-BB27-40EF-8A66-51A06FDEC96A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\paladins\binaries\win32\hirezbridge.exe |
"{513F1D05-17B7-444B-8077-595659D2500A}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{517E78B8-41A8-4DA4-B822-A0E15D1F8DAD}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{51CFA739-C440-45C4-8CC1-E91E80A592B3}" = dir=in | name=@{microsoft.microsoftofficehub_17.7608.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{525A8343-5B3B-40A8-8FEF-9CC0D851368E}" = dir=out | name=microsoft solitaire collection |
"{550AE468-9491-41EF-9526-39522F1191E4}" = dir=out | name=@{microsoft.people_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{55578F24-A0AE-4E26-B11D-1E51F26F962D}" = dir=out | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{57A81B8F-9D2A-4EA0-8489-9F137832A9A2}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{5951448E-AB2F-4CDB-91E5-7F481D741300}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{5A4AD27D-B252-49F9-AED4-D46765CEA7F9}" = dir=out | name=xbox |
"{5A91C692-A2D7-487D-82F1-AE91FEB71799}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{5B7E6C7E-5D37-42AF-A533-DFABDB0A9845}" = dir=out | name=@{microsoft.zunevideo_10.16112.10221.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{5C3869E7-F6F0-4287-8963-9D1CD7B86548}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{5CE88E82-8E06-4BFE-B7EC-EFE1083D3F94}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"{5E3D91F0-7A3E-4BBE-9F37-CBE34D7F37AE}" = dir=out | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{5F87BFA1-406B-49A7-BC94-BFAFD52CC540}" = dir=in | name=line |
"{5F89A9B0-F667-4ADD-B558-B3E1A28EDCB0}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{605DE59F-D6B4-45D6-8D07-A780C2DC1886}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{60692C10-6C55-4512-8661-3DA5351A4851}" = dir=in | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6144A384-DD9F-4C61-9926-E3A632DD025C}" = dir=in | name=microsoft sticky notes |
"{61639089-C3A9-4A10-9963-D0D7C465A223}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{626866DF-2146-4EC4-A5EF-3715E590CF50}" = dir=in | name=@{microsoft.bingnews_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{630BD6E7-C083-4F75-AE6E-7E422B50542C}" = dir=in | name=@{microsoft.bingsports_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{635CE556-54A1-4F07-8011-51DCCDFEE5DE}" = dir=in | name=@{microsoft.zunemusic_3.6.22051.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6515FF75-51EF-42C1-AC99-D7E5997FD3AF}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{684C337D-3FAD-4A2F-8E2F-82585B54B75B}" = dir=out | name=@{microsoft.bingweather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{6A6FA6AC-78EF-433F-82C8-F20226C73FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |
"{6D06EE40-BDCF-474B-8B48-7F7432155FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\apps\pbid\pointblank.exe |
"{70C6DB48-3CF7-4D88-BE41-228EEA4E219B}" = protocol=6 | dir=in | app=c:\garenadownload\games\pbid\pbidinstaller.exe |
"{72519267-7320-4E5A-A697-8273938189FD}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{73E6914F-0E2E-4685-8148-19777F3E93F5}" = dir=out | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7411956A-B76F-4973-A6DD-D843CDA680D1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\freestyle2\launchersteam.exe |
"{74140692-A93B-44C5-979F-CB9D285D6DB6}" = dir=in | app=c:\program files\bignox\bignoxvm\rtnoxvmhandle.exe |
"{75ABBF82-9C20-4431-BD62-ED963FF0321D}" = dir=out | name=@{microsoft.accountscontrol_10.0.10586.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{75B83B77-9DC3-4ACB-A869-9256DB935CD3}" = dir=in | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{79505D94-3F56-4B2C-BD85-02378381F916}" = dir=out | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{79565E1A-D675-4FEB-829C-A656DF53D9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\popcorntimedesktop.exe |
"{7A0AFF0C-F5E9-445E-80DF-BFE456CA58E5}" = dir=in | name=@{microsoft.windows.photos_16.526.11220.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{7C4945B9-DF48-4113-BAB2-FF35D580EA61}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\unturned\unturned_be.exe |
"{7C811468-3A30-4836-BB5B-8555B3146C99}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{7CA3C418-5B7D-4F0F-B57A-C9453EEBDDF2}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{7D7FAEAA-8803-48E6-A371-CA83239B61CB}" = protocol=6 | dir=in | app=c:\programdata\microsoft\network\dsq\network\sysnetwk.exe |
"{7E00C640-7942-4FA5-85E6-4864AF9372AF}" = dir=out | name=@{microsoft.windowsphone_10.1605.1661.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{7E53DDBA-C50B-49B9-BFAF-ED3361D99CB1}" = dir=out | name=line |
"{82188E52-B311-4FD5-8EF5-C193050D03B9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\lost castle\lost_castle.exe |
"{83DDBCFE-7FFB-49EB-ABA7-83A1B8615D91}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{83FC077A-E375-4CD3-AF55-01B062FEEA00}" = dir=out | name=@{microsoft.3dbuilder_12.0.3131.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{8463FBE1-5E44-4368-A2F5-7E2F7D974A59}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{84CA389D-AB7B-41CD-B382-49D2FE08C99F}" = dir=out | name=sway |
"{84CA5424-D793-401F-A40A-E293B8C2E004}" = dir=out | name=onenote |
"{84CB3D76-082B-4817-B621-A7C68E54D2F8}" = dir=in | name=sway |
"{87885204-1C65-40D2-95B9-3815B0963D14}" = protocol=17 | dir=in | app=f:\steam\bin\steamwebhelper.exe |
"{8A439D87-5F36-4681-9C6B-3F24F00ADDC6}" = dir=in | name=onenote |
"{8A4CDAC1-F2AD-4746-8643-F2C5CFD6930C}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{8B71A5EA-E89D-43C7-9912-A4B6E5CDB743}" = dir=in | name=@{microsoft.commsphone_2.17.27003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{8CB6F59A-CA66-4A69-8EF9-19FDFB89AF3F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dirty bomb\binaries\win32\shootergame-win32-shipping.exe |
"{8DDE47FC-C187-482A-9934-D23CAEB12047}" = dir=out | name=xbox |
"{8E4806AB-9060-4D84-8364-3199AD0BC176}" = dir=out | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{8F0FAFDC-3F4F-4077-9BE9-4F331C920368}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{90E58AA4-1966-4515-AD18-68D6903B89A2}" = dir=out | name=@{windows.purchasedialog_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.purchasedialog/resources/displayname} |
"{916097EF-7167-4EF2-A78C-80E16167E6E3}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.576_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{92536CB1-9FA2-481A-9B0D-FFA95EADF6F4}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\chromecast\node.exe |
"{9456961B-05BE-41E9-897D-E4EEB92D7E21}" = protocol=6 | dir=in | app=c:\program files (x86)\garenapbid\gamedata\apps\pbid\pointblank.exe |
"{95E240D8-F9F6-4258-AB59-1853092BFA3E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dragon saga\wplauncher.exe |
"{9613C1D5-2A95-4DCC-94AE-2DCFB0713A42}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{96F729E9-4C34-4911-BD63-F171479A23C6}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\unturned\unturned.exe |
"{96F754E3-5C8C-4E8C-AA93-94FF4B48613F}" = dir=out | name=@{microsoft.bingnews_4.18.41.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{96F9B4E6-59EC-4BC0-8A5F-A3808C8A52F9}" = dir=in | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{978F82A6-EFA9-401C-BE9E-EE97408F30F7}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{97F44D7C-99C2-402B-80B7-2D8F2C0B4F3A}" = dir=in | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{9EE3894E-8C79-4205-A442-6390946534E2}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{A0089B3B-10F5-4F7E-B50E-5B8C091A3E44}" = protocol=17 | dir=in | name=incoming udp port |
"{A065E788-7773-4E2D-8CEC-5205C7EF5D3A}" = dir=in | name=onenote |
"{A32092E0-D09F-4CBA-B0DD-C6D698F4AE83}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{A4404A66-6153-4CEE-B23A-3DAB049CE01A}" = dir=out | name=microsoft sticky notes |
"{A4B601D3-C6FC-4817-8C1A-092CAF9E29EF}" = dir=in | name=@{microsoft.bingfinance_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{A500B2E5-2D92-4212-8D63-C79D2DFEF1F1}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{ABD30201-CB63-45A2-AB66-E20232563342}" = dir=out | name=sway |
"{AC132330-709D-46DC-8DC0-430A68F7E001}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{AD2DCCA5-EBE4-4751-B50E-C1F1D14E9116}" = dir=out | name=@{microsoft.people_10.1.3160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{ADA814A8-0BEB-4091-84C3-55364C22D222}" = dir=in | name=xbox |
"{AFF86335-FFA0-4D57-96B4-5185D5272132}" = dir=out | name=@{microsoft.windowsfeedback_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windowsfeedback/feedbackapp.resources/appname/text} |
"{B06AE8A9-AEFB-4A3B-8C01-C678AEAFA705}" = protocol=17 | dir=in | app=c:\users\michael stiven\appdata\roaming\utorrent\utorrent.exe |
"{B1800008-4DFC-4916-BF68-F18D9AC9D5A6}" = dir=in | name=@{microsoft.microsoftedge_25.10586.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{B2A26738-6837-4453-9F08-E2D1CFE8D527}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1611.3471.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{B31AE95B-631E-43FA-B387-52B8CF2A6F47}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{B4862941-A98C-4502-B686-40968F0A39D5}" = dir=out | name=candy crush soda saga |
"{B4E04DC4-9770-4033-9EA1-B5BDC37BCDD0}" = dir=in | name=@{microsoft.messaging_2.15.20002.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/microsoft.apps.messaging.skype/skypemessaging.resources/skype_appstorename} |
"{B759B296-E959-4BE9-973B-7C9E68ABCA4B}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{B770F641-10DB-46B8-AF44-68D562B5E340}" = dir=in | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{B81CD5FB-A35C-4BE6-B052-0431A9D9EFB2}" = dir=out | name=@{microsoft.xboxidentityprovider_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxidentityprovider/resources/pkgdisplayname} |
"{B868C9E2-F8EC-42D3-96BC-33B8685D89D2}" = protocol=6 | dir=in | app=f:\steam\bin\steamwebhelper.exe |
"{BAE789D0-EB1B-4478-B5A8-B38290C097D3}" = protocol=17 | dir=in | app=d:\lostsaga\autoupgrade.exe |
"{BB66C06E-C167-44E3-97AC-0CE6C05F44CF}" = dir=in | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{BBC0C948-A7E0-47E1-8D14-E4CBE5F86CB5}" = dir=in | name=@{microsoft.zunemusic_10.16112.10211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{BCDD2D52-6DD4-409D-8177-D9B6EF952910}" = dir=out | name=@{microsoft.3dbuilder_11.1.8.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{C0F05499-B05F-4EE0-8534-E98F6F778DB4}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{C1B091FB-D435-49E8-8144-3BEB3136044C}" = dir=out | name=@{microsoft.bingfinance_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{C357783B-5D0C-4E05-A083-7D93DEFEB83A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\freestyle2\launchersteam.exe |
"{C479F4E8-0410-48EF-8440-80EAD99A744E}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.576_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{C5227B01-556C-4991-9115-37049DA7FB9B}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{C532DDA3-84DB-43B7-9B5F-6EA5D656D2C6}" = dir=in | name=@{microsoft.windows.cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/displayname} |
"{C6A76CDA-CD01-4F7C-A8EE-AFBEA44421E0}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{C79E2D34-B6E1-412A-B78E-F9B67C62534C}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{C896A912-908A-4FA8-84C4-27D1F32F7205}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{C8A91926-89E5-4310-884E-9F2B855C389E}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{C956C1F6-87CC-4318-8962-E9460B2E27C0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dragon saga\wplauncher.exe |
"{C9B36AA6-E203-4E0C-9538-6F09AFF34136}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{C9FA510B-B827-4B6A-B892-410A702DD787}" = dir=out | name=@{microsoft.microsoftofficehub_17.7031.23501.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{CAC5F974-0DE1-4C13-9656-819F24C7C375}" = dir=out | name=@{microsoft.getstarted_4.2.29.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{CBE73E2D-ED9A-401F-A0E4-EBB9F0C90205}" = dir=out | name=@{microsoft.windowsmaps_5.1606.1670.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{CDDE953D-AE93-4E85-A1B2-4AA22B5DB12E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{CE2F49CB-E69A-48CB-891E-6D245948F4D2}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{CEED6016-1042-47F2-B17E-D46EF0653046}" = dir=out | name=@{microsoft.windowsstore_11610.1001.23.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{CF76AA56-B132-4610-BB5F-F5D2E3DF7435}" = dir=out | name=@{microsoft.zunevideo_3.6.21441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{D1BCBCCA-DACF-44CA-8E04-C62DFC78A776}" = dir=in | app=c:\users\michael stiven\appdata\roaming\nox\bin\nox.exe |
"{D2464AE8-0AB2-4B3A-8B3E-5D28867094D0}" = protocol=6 | dir=in | app=c:\program files (x86)\popcorn time\updater.exe |
"{D28343E8-8BB3-4E6F-9E5D-308A34B7CFA4}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"{D3211B74-D7F1-4706-B468-94FCED304044}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\clicker heroes\clicker heroes.exe |
"{D37028B0-5D36-4321-8EED-922FB9D46581}" = dir=out | name=@{microsoft.skypeapp_11.10.145.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{D60B1FFC-74AB-46EE-886F-4844B9BC3917}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{D85E009D-2CE4-450F-8CB0-40C90E67FAEA}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.576_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{D8ACA08F-4362-4433-A5FA-C91C4458E5F0}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{DA8D192D-08F5-403E-BFE5-7C3EA6AB015D}" = dir=in | name=onenote |
"{DAB6291E-E543-4BCA-AE3F-04465A1462EE}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{DC084D32-AABB-4228-9511-EE0442710ACE}" = dir=in | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{DDEB46B5-079F-4617-B914-03213ED5DA4E}" = dir=out | name=@{microsoft.getstarted_3.11.1.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{DFB458E3-5EE9-41CC-B5BF-4A601EA8D655}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\unturned\unturned.exe |
"{DFF00FFB-C42F-4A80-B8BB-1B8F247A4AE6}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.6965.40901.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxcommintl/appmanifest_outlookdesktop_displayname} |
"{E3478637-310C-4335-AE95-0F2F2CFDB495}" = dir=in | name=@{microsoft.bingweather_4.11.156.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{E3BEA078-2F47-49E1-8613-82C048F66E4E}" = dir=out | name=@{microsoft.microsoftedge_38.14393.0.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{E470D2D1-FC30-4BA3-AA71-7A864910FC13}" = dir=in | name=sway |
"{E507856B-C4B2-425B-85D1-8681CDDC8020}" = protocol=17 | dir=in | app=c:\garenadownload\games\pbid\pbidinstaller.exe |
"{E6415786-EC91-4FCD-9BD3-278B7376DB2C}" = dir=in | name=@{microsoft.bingsports_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{E743C065-04B9-40F0-83F4-E3D16028374F}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{E88EC8A8-C493-4EC8-BB2C-5E9E131615C8}" = dir=in | name=@{microsoft.bingweather_4.18.37.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{E9F8E9D2-175E-46DD-85CA-6C8CA739AEA7}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{EA0023A5-5245-4475-BE96-F3AB9CA917CE}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{EA781314-A8EC-4D11-B51B-CDBA10D47FEF}" = dir=in | name=microsoft solitaire collection |
"{EEF01D55-D73D-4553-9AE7-3B558A61E12C}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.7714.42037.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{EF3D64CC-4F74-420D-9244-CF145721E376}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{F4305521-0EAE-4EB2-AFE1-C3E92DFCBB0B}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{F47DE479-0917-44AC-908C-AE5ED27EBEE9}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{F5551F60-1875-425C-8DAB-C5C77CF60250}" = dir=out | name=microsoft solitaire collection |
"{F636E3FE-A793-4670-AC71-15329BD4B5F1}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.10586.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{F9D92DC4-D5D9-472B-B075-29DF4C014593}" = dir=out | name=@{windows.contactsupport_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{F9EE8321-975C-45B1-8801-C450F298DE09}" = dir=out | name=@{microsoft.windowsmaps_5.1611.3342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{FAAA6516-7F77-43BF-8EAA-67489EBA11AC}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{FB3A877A-3493-4984-897C-F3130A6EFCF5}" = dir=out | name=@{microsoft.windows.photos_16.1118.10000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{FB8AC1DB-5382-45D5-B5B8-A04E63BB478A}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{FC8BC8C8-D54E-4F35-A2AB-7B9E47F6B71E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\clicker heroes\clicker heroes.exe |
"TCP Query User{0CB78945-EE1D-4A21-BBAF-A7A1DB90C5EF}D:\mighty no 9\mighty no 9\binaries\win32\mn9game.exe" = protocol=6 | dir=in | app=d:\mighty no 9\mighty no 9\binaries\win32\mn9game.exe |
"TCP Query User{1138C51B-61A7-45B3-ABF5-97E9C2853A9F}C:\users\michael stiven\downloads\pokefarmer\pokefarmer.exe" = protocol=6 | dir=in | app=c:\users\michael stiven\downloads\pokefarmer\pokefarmer.exe |
"TCP Query User{20F36A7E-B314-4792-961F-014F96384151}E:\steam\steamapps\common\freestyle2\freestyle2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\freestyle2\freestyle2.exe |
"TCP Query User{2867E680-4822-4479-95A1-3AF07004B6F1}D:\mighty no 9\mighty no 9\binaries\win64\mn9game.exe" = protocol=6 | dir=in | app=d:\mighty no 9\mighty no 9\binaries\win64\mn9game.exe |
"TCP Query User{43853A09-B1E9-4E8F-93E9-E915E4D31A46}C:\program files\java\jre1.8.0_77\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.8.0_77\bin\javaw.exe |
"TCP Query User{45AB7898-4B96-4126-8B29-7B7FFA7C37D2}D:\lost castle1\win64\lost_castle.exe" = protocol=6 | dir=in | app=d:\lost castle1\win64\lost_castle.exe |
"TCP Query User{60351567-50F1-4DF8-BED4-27DF89195B3B}F:\games\call of duty world at war\call of duty - world at war\cod5sp.exe" = protocol=6 | dir=in | app=f:\games\call of duty world at war\call of duty - world at war\cod5sp.exe |
"TCP Query User{6D9384C1-8E49-46E3-8CDC-04EED852DE89}D:\pro evolution soccer 2016\pes2016.exe" = protocol=6 | dir=in | app=d:\pro evolution soccer 2016\pes2016.exe |
"TCP Query User{7C115099-4769-4175-A95A-116378BB35D6}D:\lostsaga\no_autoupgrade.exe" = protocol=6 | dir=in | app=d:\lostsaga\no_autoupgrade.exe |
"TCP Query User{910ECABE-8C19-4A31-A2B6-65A9E757E158}E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"TCP Query User{96B8194F-3666-44EC-A206-515C107D15B0}D:\bombsquad_windows_1.4.99\bombsquad.exe" = protocol=6 | dir=in | app=d:\bombsquad_windows_1.4.99\bombsquad.exe |
"TCP Query User{C14C5EFF-A5BD-4E31-BAA5-E97188102E86}C:\users\michael stiven\downloads\pokefarmer\pokefarmer.patched.exe" = protocol=6 | dir=in | app=c:\users\michael stiven\downloads\pokefarmer\pokefarmer.patched.exe |
"TCP Query User{CEE1B5D9-9216-4743-AD06-7580FC84D205}C:\users\michael stiven\downloads\compressed\release\necrobot.exe" = protocol=6 | dir=in | app=c:\users\michael stiven\downloads\compressed\release\necrobot.exe |
"TCP Query User{CFC923AA-53F5-48A8-BFD9-3934E8976DBC}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\common\paladins\binaries\win32\paladins.exe |
"TCP Query User{D85CCC41-5916-4775-829A-51B41D3C78BF}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\bbtalk\bbtalk.exe |
"TCP Query User{F77FE46F-7CEB-4EAB-99B8-5F839EF765C5}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
"UDP Query User{22180E50-4E0E-435F-BADB-F3CF414A0860}D:\mighty no 9\mighty no 9\binaries\win64\mn9game.exe" = protocol=17 | dir=in | app=d:\mighty no 9\mighty no 9\binaries\win64\mn9game.exe |
"UDP Query User{2C1ED585-70BB-442B-BDCF-8DEECBFCF0A4}C:\users\michael stiven\downloads\compressed\release\necrobot.exe" = protocol=17 | dir=in | app=c:\users\michael stiven\downloads\compressed\release\necrobot.exe |
"UDP Query User{2EF5674C-9892-4836-BC92-8B9CDD953384}D:\mighty no 9\mighty no 9\binaries\win32\mn9game.exe" = protocol=17 | dir=in | app=d:\mighty no 9\mighty no 9\binaries\win32\mn9game.exe |
"UDP Query User{38CC49F0-708A-4221-A331-3E956F88D0B9}C:\users\michael stiven\downloads\pokefarmer\pokefarmer.exe" = protocol=17 | dir=in | app=c:\users\michael stiven\downloads\pokefarmer\pokefarmer.exe |
"UDP Query User{5C680BAC-5DAD-4121-A52A-3D42FF17EDF2}C:\program files (x86)\garena plus\bbtalk\bbtalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\bbtalk\bbtalk.exe |
"UDP Query User{6293B3D8-B521-427D-948C-A5DD69E70749}E:\steam\steamapps\common\freestyle2\freestyle2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\freestyle2\freestyle2.exe |
"UDP Query User{63BDFE3C-4A26-42FA-9EB0-B5CE332A9820}D:\pro evolution soccer 2016\pes2016.exe" = protocol=17 | dir=in | app=d:\pro evolution soccer 2016\pes2016.exe |
"UDP Query User{7547A29E-1D31-482F-B53C-C6D73421A8B6}E:\steam\steamapps\common\paladins\binaries\win32\paladins.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\paladins\binaries\win32\paladins.exe |
"UDP Query User{7DB56EBB-9300-45C1-BC70-7FEDD7EF5CFE}D:\bombsquad_windows_1.4.99\bombsquad.exe" = protocol=17 | dir=in | app=d:\bombsquad_windows_1.4.99\bombsquad.exe |
"UDP Query User{91163ED7-1008-4529-A599-C06CB92D0DEE}C:\users\michael stiven\downloads\pokefarmer\pokefarmer.patched.exe" = protocol=17 | dir=in | app=c:\users\michael stiven\downloads\pokefarmer\pokefarmer.patched.exe |
"UDP Query User{9AE61C26-1313-4295-BA08-FDF7407E3F32}E:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dota 2 beta\game\bin\win64\dota2.exe |
"UDP Query User{9EF6D60C-3F35-4CDE-AD65-EB8D5372F874}C:\program files\java\jre1.8.0_77\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.8.0_77\bin\javaw.exe |
"UDP Query User{ABF55288-D566-4DE9-B0BB-65E3CD689C2B}D:\lostsaga\no_autoupgrade.exe" = protocol=17 | dir=in | app=d:\lostsaga\no_autoupgrade.exe |
"UDP Query User{AF76E8A2-58E7-45C1-BEFE-FE5E2A2AB164}F:\games\call of duty world at war\call of duty - world at war\cod5sp.exe" = protocol=17 | dir=in | app=f:\games\call of duty world at war\call of duty - world at war\cod5sp.exe |
"UDP Query User{DDD05426-782F-4907-A00C-F488C228472C}D:\lost castle1\win64\lost_castle.exe" = protocol=17 | dir=in | app=d:\lost castle1\win64\lost_castle.exe |
"UDP Query User{F77E30D9-ABA0-4143-AC9C-13D44D8FE354}C:\program files (x86)\garena plus\garenamessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\garenamessenger.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{4DC318F5-1640-4417-A218-912ED9905FAA}" = Corel Graphics - Windows Shell Extension
"_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}" = CorelDRAW Graphics Suite X7 (64-Bit)
"{020CDFE0-C127-4047-B571-37C82396B662}" = Microsoft SQL Server 2014 Transact-SQL ScriptDom
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{08274920-8908-45c2-9258-8ad67ff77b09}.sdb" = IIS Express Application Compatibility Database for x64
"{13179AB2-69FD-459B-800F-81865A501AD4}" = CorelDRAW Graphics Suite X7 - IPM (x64)
"{13FD7E30-D2F1-498D-ABC2-A4242DB6610E}" = IIS 10.0 Express
"{1A73168F-5983-46A6-AAAB-FD83BC231E02}" = CorelDRAW Graphics Suite X7 - Photozoom Plugin (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F83F9CC-9CAC-4612-859D-891654C9DC0F}" = CorelDRAW Graphics Suite X7 - CT (x64)
"{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}" = Microsoft SQL Server 2014 Management Objects  (x64)
"{20c31435-2a0a-4580-be8b-ac06fc243ca5}" = Python 2.7 (64-bit)
"{20EA85AA-2A1D-4F11-B09F-4BA2BF3C8989}" = Microsoft SQL Server 2016 Management Objects  (x64)
"{25FB53C5-BE4C-3B6C-A0C9-D49A39227E1E}" = Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x64) - RUS
"{26A24AE4-039D-4CA4-87B4-2F86418077F0}" = Java 8 Update 77 (64-bit)
"{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}" = CorelDRAW Graphics Suite X7 - Draw (x64)
"{2C91CB9D-323D-43E5-A433-229B71CFB773}" = CorelDRAW Graphics Suite X7 - Capture (x64)
"{2EF3A93A-569E-4FD7-A5DF-64AF588B4FBA}" = CorelDRAW Graphics Suite X7 - PL (x64)
"{2F884A17-E051-3DB7-B093-6274C98740F6}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 한국어 언어 팩
"{32C0D7B2-1046-43AC-98AD-B748E1910916}" = Active Directory Authentication Library for SQL Server
"{34BFF66C-9A7E-4778-8A9F-1DA1F0F4C22E}" = Microsoft Build Tools Language Resources 14.0 (amd64)
"{36B98E65-CA52-348C-9ED7-77B926A16C2D}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - DEU-Sprachpaket
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{3AE40040-2F48-4617-9228-49E999738BDB}" = Microsoft Visual Studio 2015 Performance Collection Tools - ENU
"{3B4AE1A9-C026-4D08-8004-DA9A85A411A4}" = Corel Graphics - Windows Shell Extension 32 Bit
"{3BB8EB77-737B-4B32-BAB9-08C7110C46BD}" = CorelDRAW Graphics Suite X7 - EN (x64)
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4A385784-591D-4490-9617-D41CC0158F92}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - amd64
"{4DC318F5-1640-4417-A218-912ED9905FAA}" = Corel Graphics - Windows Shell Extension
"{4E27A682-5F47-3B82-AF7C-90218C7078C3}" = Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Storyboarding (x64)
"{5025968D-10D4-44B2-A31C-42E020CDE399}" = CorelDRAW Graphics Suite X7 - JP (x64)
"{5162E418-BB43-4C8F-ACD6-069645EF98C3}" = CorelDRAW Graphics Suite X7 - Custom Data (x64)
"{5247E16E-BCF8-95AB-1653-B3F8FBF8B3F1}" = Windows Software Development Kit DirectX x64 Remote
"{5406029B-67AD-4F8E-9F2D-F1959CD9CD86}" = CorelDRAW Graphics Suite X7 - FontNav (x64)
"{54690016-27DE-E298-6338-59B78A88D05B}" = Application Compatibility Toolkit
"{5672E0DC-7489-4EAC-8CFD-E01B3868FCB5}" = CorelDRAW Graphics Suite X7 - VBA (x64)
"{5707EC26-AA9F-32C6-B7C1-347A3482CEC0}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support
"{599702AA-91EB-38C1-B994-CDE35C57E007}" = Microsoft Visual Studio 2015 VsGraphics Helper Dependencies
"{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}" = CorelDRAW Graphics Suite X7 - Setup Files (x64)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60DED060-0B6B-3CC1-B955-D0CD401F0FBA}" = Visual C++ IDE x64 Package
"{62D2E847-606F-49FB-A38B-F9D5AA936331}" = Microsoft Visual Studio 2015 Diagnostic Tools - amd64
"{647DB777-6309-3551-9262-6B9CDB97635B}" = Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Office Integration (x64)
"{65168D5C-A6DD-4C1B-BF5C-860A39CDD05E}" = CorelDRAW Graphics Suite X7 - ES (x64)
"{6533647D-136C-43B8-8966-712EF27F5CEE}" = CorelDRAW Graphics Suite X7 - NL (x64)
"{73A36613-1F8F-3D94-B28A-4CC0E3CAECB5}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Language Pack ITA
"{73A64813-E631-3807-8E78-BA679EDA09A8}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - 日本語 Language Pack
"{763E14D4-82A8-3466-92BE-D9591BF268A3}" = Microsoft Visual C++ 2015 x64 Debug Runtime - 14.0.24212
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{79750C81-714E-45F2-B5DE-42DEF00687B8}" = Microsoft Build Tools 14.0 (amd64)
"{811C0940-9502-4A27-A9C5-A9A7ED853BD9}" = CorelDRAW Graphics Suite X7 - IT (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{83B181F2-20B8-4F00-8E71-C66E951A8D4F}" = Visual Studio 2015 Prerequisites - ENU Language Pack
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C196158-5F89-4C88-AA33-2D57D67AA5D7}" = CorelDRAW Graphics Suite X7 - RU (x64)
"{8EA70EAF-41AB-491C-A163-9BA1ADA004EB}" = CorelDRAW Graphics Suite X7 - DE (x64)
"{90120064-0070-0000-0000-4000000FF1CE}" = Microsoft Visual Basic for Applications 7.1 (x64)
"{90150000-002A-0000-1000-0000000FF1CE}" = Microsoft Office 64-bit Components 2013
"{90150000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2013
"{90150000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013
"{90F60409-7000-11D3-8CFE-0150048383C9}" = Microsoft Visual Basic for Applications 7.1 (x64) English
"{9178F0A8-B6F6-4DA7-AD63-317CC4875F4B}" = CorelDRAW Graphics Suite X7 - Common (x64)
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{94E1227C-08A9-4962-B388-1F05D89AEA75}" = Microsoft Web Deploy 3.6
"{966996DC-D67C-40E3-8BD4-31FA0F093571}" = CorelDRAW Graphics Suite X7 - VideoBrowser (x64)
"{96EB5054-C775-4BEF-B7B9-AA96A295EDCD}" = Microsoft System CLR Types for SQL Server 2016
"{96F4525A-470D-F15C-796E-58D9988C3E5F}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{A145D3E8-5F1B-465D-887F-52EA7E0BBFE8}" = Microsoft Visual Studio 2015 Update 3 IntelliTrace (x64)
"{A6B7D078-EDC4-4D8A-BD3D-CB2B11440219}" = CGS17_Setup_x64
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}" = Microsoft SQL Server 2014 Express LocalDB
"{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb" = IIS Express Application Compatibility Database for x86
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel" = Ansel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 368.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 369.09
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 368.81
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.11.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 364.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 2.11.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.16.0318
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.11.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.34.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 2.11.4.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.40
"{B97772BE-2F7E-3F09-93B4-D1C9E196018A}" = Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Storyboarding Language Pack (x64) - ENU
"{BA14C6F7-A633-3E88-831B-FCC197A5A17D}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support  - Module linguistique Français
"{BCAC059C-E06C-4D45-928A-A69061678ECA}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - amd64
"{BD036E95-A9CD-4DED-B744-95AB1DCAFF0C}" = CorelDRAW Graphics Suite X7 - Connect (x64)
"{C57EDB5A-AC8E-4E03-9F1A-DC013A2BB9B2}" = CorelDRAW Graphics Suite X7 - Redist (x64)
"{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}" = Microsoft .NET Version Manager (x64) 1.0.0-beta5
"{C922F325-DD52-4E22-B204-431A06E63E51}" = CorelDRAW Graphics Suite X7 - PHOTO-PAINT (x64)
"{CD56C9B9-FB98-372B-8BC7-FDA312CD2511}" = Microsoft Visual Studio Tools for Applications 2012 x64 托管支持 - 简体中文语言包
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"{D091DE8C-EA0F-49AF-8DE3-BD6C79737C6E}" = Microsoft SQL Server 2016 T-SQL ScriptDom
"{D10A5CFA-FE33-4F06-AE37-554604F00A52}" = CorelDRAW Graphics Suite X7 - Filters (x64)
"{D63404AC-C2F1-4B3D-96EA-9727AC9D994C}" = CorelDRAW Graphics Suite X7 - Writing Tools (x64)
"{DCCD0EF6-DFCF-4D31-B71D-2AAC24C6AB16}" = CorelDRAW Graphics Suite X7 - CZ (x64)
"{DDDF762A-2D1D-36A3-9B70-70BD62B4EDCF}" = Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - Paquete de idioma ESN
"{DF32E41C-24AD-4A87-B43A-B38553B1806E}" = Visual Studio 2015 Prerequisites
"{E237254B-36A1-3D27-815E-B37C13BE0796}" = Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x64 Hosting Support - PTB
"{E359515A-92E6-4FA3-A2C9-E1BA02D8DE6E}" = Microsoft SQL Server 2016 LocalDB
"{EF44BCCD-13F9-4974-862C-CCFAF43EE082}" = CorelDRAW Graphics Suite X7 - IPM Content (x64)
"{F04AB121-B3E1-39FE-8A5E-EF8484210107}" = Microsoft Visual Studio Team Foundation Server 2015 Update 3 CTP1 Office Integration Language Pack (x64) - ENU
"{F20396E5-D84E-3505-A7A8-7358F0155F6C}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.24212
"{FA987EBD-79D8-4A2C-8018-4095AD215D3C}" = CorelDRAW Graphics Suite X7 - CS (x64)
"{FAAD7243-0141-3987-AA2F-E56B20F80E41}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.24212
"{FB501A6E-CA6D-36DA-8860-17F0E6D89155}" = Microsoft Visual Studio Tools for Applications 2012 x64 主控支援 - 繁體中文語言套件
"{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}" = Microsoft System CLR Types for SQL Server 2014
"{FC41DFBE-6C39-4C84-949B-7CB1E6460C7A}" = CorelDRAW Graphics Suite X7 - BR (x64)
"{FC9BCB82-55E3-4328-868F-B19112B07B93}" = CorelDRAW Graphics Suite X7 - FR (x64)
"{FCC6E820-B5DB-454E-96E3-B6182DDEEC8D}" = Microsoft Visual Studio 2015 Performance Collection Tools
"0147813640F7AF69F569581EE672B6BE1E71798E" = Windows Driver Package - BigNox Corporation XQHDrv System  (09/16/2015 4.3.12)
"39F54A37125643D2E1E90FA7D81F36ACC9441510" = Windows Driver Package - BigNox Corporation VBoxUSBMon System  (09/16/2015 4.3.12)
"76B144D15273552931249392EDB13C0BBD52C84E" = Windows Driver Package - BigNox Corporation (VBoxUSB) USB  (09/16/2015 4.3.12)
"7-Zip" = 7-Zip 16.02 (x64)
"CCleaner" = CCleaner
"ICP install2_is1" = ICP 9.0
"SAM CoDeC Pack" = SAM CoDeC Pack
"Steam App 333930" = Dirty Bomb
"Steam App 434650" = Lost Castle
"Steam App 444090" = Paladins
"VLC media player" = VLC media player
"VulkanRT1.0.11.1" = Vulkan Run Time Libraries 1.0.11.1
"WinRAR archiver" = WinRAR 5.30 (64-bit)
"ZHJhZ29ucXVlc3RoZXJvZXNzbGltZWVkaXRpb24_is1" = DRAGON QUEST HEROES Slime Edition
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B079B8-3A55-4804-9D9F-3D47644827CB}" = TypeScript Tools for Microsoft Visual Studio 2015
"{01AC157E-26F2-393E-8B91-3FEBD41A4E5D}" = Visual C++ IDE Core Package
"{023FCA1D-E591-3AF9-9D2F-9876639A511A}" = Visual C++ Library PGO X86 Package
"{03077B58-6ACF-32CA-B42A-EAA458C295A1}" = Pacote de Idiomas do Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - PTB
"{030A6785-C3A9-37DA-8530-444C320629FA}" = Microsoft Visual Studio 2015 Shell (Minimum)
"{034547E9-D8FA-49E7-8B9C-4C9861FB9146}" = Microsoft .NET Framework 4.6 Targeting Pack (ENU)
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{091CE6AA-2753-4F6E-AD1C-0E875744EB54}" = Microsoft System CLR Types for SQL Server 2014
"{0A002F88-FD5D-379B-A350-A25D84AF128B}" = Visual C++ IDE Base Package
"{0A3B508E-5638-4471-BCC9-954E1868CB86}" = WCF Data Services Tools for Microsoft Visual Studio 2015
"{0B851753-55E0-4B7E-838A-CB36C3904FA3}" = Microsoft Visual Studio 2015 Update 3 IntelliTrace Front End
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse
"{0DC92391-4C2B-4C35-A674-EBDEE5ABB375}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - ENU
"{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}" = Application Insights Tools for Visual Studio 2015
"{0F1C8E2F-199A-4946-B3BF-0906DACFD032}" = Microsoft SQL Server 2016 Management Objects
"{0FDFB80D-91E1-36F1-B523-0B90421FDDC1}" = Visual C++ IDE Core Professional Plus Resource Package
"{0FE6DE07-8CBA-3F73-86B4-51B91E506D24}" = Microsoft Visual Studio Tools for Applications 2012 x86 主控支援 - 繁體中文語言套件
"{107518BF-43A3-4CB6-B571-9C5A241F9586}" = Microsoft Azure Mobile Services Connected Service
"{128C1654-3B9E-4959-8BFB-CE6F09C0A01D}" = MSBuild/NuGet Integration 14.0 (x86)
"{12B68AD4-A9C9-3330-BFAE-BFCCDDB96660}" = Microsoft Visual Studio Professional 2015
"{12D99739-FFD3-3761-8AA6-F929E0FE407E}" = Multi-Device Hybrid Apps using C# - Templates - ENU
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{14D1CABE-2B5A-3AED-B3A7-42315D062965}" = Microsoft Visual Studio Enterprise 2015
"{1634C655-2398-35C0-89BE-291449A72F88}" = Microsoft Portable Library Multi-Targeting Pack
"{166EEF5C-F996-390E-91F6-DD6DFD008E9B}" = Microsoft Visual Studio 2015 Shell (Minimum) Interop Assemblies
"{1690CE56-2231-4E59-9006-A0876D949EA8}" =  Tools for .Net 3.5
"{173D2989-6B09-3A90-8819-A53E43F99818}" = Microsoft Visual Studio 2015 Devenv Resources
"{19A5926D-66E1-46FC-854D-163AA10A52D3}" = Microsoft .NET Framework 4.5.1 SDK
"{19E8AE59-4D4A-3534-B567-6CC08FA4102E}" = Microsoft .NET Framework 4.5.2 Multi-Targeting Pack
"{1a63c099-febd-4eaf-83ad-a82ea4fdac49}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{1D958A62-C980-3CB7-AC59-40EF0D1FA80E}" = Visual C++ IDE Core Professional Plus Resource Package
"{1DC85000-B0F8-325F-AD01-2770D36517D5}" = Visual C++ IDE Core Professional Plus Resource Package
"{1E5CA362-39B6-4BD0-B9C0-69CF15F0FEA2}" = AzureTools.Notifications
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21373064-AD95-48DB-A32E-0D9E08EF7355}" = Prerequisites for SSDT
"{26A24AE4-039D-4CA4-87B4-2F83218077F0}" = Java 8 Update 77
"{26EFB5DE-50E2-3961-AE7A-15BC0FAAF208}" = Visual C++ IDE Debugger Package
"{2774595F-BC2A-4B12-A25B-0C37A37049B0}" = Microsoft SQL Server 2014 Management Objects
"{290FC320-2F5A-329E-8840-C4193BD7A9EE}" = Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU)
"{29F046AE-F2E7-464D-879A-B3FB6087F89F}" = Facebook Gameroom 1.0.3.0
"{2A56910C-69C8-495D-8ED8-9080F0A14E58}" = Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1
"{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}" = Microsoft .NET Framework 4.6 Targeting Pack
"{2D170B66-A905-385C-93E0-20A47812B777}" = Microsoft NuGet - Visual Studio 2015
"{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}" = Microsoft .NET Framework 4.6.1 SDK
"{2FEE4EBD-CEB0-3E26-9405-CF0D812CFA3C}" = Visual C++ IDE Core Professional Plus Resource Package
"{3196EC29-B75D-4EE3-8AB0-46418BC31483}" = Microsoft.VisualStudio.Office365
"{323dad84-0974-4d90-a1c1-e006c7fdbb7d}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
"{3371699A-C1EF-3AC3-B094-D338191FA6E9}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Module linguistique Français
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{33DA2215-AF20-3F21-A171-57F0533A5CAF}" = Visual C++ IDE Core Professional Plus Resource Package
"{35433594-85A3-3EEA-963E-0E5E860B82D6}" = Visual C++ MSBuild Base Package
"{35B1EDF3-63B5-4908-989D-6F62DBA02C58}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - x86
"{35D9277C-1EB7-4FBE-8B41-C520DE4F7A60}" = Minecraft
"{37B55901-995A-3650-80B1-BBFD047E2911}" = Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.24212
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}" = HiPatch
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{42AF2A8C-6EBB-3D2E-9BF1-6135379FBABC}" = Windows Espc Package
"{43027679-FD40-32E6-A9F0-7BB3CDEBE416}" = Visual C++ IDE Core Professional Plus Resource Package
"{436A18DD-5F2C-4B3C-985E-AD3C13B0CC25}" = PreEmptive Analytics Visual Studio Components
"{441BFBCD-8830-3FE9-BBBE-643CA7982CA0}" = Microsoft Visual Studio 2015 XAML Designer
"{44474AE7-7770-3676-AC63-C9DDD15011FF}" = Windows Phone SDK 8.0 Assemblies for Visual Studio 2015
"{44A100D0-C1AE-4BB7-A0CC-AA60B7566681}" = Microsoft ASP.NET MVC 4 - Visual Studio 2015 - ENU
"{456AD42E-76D4-3E47-88FC-CB4C1ECA0400}" = vs_update3notification
"{462f63a8-6347-4894-a1b3-dbfe3a4c981d}" = Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212
"{463d5540-8dfd-4eef-92e5-b729b3b73cfb}" = Microsoft .NET Framework 4.6.1 Developer Pack
"{465ACA24-B8D6-4FEC-A42D-9EFCB92CD560}" = TypeScript Power Tool
"{4740889B-2D03-3A6F-BC42-07C8AFDF3B2E}" = Microsoft Help Viewer 2.2
"{47D08E7A-92A1-489B-B0BF-415516497BCE}" = Microsoft SQL Server 2014 T-SQL Language Service
"{4983E758-4064-3D74-BB77-75C3F86C34B3}" = Microsoft Visual Studio Professional 2015 - ENU
"{49D4D4E2-21E8-3346-A496-1A1415B18594}" = Visual C++ IDE Core Professional Plus Resource Package
"{4AD3777F-D26B-4FCD-8823-B1D9784141C6}" = Microsoft Visual Studio 2015 Profiling Tools
"{4E27B0EF-7BAB-432A-AF3D-3FC8F3F7353F}" = Microsoft SQL Server Data Tools - enu (14.0.60519.0)
"{4E61EF40-8A51-3D99-AA4C-32F203370083}" = Visual C++ IDE Core Professional Plus Resource Package
"{5080852D-31F3-49D3-B6F3-7FEC8C339A03}" = Microsoft VisualStudio JavaScript Project System
"{5127B392-8820-4822-A21F-1CB78C2E25AD}" = Microsoft Build Tools Language Resources 14.0 (x86)
"{5130318D-7FEA-35E6-927D-01368910BDFC}" = Visual C++ IDE Core Professional Plus Resource Package
"{51547499-4A12-3CC6-AE3D-3C5E87D72909}" = Visual C++ MSBuild ARM Package
"{5536AAD4-740A-4577-843D-4281D3F30726}" = Microsoft Azure Mobile Services Tools for Visual Studio - v1.4
"{56AD3004-0B49-967F-F682-B05650B61A78}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5950473A-825B-3019-AF86-55F2F9A95FCB}" = Microsoft Visual Studio Tools for Applications 2012 Finalizer
"{5C4DD346-D2B9-3B7B-9320-A90049D5E48B}" = Microsoft Visual Studio Community 2015 - ENU
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{60018889-9E0F-43E8-9B89-29E8C828B40A}" = Dotfuscator and Analytics Community Edition 5.22.0
"{603DCF17-E958-3A31-AFED-919086709DB6}" = Microsoft ASP.NET and Web Tools 2015.1 (Beta8) - Visual Studio 2015
"{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper
"{62505F19-7D2A-3FD0-B1A2-D8E2FA2F96B3}" = Visual C++ Compiler/Tools X86 Base Resource Package
"{62FDD39D-29BD-5EF9-C52A-60F5D0ABD667}" = Toolkit Documentation
"{65A12DD3-9992-47D2-8BA2-510CA59F893F}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2015 - ENU
"{65B3169E-F3E2-4752-B0F8-D0FCDC61D287}" = Microsoft Visual Studio 2015 Preparation
"{66D86CBC-EFCD-3502-A249-F91F775427F8}" = Microsoft Visual Studio Premium 2015
"{66DA8EAA-D4CD-30DC-B993-0EDF728ED1F6}" = Visual C++ IDE Core Professional Plus Resource Package
"{67A74EC1-A89D-3553-B38D-D17D4991CD2F}" = Microsoft Visual Studio 2015 SDK - ENU
"{68DC347D-C1C0-3DE2-A53E-CCC71DA53E57}" = Языковой пакет для поддержки размещения набора средств Microsoft Visual Studio Tools для работы с приложениями 2012 (x86) - RUS
"{6906ABB6-435A-4F7A-B94A-A057121DA285}" = Microsoft Visual Studio 2015 XAML Visual Diagnostics
"{6A0C6700-EA93-372C-8871-DCCF13D160A4}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack
"{6B6E4BE9-C3AE-46BF-9772-1694401A0533}_is1" = Tree Of Savior INA version 1.0
"{6BF8837D-67E1-4359-89FB-C08BFD6F2138}" = Microsoft Build Tools 14.0 (x86)
"{6C1985E7-E1C5-3A95-86EF-2C62465F15C3}" = Roslyn Language Services - x86
"{6C6839D2-2903-4A93-9E75-7EF0CCCE2EF3}" = SafeFinder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7259BDDA-D888-309D-ADE1-84AA0CB24FE9}" = Microsoft Visual Studio Tools for Applications 2012 x86 托管支持 - 简体中文语言包
"{76722C36-3BF4-4326-9ADF-A56ABA50AA9F}" = Microsoft Visual Studio Connected Services
"{793C2BF7-A4FE-4608-91C9-9282C5801C21}" = Adobe Photoshop CC 2015
"{79B9B6C9-3FAF-4F50-96A9-C1651EA0DD31}" = Microsoft Visual Studio Services Hub
"{79B9BF33-93CC-37A3-9377-AEB7BEFA2C08}" = Roslyn Language Services - x86
"{7BC93EE9-44F1-3783-AD76-F6BD6C8F6B58}" = Visual C++ Compiler/Tools X86 Base Package
"{7DFB810E-B924-4DAD-975A-E07F58153727}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - x86
"{7F656D8C-7F7A-4E86-BBDF-6F792D993657}" = Closers Online
"{7FF53256-7BAF-3EFA-91B4-DB65F37EB5E9}" = Microsoft Visual Studio 2015 Shell (Minimum) Resources
"{82daddb6-d4e0-42cb-988d-1e7f5739e155}" = Windows Assessment and Deployment Kit - Windows 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{844ECB74-9B63-3D5C-958C-30BD23F19EE4}" = Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.24212
"{84C23ECA-FE4D-494F-9247-3EBAD57E7F0C}" = Microsoft System CLR Types for SQL Server 2016
"{852CDEB3-4FA2-4F4A-BA9F-83104520DFD2}" = Microsoft Visual Studio 2015 Update 3 Diagnostic Tools - x86
"{85658238-483F-3148-967E-ECD533AE6FE7}" = Visual C++ Compiler/Tools X86 Base Resource Package
"{859C7535-6862-3867-B97E-816795E8AB65}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 日本語 Language Pack
"{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"{89ca2a32-2b52-4595-8dfd-6fe4757958d0}" = Microsoft Visual Studio Tools for Applications 2012
"{8A1AD070-269F-4A15-AAB5-76AB896EF195}" = Azure AD Authentication Connected Service
"{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}" = Microsoft .NET Framework 4.6.1 Targeting Pack
"{8BD56634-6B9E-4CDA-8857-C73F20F57907}" = Microsoft Visual Studio 2015 XAML Visual Diagnostics - ENU
"{8BFDE775-C5B8-46DB-84EF-43FFC8A2E8AD}" = Microsoft SQL Server 2016 T-SQL Language Service
"{8C26982F-B345-3C87-8D17-5E88ADDAFFF6}" = Visual Studio Graphics Analyzer
"{8CB498C5-672B-3F6C-9143-84B0BBC1EAB3}" = Visual C++ MSBuild X86 Package
"{8EEB28EE-5141-411C-9CF0-9952264FE4AF}" = Microsoft .NET Framework 4.6.1 Targeting Pack (ENU)
"{8F15E32A-FAD1-49E3-9378-C8EE0530E192}" = Microsoft Azure Storage Connected Service
"{90150000-0015-0409-0000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-0000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-0000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-0000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-0000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-0000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-0000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-0000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-0000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-0000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-0000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00E1-0409-0000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-0000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-0000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-0000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91150000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{919C67A9-2DE8-4929-A910-CB85E009B5CB}" = Microsoft Visual Studio 2015 Preparation
"{93A31A4A-197C-43F0-9687-7FFC47C33D44}" = Microsoft Visual Studio 2015 Preparation
"{955E1388-E1F1-320A-A018-24616ED60F95}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - 한국어 언어 팩
"{976C3D92-0DEC-37A6-A870-FF4FC18CD029}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EABBFE1-7EED-47D9-8FB8-21D7E4808057}" = Test Tools for Microsoft Visual Studio 2015
"{A00EC54A-CE16-4CF6-A14A-5CF81A1FE03F}" = Microsoft Azure Mobile Services SDK V2.0
"{A04247F5-CEE1-4521-87FD-90DA04C800A1}" = Microsoft Visual Studio 2015 XAML Application Timeline
"{A1CB8286-CFB3-A985-D799-721A0F2A27F3}" = Windows Software Development Kit DirectX x86 Remote
"{a2199617-3609-410f-a8e8-e8806c73545b}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{A223B446-EC3D-3031-828D-5188800AB782}" = Microsoft .NET Framework 4.5.1 RC Multi-Targeting Pack for Windows Store Apps (ENU)
"{A3BCFD43-58D6-3132-A7DF-16CE04672372}" = Visual Studio 2012 Verification SDK
"{A3C10274-808C-4ADC-A13D-D94911180B58}_is1" = Pro Evolution Soccer 2017
"{A3CF57ED-FFD1-3AC4-B9D7-90069B2B5EDA}" = Visual C++ IDE Base Resource Package
"{A3EB1DE3-9D3F-34C2-BDE6-5A8A4B98CC37}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Paquete de idioma ESN
"{A5C0F000-F324-46D3-BBD9-5F6AD1886B12}" = Microsoft Visual Studio 2015 Update 3 Performance Debugger Web Views
"{A83692F5-3E9B-4E95-9E7E-B5DF5536C09F}_is1" = AOMEI Backupper Standard
"{AB5A27F1-57C7-4E4C-90C4-28E55272FD6F}" = Microsoft Visual Studio 2015 Windows Diagnostic Tools - ENU
"{AC0CF5DB-30CD-3504-96FC-CC3CC3BAF368}" = Microsoft Visual Studio 2015 XAML Designer - ENU
"{B01EE326-AFD3-30C9-804A-CBC36CBD4922}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{B2321364-E928-325D-A954-933D35239BE5}" = Visual C++ IDE Core Professional Plus Resource Package
"{B37CA40A-9DFD-3EAE-9FF6-FAAC67443E1E}" = Microsoft Visual C++ 2015 x86 Debug Runtime - 14.0.24212
"{b55f7208-e02b-4828-ac78-59c73ddf5bc7}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{B57097EF-5F38-348C-8081-4D0F0B78757E}" = Microsoft Agents for Visual Studio 2015 Preview - ENU
"{B5915D37-0637-4A26-A3AA-C5DC9F856370}" = Microsoft .NET Framework 4.6 SDK
"{B7E94916-7AE6-4F7F-A377-7A410A42BA19}" = Prerequisites for SSDT
"{B8FD8F53-7E58-3DE5-A8FC-CB2B5CCF38CE}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - Language Pack ITA
"{BA2C0FAC-AF64-3E17-B21E-3C746F77CE07}" = Microsoft Visual Studio Enterprise 2015 - ENU
"{BAF28CA1-4B3C-36C7-9136-4597ED8694BB}" = Microsoft Blend for Visual Studio 2015 - ENU
"{BD5A23D6-1E9F-3378-89CF-E96908078D53}" = Visual C++ IDE Common Package
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{BDEA8D68-D357-1072-8CB3-D4EECA1C1696}" = Kits Configuration Installer
"{BFEC9D45-BAD4-3D7C-B6A7-887D21E6C25A}" = Visual C++ Compiler/Tools X86 Base Package
"{C0402801-37B7-30B1-A678-AE3E73E4C4F6}" = Team Explorer for Microsoft Visual Studio 2015 Update 3 CTP1
"{C3C024EC-B097-43BE-9BFC-E3D10EF45510}" = Microsoft Visual Studio 2015 XAML Application Timeline - ENU
"{C67257E4-F24C-3C35-86BB-E9B7D5D4D9FB}" = Visual C++ IDE Professional Core Package
"{C81D9D25-445F-3C3F-B073-A2EDD71B7037}" = VS Update core components
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{CA916A4C-52F7-5055-975F-9B4AD4204007}" = Microsoft ASP.NET Web Frameworks and Tools - Visual Studio 2015 - ENU
"{CAAC553D-EE02-32D2-9F7E-FBC5C22E4C08}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support - DEU-Sprachpaket
"{CE37CE67-2660-30EE-805B-78829CC3554B}" = Microsoft Agents for Visual Studio 2015 Preview
"{CF06B8C4-F6FC-3A4B-ADD0-04A1CAC3DD86}" = Microsoft Visual Studio Tools for Applications 2012 x86 Hosting Support
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D073E568-C258-381C-B9DB-965434B1DF53}" = Visual C++ MSBuild Base Resource Package
"{D1201DF3-F934-342A-A586-2B255CB8B215}" = Visual C++ IDE Core Professional Plus Resource Package
"{D209BFE9-3EDA-3606-AF6B-DCADA87A2285}" = Visual C++ IDE Core Professional Plus Resource Package
"{D2437C5C-2D8C-40D2-8059-689AD7239FA3}" = Intel® C++ Redistributables for Windows* on Intel® 64
"{D2599D8F-AACD-451A-95C6-B23FD6D70739}" = Microsoft Visual Studio 2015 Update 3 IntelliTrace (x86)
"{D3517C62-68A5-37CF-92F7-93C029A89681}" = Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU)
"{D67494E9-AA13-403B-A3BE-C26C399EEA4A}" = Microsoft Visual Studio 2015 Windows Diagnostic Tools
"{D7C23E28-E8E0-326D-92B2-357D6D6AFBC0}" = Microsoft Blend for Visual Studio 2015
"{D7DF0F16-53C8-4AAB-8D54-78F16218419A}" = Microsoft VisualStudio JavaScript Language Service
"{D91B7764-7CE2-3557-B977-E5B8E035C201}" = Microsoft Visual Studio Premium 2015 - ENU
"{D9CE69E8-D77A-3C94-A910-641622794ED4}" = Visual C++ IDE Core Professional Plus Resource Package
"{DB85E7BD-B2DD-43D4-B3C0-23D7B527B597}" = WCF Data Services 5.6.4 Runtime
"{DC3240BB-9136-3978-8EF3-F041ACEA11BF}" = Visual C++ IDE Base Resource Package
"{DE064F60-6522-3310-9665-B5E3E78B3638}" = Microsoft Visual Studio Community 2015
"{E092A9F3-15AE-46B4-9A25-6C25F7F44795}" = Microsoft .NET Core 5.0 SDK
"{E20C5867-063A-36FF-B630-A9C96CE5D8AF}" = Visual C++ IDE Debugger Resource Package
"{e2ccc441-0cf4-43f1-9306-c3c1c6cd4ce3}" = Microsoft Visual Studio Enterprise 2015 with Updates
"{E41854EE-D8A6-4E03-B42D-E0006C24A306}" = Microsoft Visual Studio 2015 Test Tools Language Pack - ENU
"{EE527713-BE8A-348A-8854-DACBCE5316F2}" = Visual C++ MSBuild X64 Package
"{EFE03B21-A8A5-3CCD-81BD-7FC47007F1BA}" = Visual C++ IDE Common Resource Package
"{f0080ca2-80ae-4958-b6eb-e8fa916d744a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{F02B1BAC-94DA-46FB-B27B-7287FC0EF481}" = Microsoft Azure Shared Components for Visual Studio 2015 - v1.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40FA676-46B1-4609-85EF-D2F1F79E0C0E}" = Active Directory Authentication Library for SQL Server (x86)
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FC1F3422-0C94-3178-AD95-3EA889DF55AF}" = Microsoft Visual Studio 2015 Devenv
"{FC94D188-1E08-3707-9D23-F41178D44664}" = Windows Espc Resource Package
"{FFA8B646-066E-34A4-8168-C410DAFA631F}" = Microsoft Visual Studio 2015 Update 3 CTP1 Team Explorer Language Pack - ENU
"Adobe Creative Cloud" = Adobe Creative Cloud
"Adobe Shockwave Player + Authorware Web Player" = Adobe Shockwave Player + Authorware Web Player
"Bloody3" = Bloody6
"BlueStacks" = BlueStacks App Player
"Dolphin" = Dolphin
"Dragonball Xenoverse_is1" = Dragonball Xenoverse
"DVD Decrypter" = DVD Decrypter (Remove Only)
"Google Chrome" = Google Chrome
"im" = Garena+
"ImageConverter Plus_is1" = ImageConverter Plus 9.0
"InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}" = Samsung Kies3
"Internet Download Manager" = Internet Download Manager
"LostSaga_IOEntertainment_3bf54696" = LostSagaID
"Microsoft Help Viewer 2.2" = Microsoft Help Viewer 2.2
"Mighty No 9_is1" = Mighty No 9
"Nox" = Nox APP Player
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"ONE PIECE BURNING BLOOD_is1" = ONE PIECE BURNING BLOOD
"PBID" = Garena - PointBlank ID
"pcsx2" = PCSX2 - Playstation 2 Emulator
"Popcorn Time_is1" = Popcorn Time
"Rockstar Games Social Club" = Rockstar Games Social Club
"Steam App 381990" = Dragon Saga
"UHJvRXZvbHV0aW9uU29jY2VyMjAxNg==_is1" = Pro Evolution Soccer 2016
"VGhlU2ltczQ=_is1" = The Sims 4 - Get to Work
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"OneDriveSetup.exe" = Microsoft OneDrive
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/8/2017 6:45:03 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1008
Description =
 
Error - 1/8/2017 6:45:06 AM | Computer Name = DESKTOP-R8F9G5O | Source = Application Error | ID = 1000
Description = Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.576,
 time stamp: 0x584a7815  Faulting module name: CoreUIComponents.dll, version: 0.0.0.0,
 time stamp: 0x584a72ab  Exception code: 0xc0000005  Fault offset: 0x0000000000072fda
Faulting
 process id: 0x2af0  Faulting application start time: 0x01d2699bcddf1962  Faulting application
 path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting
 module path: C:\WINDOWS\system32\CoreUIComponents.dll  Report Id: 42229491-f96a-4f7b-aceb-31a7b37cccae
Faulting
 package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe  Faulting
 package-relative application ID: MicrosoftEdge
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1022
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1018
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1008
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1008
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1008
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = PerfNet | ID = 2004
Description =
 
Error - 1/8/2017 6:47:29 AM | Computer Name = DESKTOP-R8F9G5O | Source = Perflib | ID = 1023
Description =
 
Error - 1/8/2017 6:52:26 AM | Computer Name = DESKTOP-R8F9G5O | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
 in the System Writer Object.  Details: AddLegacyDriverFiles: Unable to back up image
 of binary Microsoft Link-Layer Discovery Protocol.  System Error: Access is denied.
.
 
[ System Events ]
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7034
Description = The Update service service terminated unexpectedly.  It has done this
 1 time(s).
 
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7034
Description = The AdobeUpdateService service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7034
Description = The Xbox Live Network Service service terminated unexpectedly.  It
 has done this 1 time(s).
 
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7034
Description = The Windows Security service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7034
Description = The Hi-Rez Studios Authenticate and Update Service service terminated
 unexpectedly.  It has done this 1 time(s).
 
Error - 1/8/2017 6:45:04 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7031
Description = The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated
 unexpectedly.  It has done this 1 time(s).  The following corrective action will
 be taken in 0 milliseconds: Restart the service.
 
Error - 1/8/2017 6:45:07 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7031
Description = The Windows Search service terminated unexpectedly.  It has done this
 1 time(s).  The following corrective action will be taken in 30000 milliseconds:
 Restart the service.
 
Error - 1/8/2017 6:45:07 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7031
Description = The Windows Modules Installer service terminated unexpectedly.  It
 has done this 1 time(s).  The following corrective action will be taken in 120000
 milliseconds: Restart the service.
 
Error - 1/8/2017 6:45:37 AM | Computer Name = DESKTOP-R8F9G5O | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
 the service) after the unexpected termination of the Windows Search service, but
 this action failed with the following error:   %%1056
 
Error - 1/8/2017 6:46:56 AM | Computer Name = DESKTOP-R8F9G5O | Source = DCOM | ID = 10016
Description =
 
 
< End of report >
 



#3 AlfredoBilly

AlfredoBilly
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 08 January 2017 - 06:16 AM

this is the OTL.txt file:

 

 

OTL logfile created on: 1/8/2017 5:57:08 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michael Stiven\Downloads\Programs
64bit- Professional  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.86 Gb Total Physical Memory | 5.77 Gb Available Physical Memory | 73.37% Memory free
9.68 Gb Paging File | 7.42 Gb Available in Paging File | 76.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146.00 Gb Total Space | 35.62 Gb Free Space | 24.40% Space Free | Partition Type: NTFS
Drive D: | 361.33 Gb Total Space | 192.44 Gb Free Space | 53.26% Space Free | Partition Type: NTFS
Drive E: | 390.62 Gb Total Space | 251.55 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
 
Computer Name: DESKTOP-R8F9G5O | User Name: Michael Stiven | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2017/01/08 17:55:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael Stiven\Downloads\Programs\OTL.exe
PRC - [2016/12/09 15:09:36 | 000,753,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
PRC - [2016/09/26 12:55:26 | 002,207,960 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
PRC - [2016/08/11 21:47:56 | 000,425,496 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
PRC - [2016/07/13 19:46:52 | 003,966,064 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IDMan.exe
PRC - [2016/07/11 05:37:04 | 000,424,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
PRC - [2016/06/15 03:03:38 | 002,397,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2016/06/15 03:03:22 | 001,879,488 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2016/05/20 18:37:34 | 000,275,512 | ---- | M] (Tonec Inc.) -- C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
PRC - [2015/11/05 07:12:06 | 000,188,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
PRC - [2015/09/15 17:56:06 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2016/06/15 03:03:38 | 000,018,880 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2016/12/09 17:28:24 | 000,764,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2016/12/09 16:24:21 | 002,275,840 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2016/11/11 16:22:23 | 000,082,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2016/11/11 16:20:50 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2016/11/11 16:20:10 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2016/11/11 16:19:59 | 000,411,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2016/11/11 16:19:35 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2016/11/11 16:16:35 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2016/11/11 16:14:35 | 002,104,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2016/11/11 16:11:57 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2016/11/11 16:06:19 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2016/11/11 16:05:32 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2016/11/11 16:04:16 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2016/11/11 16:04:03 | 001,232,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2016/11/02 17:30:35 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2016/11/02 17:19:44 | 000,805,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2016/11/02 17:16:47 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/11/02 17:16:27 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2016/11/01 23:05:26 | 000,373,744 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService2.0.0.0)
SRV:64bit: - [2016/10/15 10:42:44 | 000,539,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2016/10/15 10:37:03 | 001,980,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2016/10/05 16:18:56 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2016/10/03 18:54:03 | 002,889,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe -- (Sense)
SRV:64bit: - [2016/10/03 18:54:03 | 000,447,488 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2016/10/03 18:53:55 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2016/10/03 18:53:55 | 001,020,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2016/10/03 18:53:55 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/10/03 18:53:55 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2016/10/03 18:53:50 | 000,823,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AppVClient.exe -- (AppVClient)
SRV:64bit: - [2016/10/03 18:53:50 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/10/03 18:53:50 | 000,203,776 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2016/10/03 18:53:50 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2016/10/03 18:53:44 | 001,013,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2016/10/03 18:53:44 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2016/10/03 18:53:42 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2016/10/03 18:53:42 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2016/10/03 18:53:42 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2016/10/03 18:53:42 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2016/07/16 21:28:31 | 001,227,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\AgentService.exe -- (UevAgentService)
SRV:64bit: - [2016/07/16 21:28:13 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2016/07/16 18:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016/07/16 18:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2016/07/16 18:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2016/07/16 18:43:10 | 001,836,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2016/07/16 18:43:06 | 000,347,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2016/07/16 18:43:04 | 000,103,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2016/07/16 18:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2016/07/16 18:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2016/07/16 18:42:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2016/07/16 18:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2016/07/16 18:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2016/07/16 18:42:37 | 000,718,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2016/07/16 18:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2016/07/16 18:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/16 18:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016/07/16 18:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_5217d)
SRV:64bit: - [2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_5217d)
SRV:64bit: - [2016/07/16 18:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2016/07/16 18:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2016/07/16 18:42:19 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016/07/16 18:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2016/07/16 18:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2016/07/16 18:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2016/07/16 18:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/07/16 18:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016/07/16 18:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2016/07/16 18:42:09 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016/07/16 18:42:09 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2016/07/16 18:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016/07/16 18:42:09 | 000,326,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2016/07/16 18:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2016/07/16 18:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2016/07/16 18:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2016/07/16 18:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016/07/16 18:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016/07/16 18:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2016/07/16 18:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2016/07/16 18:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016/07/16 18:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2016/07/16 18:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2016/07/16 18:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2016/07/16 18:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV:64bit: - [2016/06/15 03:03:21 | 001,163,712 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService)
SRV:64bit: - [2016/06/15 03:03:09 | 002,521,024 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe -- (NvStreamSvc)
SRV:64bit: - [2016/06/15 03:03:08 | 003,632,576 | ---- | M] (NVIDIA Corporation) [On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe -- (NvStreamNetworkSvc)
SRV:64bit: - [2014/04/30 16:33:52 | 000,337,776 | ---- | M] (arvato digital services llc) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2_x64)
SRV - [2017/01/08 11:11:08 | 000,178,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Kesertherstemosy\phlsch.dll -- (Reifingkeither)
SRV - [2016/12/21 07:56:44 | 000,395,536 | ---- | M] (EasyAntiCheat Ltd) [On_Demand | Stopped] -- C:\Windows\SysWOW64\EasyAntiCheat.exe -- (EasyAntiCheat)
SRV - [2016/12/20 09:25:40 | 001,467,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2016/12/09 23:04:50 | 000,009,728 | ---- | M] (Hi-Rez Studios) [Auto | Paused] -- E:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2016/12/09 15:54:48 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2016/12/09 15:09:36 | 000,753,240 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe -- (AdobeUpdateService)
SRV - [2016/11/11 14:19:35 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2016/11/11 14:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/11/01 23:05:26 | 000,301,552 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2016/10/03 18:53:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2016/09/26 12:55:26 | 002,207,960 | ---- | M] (Adobe Systems, Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2016/08/11 21:47:56 | 000,425,496 | ---- | M] (BlueStack Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)
SRV - [2016/08/11 21:47:09 | 000,445,976 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Service.exe -- (BstHdAndroidSvc)
SRV - [2016/08/11 21:45:21 | 000,462,360 | ---- | M] (BlueStack Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe -- (BstHdPlusAndroidSvc)
SRV - [2016/07/17 20:05:58 | 000,108,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe -- (VSStandardCollectorService140)
SRV - [2016/07/16 18:42:55 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2016/07/16 18:41:50 | 003,318,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2016/07/11 05:37:04 | 000,424,384 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe -- (Stereo Service)
SRV - [2016/07/06 01:58:40 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Windows\KMS-R@1n.exe -- (KMS-R@1n)
SRV - [2016/06/15 03:03:22 | 001,879,488 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2015/12/09 06:14:00 | 003,893,832 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2015/11/05 07:12:06 | 000,188,072 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe -- (Razer Game Scanner Service)
SRV - [2015/09/15 17:56:06 | 000,029,912 | ---- | M] (AOMEI Tech Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\AOMEI Backupper\ABService.exe -- (Backupper Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2016/12/09 17:30:39 | 000,377,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2016/11/11 17:00:25 | 000,219,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2016/11/11 16:26:51 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2016/11/02 17:55:52 | 000,048,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2016/11/01 23:05:26 | 007,966,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2016/10/15 11:37:01 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2016/10/15 11:30:16 | 000,557,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2016/10/15 10:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2016/10/05 17:35:31 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/10/05 17:09:07 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2016/10/03 18:54:03 | 000,719,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2016/10/03 18:54:03 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2016/10/03 18:53:50 | 000,127,328 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppVStrm.sys -- (AppvStrm)
DRV:64bit: - [2016/10/03 18:53:44 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2016/10/03 18:53:44 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2016/10/03 18:53:42 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2016/10/03 18:53:42 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2016/10/03 18:53:42 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/10/03 18:53:42 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/10/03 18:53:42 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016/10/03 18:44:50 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2016/09/10 20:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016/08/27 00:30:48 | 013,754,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2016/08/27 00:30:44 | 000,240,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/07/16 21:29:02 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2016/07/16 21:28:44 | 000,179,040 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mssecflt.sys -- (MsSecFlt)
DRV:64bit: - [2016/07/16 21:28:31 | 000,040,288 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\UevAgentDriver.sys -- (UevAgentDriver)
DRV:64bit: - [2016/07/16 21:28:14 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2016/07/16 21:28:02 | 000,123,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2016/07/16 21:27:56 | 000,157,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppvVemgr.sys -- (AppvVemgr)
DRV:64bit: - [2016/07/16 21:27:56 | 000,141,152 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AppvVfs.sys -- (AppvVfs)
DRV:64bit: - [2016/07/16 18:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2016/07/16 18:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2016/07/16 18:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2016/07/16 18:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2016/07/16 18:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2016/07/16 18:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2016/07/16 18:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2016/07/16 18:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2016/07/16 18:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2016/07/16 18:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2016/07/16 18:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2016/07/16 18:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016/07/16 18:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2016/07/16 18:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2016/07/16 18:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2016/07/16 18:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2016/07/16 18:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2016/07/16 18:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2016/07/16 18:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2016/07/16 18:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2016/07/16 18:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2016/07/16 18:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2016/07/16 18:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/07/16 18:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2016/07/16 18:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2016/07/16 18:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2016/07/16 18:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2016/07/16 18:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2016/07/16 18:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2016/07/16 18:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2016/07/16 18:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2016/07/16 18:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2016/07/16 18:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2016/07/16 18:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2016/07/16 18:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2016/07/16 18:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2016/07/16 18:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2016/07/16 18:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2016/07/16 18:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2016/07/16 18:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2016/07/16 18:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016/07/16 18:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016/07/16 18:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2016/07/16 18:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2016/07/16 18:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016/07/16 18:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2016/07/16 18:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2016/07/16 18:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2016/07/16 18:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2016/07/16 18:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2016/07/16 18:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2016/07/16 18:41:54 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb22.sys -- (xusb22)
DRV:64bit: - [2016/07/16 18:41:54 | 000,081,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2016/07/16 18:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2016/07/16 18:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2016/07/16 18:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2016/07/16 18:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2016/07/16 18:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2016/07/16 18:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2016/07/16 18:41:54 | 000,033,280 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2016/07/16 18:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2016/07/16 18:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2016/07/16 18:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2016/07/16 18:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2016/07/16 18:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2016/07/16 18:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2016/07/16 18:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2016/07/16 18:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2016/07/16 18:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2016/07/16 18:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2016/07/16 18:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:64bit: - [2016/07/16 18:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2016/07/16 18:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2016/07/16 18:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2016/07/16 18:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2016/07/16 18:41:53 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2016/07/16 18:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/07/16 18:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2016/07/16 18:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2016/07/16 18:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016/07/16 18:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2016/07/16 18:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2016/07/16 18:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2016/07/16 18:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2016/07/16 18:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2016/07/16 18:41:53 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2016/07/16 18:41:53 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2016/07/16 18:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2016/07/16 18:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2016/07/16 18:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2016/07/16 18:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2016/07/16 18:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/07/16 18:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2016/07/16 18:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2016/07/16 18:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2016/07/16 18:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2016/07/16 18:41:53 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2016/07/16 18:41:53 | 000,009,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2016/07/16 18:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2016/07/16 18:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2016/07/16 18:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2016/07/16 18:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2016/07/16 18:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2016/07/16 18:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2016/07/16 18:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016/07/16 18:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2016/07/16 18:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2016/07/16 18:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2016/07/16 18:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2016/07/16 18:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2016/07/16 18:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2016/07/16 18:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2016/06/15 03:03:08 | 000,026,560 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms)
DRV:64bit: - [2016/05/24 21:29:12 | 000,207,928 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2016/05/12 05:32:26 | 000,481,768 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2016/04/14 12:38:19 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2016/04/01 14:20:10 | 000,936,192 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64)
DRV:64bit: - [2016/02/25 23:09:30 | 001,469,448 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2016/02/10 08:41:52 | 000,194,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TeeDriverW8x64.sys -- (MEIx64)
DRV:64bit: - [2015/12/15 05:24:25 | 000,130,880 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpnk.sys -- (rzpnk)
DRV:64bit: - [2015/12/01 23:10:06 | 000,043,032 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvmouse.sys -- (rzvmouse)
DRV:64bit: - [2015/11/30 22:04:24 | 000,202,776 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2015/11/25 17:22:28 | 000,042,472 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzp1endpt.sys -- (rzp1endpt)
DRV:64bit: - [2015/09/23 04:36:40 | 000,037,184 | ---- | M] (Razer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rzpmgrk.sys -- (rzpmgrk)
DRV:64bit: - [2015/09/16 10:29:46 | 000,253,384 | ---- | M] (BigNox Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\XQHDrv.sys -- (XQHDrv)
DRV:64bit: - [2015/09/10 11:59:16 | 000,054,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmsmbsp.sys -- (bcmsmbsp)
DRV:64bit: - [2015/08/13 22:36:50 | 000,044,232 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2015/08/13 22:36:50 | 000,043,720 | ---- | M] (Razer Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2015/06/27 03:46:16 | 000,050,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2015/06/27 03:46:16 | 000,039,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2015/02/26 00:00:00 | 000,151,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\ammntdrv.sys -- (ammntdrv)
DRV:64bit: - [2015/02/26 00:00:00 | 000,030,648 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\ambakdrv.sys -- (ambakdrv)
DRV:64bit: - [2015/02/26 00:00:00 | 000,017,848 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\amwrtdrv.sys -- (amwrtdrv)
DRV:64bit: - [2009/09/09 16:23:46 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\flashud.sys -- (int0800)
DRV - [2017/01/08 17:47:00 | 000,050,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Users\Michael Stiven\AppData\Local\Temp\gkernel.sys -- (gkernel)
DRV - [2017/01/08 14:24:57 | 000,036,808 | ---- | M] (Wellbia.com Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1)
DRV - [2017/01/08 12:17:27 | 000,018,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\xspirit.sys -- (xspirit)
DRV - [2016/08/27 00:30:48 | 013,754,936 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_9ff5ab165faead52\nvlddmkm.sys -- (nvlddmkm)
DRV - [2016/08/11 21:47:38 | 000,152,672 | ---- | M] (BlueStack Systems) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)
DRV - [2016/07/29 00:09:30 | 000,307,768 | ---- | M] (Bluestack System Inc. ) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Bluestacks\BstkDrv.sys -- (BstkDrv)
DRV - [2016/07/16 18:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV - [2015/09/16 10:29:46 | 000,253,384 | ---- | M] (BigNox Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\XQHDrv.sys -- (XQHDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://u.msn.com/id-id/?ocid=iehp
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 1A 25 4E 7F A0 D1 01  [binary data]
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 12 9A EB B5 85 41 D1 01  [binary data]
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3765010503-321087084-49711260-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8080;https=127.0.0.1:8080
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.77.2: C:\Program Files\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2: C:\Program Files\Java\jre1.8.0_77\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/AuthorwarePlayer: C:\Windows\system32\Macromed\AUTHORWA\np32asw.dll (Macromedia, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.77.2: C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.77.2: C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t.garena.com/garenatalk: C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
 
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Michael Stiven\AppData\Roaming\IDM\idmmzcc5 [2017/01/08 17:55:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc2@internetdownloadmanager.com: C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi [2016/06/08 16:17:50 | 000,030,041 | ---- | M] ()
 
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\4.2.7_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfenjblodoldnbiddmggcbkcapiolbig\2.2.0_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggmhmienjhfcelpenonejnleoddkdjba\1.7_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjknjjomckknofjidppipffbpoekiipm\4.1.2_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\indphkjgcbdoaigcjlaaokkfllleolli\3.9.9_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifkpflabnobkgbjpcmocmgcajlecbcp\3.13.1.2_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpampappnmepgilojfohadhhmbhlaek\6.27_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.0_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\paiehomgejkdifojcddmbinmophkibac\2.6_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Michael Stiven\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5516.1005.0.3_0\
 
O1 HOSTS File: ([2017/01/08 11:15:30 | 000,003,722 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       down.baidu2016.com
O1 - Hosts: 127.0.0.1       123.sogou.com
O1 - Hosts: 127.0.0.1       www.czzsyzgm.com
O1 - Hosts: 127.0.0.1       www.czzsyzxl.com
O1 - Hosts: 127.0.0.1       union.baidu2019.com
O1 - Hosts: 127.0.0.1       down.baidu2016.com
O1 - Hosts: 127.0.0.1       123.sogou.com
O1 - Hosts: 127.0.0.1       www.czzsyzgm.com
O1 - Hosts: 127.0.0.1       www.czzsyzxl.com
O1 - Hosts: 127.0.0.1       union.baidu2019.com
O1 - Hosts: 34.195.153.94 www.google-analytics.com
O1 - Hosts: 34.195.153.94 google-analytics.com
O1 - Hosts: 34.195.153.94 mc.yandex.ru
O1 - Hosts: 34.195.153.94 top-fwz1.mail.ru
O1 - Hosts: 34.195.153.94 site.yandex.net
O1 - Hosts: 34.195.153.94 pagead2.googlesyndication.com
O1 - Hosts: 34.195.153.94 ad.mail.ru
O1 - Hosts: 34.195.153.94 ads.adfox.ru
O1 - Hosts: 34.195.153.94 ads.pubmatic.com
O1 - Hosts: 34.195.153.94 apis.google.com
O1 - Hosts: 34.195.153.94 autocontext.begun.ru
O1 - Hosts: 34.195.153.94 b.scorecardresearch.com
O1 - Hosts: 34.195.153.94 c.amazon-adsystem.com
O1 - Hosts: 34.195.153.94 cdn.admixer.net
O1 - Hosts: 34.195.153.94 cdn.cxense.com
O1 - Hosts: 61 more lines...
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 14.0 Helper) - {b924f0b4-0b3c-49c0-bab2-213fb9ebd1d3} - C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [WindowsDefender] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Creative Cloud] C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer Inc.)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [B4EG8MMG3S] "C:\Program Files\1OR5YDMYB4\1OR5YDMYB.exe" File not found
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [Bloody2] C:\Program Files (x86)\Bloody6\Bloody6\Bloody6.exe ()
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe (BlueStack Systems, Inc.)
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [GarenaPlus] C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe ()
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-3765010503-321087084-49711260-1001..\Run: [OneDrive] C:\Users\Michael Stiven\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Michael Stiven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk = C:\Users\Michael Stiven\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..Trusted Domains: drp.su ([update] http in Local intranet)
O15 - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..Trusted Domains: drp.su ([update] https in Local intranet)
O15 - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..Trusted Domains: drp.su ([update-test2] http in Local intranet)
O15 - HKU\S-1-5-21-3765010503-321087084-49711260-1001\..Trusted Domains: drp.su ([update-test2] https in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c67c7bca-34b8-4b15-9752-b2e2093c1de5}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{c67c7bca-34b8-4b15-9752-b2e2093c1de5}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\OSppSvc.exe: Debugger - C:\Windows\KMS-R@1nHook.exe ()
O27:64bit: - HKLM IFEO\SppExtComObj.exe: Debugger - C:\Windows\KMS-R@1nHook.exe ()
O27 - HKLM IFEO\OSppSvc.exe: Debugger - C:\Windows\KMS-R@1nHook.exe ()
O27 - HKLM IFEO\SppExtComObj.exe: Debugger - C:\Windows\KMS-R@1nHook.exe ()
O28:64bit: - HKLM ShellExecuteHooks: {6E4A5326-CD05-11E6-85BE-64006A5CFC23} - C:\Users\Michael Stiven\AppData\Roaming\Phabdomzuhuward\Coivther.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cee58f3d-a91d-11e5-87b1-fcaa14c2bb80}\Shell - "" = AutoRun
O33 - MountPoints2\{cee58f3d-a91d-11e5-87b1-fcaa14c2bb80}\Shell\AutoRun\command - "" = "I:\LaunchCGS.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: shpamsvc - C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NetSvcs:64bit: lfsvc - C:\Windows\SysNative\lfsvc.dll (Microsoft Corporation)
NetSvcs:64bit: DmEnrollmentSvc - C:\Windows\SysNative\Windows.Internal.Management.dll (Microsoft Corporation)
NetSvcs:64bit: dmwappushservice - C:\Windows\SysNative\dmwappushsvc.dll (Microsoft Corporation)
NetSvcs:64bit: WpnService - C:\Windows\SysNative\wpnservice.dll (Microsoft Corporation)
NetSvcs:64bit: XboxNetApiSvc - C:\Windows\SysNative\XboxNetApiSvc.dll (Microsoft Corporation)
NetSvcs:64bit: DcpSvc - C:\Windows\SysNative\dcpsvc.dll (Microsoft Corporation)
NetSvcs:64bit: RetailDemo - C:\Windows\SysNative\RDXService.dll (Microsoft Corporation)
NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs:64bit: UserManager - C:\Windows\SysNative\usermgr.dll (Microsoft Corporation)
NetSvcs:64bit: dosvc - C:\Windows\SysNative\dosvc.dll (Microsoft Corporation)
NetSvcs:64bit: XblAuthManager - C:\Windows\SysNative\XblAuthManager.dll (Microsoft Corporation)
NetSvcs:64bit: XblGameSave - C:\Windows\SysNative\XblGameSave.dll (Microsoft Corporation)
NetSvcs:64bit: UsoSvc - C:\Windows\SysNative\usocore.dll (Microsoft Corporation)
NetSvcs:64bit: wisvc - C:\Windows\SysNative\FlightSettings.dll (Microsoft Corporation)
NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
NetSvcs:64bit: NetSetupSvc - C:\Windows\SysNative\NetSetupSvc.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017/01/08 17:43:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/01/08 17:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2017/01/08 11:28:04 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Local\UCBrowser
[2017/01/08 11:27:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UCBrowser
[2017/01/08 11:14:06 | 000,000,000 | ---D | C] -- C:\Program Files\XBox
[2017/01/08 11:12:24 | 000,000,000 | ---D | C] -- C:\Microsoft
[2017/01/08 11:12:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\SSL
[2017/01/08 11:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Phersck Adapter
[2017/01/08 11:11:13 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Phabdomzuhuward
[2017/01/08 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Profiles
[2017/01/08 11:11:10 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Local\Bunryvuloght
[2017/01/08 11:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kesertherstemosy
[2017/01/08 09:38:29 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\com.playsaurus.heroclicker
[2017/01/05 18:12:02 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Guitar Pro 6
[2017/01/05 18:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6
[2017/01/05 18:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 6
[2017/01/05 18:11:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6 2
[2017/01/05 18:06:54 | 000,000,000 | R--D | C] -- C:\Users\Michael Stiven\Desktop\Others
[2017/01/05 18:06:30 | 000,000,000 | R--D | C] -- C:\Users\Michael Stiven\Desktop\Emulator
[2017/01/05 18:06:05 | 000,000,000 | R--D | C] -- C:\Users\Michael Stiven\Desktop\Programs
[2017/01/05 18:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2017/01/05 17:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2017/01/05 17:39:29 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\My Palettes
[2017/01/05 17:38:14 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\Corel
[2017/01/05 17:37:03 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Corel
[2017/01/05 17:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2017/01/05 17:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2017/01/05 17:28:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2017/01/05 17:27:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X7 (64-bit)
[2017/01/05 17:27:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2017/01/05 17:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Corel
[2017/01/05 17:22:46 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\Adobe
[2017/01/05 17:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2017/01/05 17:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2017/01/05 17:17:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2017/01/05 17:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2017/01/05 17:15:14 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Local\Adobe
[2017/01/05 16:48:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Guitar Pro 6
[2017/01/03 00:09:24 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2016/12/28 13:31:04 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LostSagaID
[2016/12/25 17:14:32 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Roaming\AC3Filter
[2016/12/25 15:39:09 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\SQUARE ENIX
[2016/12/25 14:52:16 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\Electronic Arts
[2016/12/25 13:46:53 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\Documents\CPY_SAVES
[2016/12/25 13:44:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pro Evolution Soccer 2017
[2016/12/21 11:55:34 | 000,395,536 | ---- | C] (EasyAntiCheat Ltd) -- C:\WINDOWS\SysWow64\EasyAntiCheat.exe
[2016/12/15 22:46:40 | 008,168,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2016/12/15 22:46:40 | 003,306,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2016/12/15 22:46:40 | 001,852,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2016/12/15 22:46:40 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppXDeploymentClient.dll
[2016/12/15 22:46:39 | 004,612,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2016/12/15 22:46:39 | 003,059,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2016/12/15 22:46:39 | 001,589,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtctm.dll
[2016/12/15 22:46:39 | 001,274,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2016/12/15 22:46:38 | 002,138,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputService.dll
[2016/12/15 22:46:38 | 001,100,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvix64.exe
[2016/12/15 22:46:38 | 000,989,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvax64.exe
[2016/12/15 22:46:38 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentClient.dll
[2016/12/15 22:46:37 | 000,947,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.efi
[2016/12/15 22:46:37 | 000,811,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hvloader.exe
[2016/12/15 22:46:37 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TextInputFramework.dll
[2016/12/15 22:46:36 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2016/12/15 22:46:36 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Core.TextInput.dll
[2016/12/15 22:46:35 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.desktop.dll
[2016/12/15 22:46:35 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InputLocaleManager.dll
[2016/12/15 22:46:35 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EditBufferTestHook.dll
[2016/12/15 22:46:35 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WordBreakers.dll
[2016/12/15 22:46:34 | 006,285,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2016/12/15 22:46:34 | 003,777,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2016/12/15 22:46:34 | 001,988,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2016/12/15 22:46:34 | 001,692,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2016/12/15 22:46:33 | 007,816,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2016/12/15 22:46:33 | 002,275,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentServer.dll
[2016/12/15 22:46:33 | 001,293,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2016/12/15 22:46:33 | 000,981,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.OnlineId.dll
[2016/12/15 22:46:33 | 000,411,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\facecredentialprovider.dll
[2016/12/15 22:46:32 | 001,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2016/12/15 22:46:32 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll
[2016/12/15 22:46:29 | 004,978,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d12warp.dll
[2016/12/15 22:46:28 | 002,820,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputService.dll
[2016/12/15 22:46:27 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TextInputFramework.dll
[2016/12/15 22:46:27 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Core.TextInput.dll
[2016/12/15 22:46:27 | 000,119,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InputLocaleManager.dll
[2016/12/15 22:46:27 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditBufferTestHook.dll
[2016/12/15 22:46:26 | 004,749,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2016/12/15 22:46:26 | 003,616,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2016/12/15 22:46:26 | 002,998,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2016/12/15 22:46:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2016/12/15 22:46:26 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32k.sys
[2016/12/15 22:46:26 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VSD3DWARP12Debug.dll
[2016/12/15 22:46:26 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\VSD3DWARPDebug.dll
[2016/12/15 22:46:26 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WordBreakers.dll
[2016/12/15 22:46:25 | 001,461,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\user32.dll
[2016/12/15 22:46:24 | 005,114,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdp.dll
[2016/12/15 22:46:22 | 006,583,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d12warp.dll
[2016/12/15 22:46:21 | 001,572,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2016/12/15 22:46:21 | 000,764,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2016/12/15 22:46:21 | 000,455,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2016/12/15 22:46:21 | 000,241,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2016/12/15 22:46:20 | 001,415,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2016/12/15 22:46:19 | 001,354,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.efi
[2016/12/15 22:46:19 | 001,173,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winload.exe
[2016/12/15 22:46:19 | 001,051,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.efi
[2016/12/15 22:46:19 | 000,894,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winresume.exe
[2016/12/15 22:46:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VSD3DWARPDebug.dll
[2016/12/15 22:46:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VSD3DWARP12Debug.dll
[2016/12/15 22:46:18 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Shell.dll
[2016/12/15 22:46:17 | 006,668,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2016/12/15 22:46:16 | 002,913,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2016/12/15 22:46:16 | 002,166,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2016/12/15 22:46:16 | 001,490,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2016/12/15 22:46:16 | 001,267,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2016/12/15 22:46:16 | 000,861,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2016/12/15 22:46:16 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2016/12/15 22:46:16 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2016/12/15 22:46:15 | 003,198,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cdp.dll
[2016/12/15 22:46:15 | 001,637,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll
[2016/12/15 22:46:15 | 001,004,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2016/12/15 22:46:15 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wincorlib.dll
[2016/12/15 22:46:15 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceEnroller.exe
[2016/12/15 22:46:15 | 000,137,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll
[2016/12/15 22:46:14 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2016/12/15 22:46:14 | 000,807,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.OnlineId.dll
[2016/12/15 22:46:14 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2016/12/15 22:46:14 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wincorlib.dll
[2016/12/15 22:46:14 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mdmregistration.dll
[2016/12/15 22:46:14 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mdmregistration.dll
[2016/12/15 22:46:13 | 000,377,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\clfs.sys
[2016/12/15 22:46:13 | 000,168,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcrypt.dll
[2016/12/15 22:46:12 | 006,044,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2016/12/15 22:46:12 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2016/12/15 22:46:12 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2016/12/15 22:46:11 | 008,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2016/12/15 22:46:11 | 004,746,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2016/12/15 22:46:11 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapibase.dll
[2016/12/15 22:46:10 | 001,512,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2016/12/15 22:46:10 | 000,730,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fveapi.dll
[2016/12/15 22:46:10 | 000,402,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2016/12/15 22:46:10 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2016/12/15 22:46:08 | 001,738,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2016/12/15 22:46:08 | 000,658,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms2.sys
[2016/12/15 22:46:08 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdd.dll
[2016/12/15 22:46:07 | 022,563,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2016/12/15 22:46:06 | 019,413,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2016/12/15 22:46:06 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\indexeddbserver.dll
[2016/12/15 22:46:03 | 002,677,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2016/12/15 22:46:02 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CryptoWinRT.dll
[2016/12/15 22:46:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2016/12/15 22:46:02 | 000,172,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sspicli.dll
[2016/12/14 14:30:31 | 000,000,000 | ---D | C] -- C:\Users\Michael Stiven\AppData\Local\Chromium
[2016/12/11 01:57:03 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\netshell.dll
[2016/12/11 01:57:03 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2016/12/11 01:57:03 | 000,615,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnprv.dll
[2016/12/11 01:57:03 | 000,603,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll
[2016/12/11 01:57:03 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToManager.dll
[2016/12/11 01:57:03 | 000,534,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEng.dll
[2016/12/11 01:57:03 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2016/12/11 01:57:03 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rascustom.dll
[2016/12/11 01:57:03 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2016/12/11 01:57:03 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgentUserBroker.exe
[2016/12/11 01:57:03 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2016/12/11 01:57:03 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2016/12/11 01:57:02 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2016/12/11 01:57:02 | 001,232,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dosvc.dll
[2016/12/11 01:57:02 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2016/12/11 01:57:02 | 000,590,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioSes.dll
[2016/12/11 01:57:01 | 002,800,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netshell.dll
[2016/12/11 01:57:01 | 001,886,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntdll.dll
[2016/12/11 01:57:01 | 001,859,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2016/12/11 01:57:01 | 000,842,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntshrui.dll
[2016/12/11 01:57:00 | 017,188,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2016/12/11 01:56:59 | 003,892,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2016/12/11 01:56:59 | 003,370,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
[2016/12/11 01:56:59 | 001,123,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfplat.dll
[2016/12/11 01:56:59 | 000,952,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfsvr.dll
[2016/12/11 01:56:59 | 000,263,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2016/12/11 01:56:59 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2016/12/11 01:56:58 | 002,277,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\d3d11.dll
[2016/12/11 01:56:58 | 001,357,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIAutomationCore.dll
[2016/12/11 01:56:58 | 000,760,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NMAA.dll
[2016/12/11 01:56:58 | 000,715,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapControlCore.dll
[2016/12/11 01:56:58 | 000,379,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2016/12/11 01:56:58 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2016/12/11 01:56:58 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2016/12/11 01:56:58 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2016/12/11 01:56:58 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSManHTTPConfig.exe
[2016/12/11 01:56:57 | 006,109,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mos.dll
[2016/12/11 01:56:57 | 001,992,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2016/12/11 01:56:56 | 005,380,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BingMaps.dll
[2016/12/11 01:56:56 | 004,423,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll
[2016/12/11 01:56:56 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\JpMapControl.dll
[2016/12/11 01:56:56 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DisplayManager.dll
[2016/12/11 01:56:55 | 002,109,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapGeocoder.dll
[2016/12/11 01:56:55 | 000,418,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AUDIOKSE.dll
[2016/12/11 01:56:55 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\domgmt.dll
[2016/12/11 01:56:54 | 002,362,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapRouter.dll
[2016/12/11 01:56:54 | 001,069,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2016/12/11 01:56:54 | 000,424,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFPlay.dll
[2016/12/11 01:56:54 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapConfiguration.dll
[2016/12/11 01:56:54 | 000,091,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfaudiocnv.dll
[2016/12/11 01:56:54 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\HttpsDataSource.dll
[2016/12/11 01:56:53 | 000,545,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
[2016/12/11 01:56:53 | 000,163,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RTWorkQ.dll
[2016/12/11 01:56:53 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MapsBtSvc.dll
[2016/12/11 01:56:52 | 001,755,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DeviceFlows.DataModel.dll
[2016/12/11 01:56:52 | 000,266,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\policymanager.dll
[2016/12/11 01:56:52 | 000,157,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudStorageWizard.exe
[2016/12/11 01:56:52 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MosStorage.dll
[2016/12/11 01:56:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmenrollengine.dll
[2016/12/11 01:56:51 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2016/12/11 01:56:51 | 000,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/12/11 01:56:51 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dmcertinst.exe
[2016/12/11 01:56:50 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_StorageSense.dll
[2016/12/11 01:56:49 | 002,828,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d11.dll
[2016/12/11 01:56:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ActivationManager.dll
[2016/12/11 01:56:49 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtcuiu.dll
[2016/12/11 01:56:49 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseAppMgmtSvc.dll
[2016/12/11 01:56:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EnterpriseModernAppMgmtCSP.dll
[2016/12/11 01:56:49 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EDPCleanup.exe
[2016/12/11 01:56:49 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
[2016/12/11 01:56:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReportingCSP.dll
[2016/12/11 01:56:49 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EAMProgressHandler.dll
[2016/12/11 01:56:48 | 004,136,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepository.dll
[2016/12/11 01:56:48 | 002,482,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2016/12/11 01:56:48 | 002,186,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\hevcdecoder.dll
[2016/12/11 01:56:48 | 002,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2016/12/11 01:56:48 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll
[2016/12/11 01:56:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryBroker.dll
[2016/12/11 01:56:47 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2016/12/11 01:56:47 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2016/12/11 01:56:47 | 000,909,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2016/12/11 01:56:47 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2016/12/11 01:56:46 | 002,084,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceFlows.DataModel.dll
[2016/12/11 01:56:46 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngccredprov.dll
[2016/12/11 01:56:46 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bcastdvr.exe
[2016/12/11 01:56:46 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2016/12/11 01:56:46 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NgcCtnr.dll
[2016/12/11 01:56:46 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToManager.dll
[2016/12/11 01:56:46 | 000,366,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2016/12/11 01:56:46 | 000,278,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\netplwiz.dll
[2016/12/11 01:56:46 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\xboxgip.sys
[2016/12/11 01:56:46 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BcastDVRHelper.dll
[2016/12/11 01:56:46 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppCapture.dll
[2016/12/11 01:56:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Shell.Search.UriHandler.dll
[2016/12/11 01:56:45 | 002,852,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsThresholdAdminFlowUI.dll
[2016/12/11 01:56:45 | 002,510,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll
[2016/12/11 01:56:45 | 000,382,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AUDIOKSE.dll
[2016/12/11 01:56:44 | 003,542,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2016/12/11 01:56:44 | 000,637,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxgi.dll
[2016/12/11 01:56:44 | 000,360,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettingsAdminFlows.exe
[2016/12/11 01:56:43 | 000,454,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2016/12/11 01:56:43 | 000,198,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscapi.dll
[2016/12/11 01:56:43 | 000,152,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RTWorkQ.dll
[2016/12/11 01:56:42 | 001,336,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsecedit.dll
[2016/12/11 01:56:42 | 001,220,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscui.cpl
[2016/12/11 01:56:42 | 000,381,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptngc.dll
[2016/12/11 01:56:42 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ActivationManager.dll
[2016/12/11 01:56:42 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wscinterop.dll
[2016/12/11 01:56:42 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VEStoreEventHandlers.dll
[2016/12/11 01:56:41 | 013,868,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2016/12/11 01:56:41 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2016/12/11 01:56:40 | 001,418,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msctf.dll
[2016/12/11 01:56:40 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\comdlg32.dll
[2016/12/11 01:56:40 | 000,219,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\tpm.sys
[2016/12/11 01:56:39 | 006,474,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mspaint.exe
[2016/12/11 01:56:39 | 001,726,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Immersive.dll
[2016/12/11 01:56:39 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Immersive.dll
[2016/12/11 01:56:39 | 000,960,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\modernexecserver.dll
[2016/12/11 01:56:39 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2016/12/11 01:56:39 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2016/12/11 01:56:39 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Shell.Search.UriHandler.dll
[2016/12/11 01:56:39 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LaunchWinApp.exe
[2016/12/11 01:56:38 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2016/12/11 01:56:38 | 002,484,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gameux.dll
[2016/12/11 01:56:38 | 000,711,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2016/12/11 01:56:38 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2016/12/11 01:56:38 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpsvc.dll
[2016/12/11 01:56:38 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cdpusersvc.dll
[2016/12/11 01:56:37 | 004,311,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2016/12/11 01:56:37 | 001,600,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2016/12/11 01:56:37 | 000,882,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeManagerObj.dll
[2016/12/11 01:56:37 | 000,743,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppwinob.dll
[2016/12/11 01:56:37 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EditionUpgradeHelper.dll
[2016/12/11 01:56:37 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ACPBackgroundManagerPolicy.dll
[2016/12/11 01:56:36 | 002,009,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRHInproc.dll
[2016/12/11 01:56:36 | 001,366,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2016/12/11 01:56:36 | 000,869,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2016/12/11 01:56:36 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2016/12/11 01:56:36 | 000,395,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dmenrollengine.dll
[2016/12/11 01:56:36 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2016/12/11 01:56:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\VPNv2CSP.dll
[2016/12/11 01:56:35 | 001,477,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsecedit.dll
[2016/12/11 01:56:35 | 000,746,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcprx.dll
[2016/12/11 01:56:35 | 000,248,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\policymanager.dll
[2016/12/11 01:56:35 | 000,101,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceReactivation.dll
[2016/12/11 01:56:34 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lpremove.exe
[2016/12/11 01:56:33 | 001,002,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SRH.dll
[2016/12/11 01:56:33 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mtxclu.dll
[2016/12/11 01:56:33 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\sendmail.dll
[2016/12/11 01:56:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
[2016/12/11 01:56:33 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xolehlp.dll
[2016/12/11 01:56:32 | 001,473,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfplat.dll
[2016/12/11 01:56:32 | 001,062,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfsvr.dll
[2016/12/11 01:56:32 | 000,620,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bcastdvr.exe
[2016/12/11 01:56:32 | 000,519,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ngccredprov.dll
[2016/12/11 01:56:31 | 004,130,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2016/12/11 01:56:31 | 002,213,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2016/12/11 01:56:31 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2016/12/11 01:56:31 | 000,328,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2016/12/11 01:56:31 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\cryptngc.dll
[2016/12/11 01:56:31 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BcastDVRHelper.dll
[2016/12/11 01:56:30 | 005,722,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2016/12/11 01:56:30 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsm.dll
[2016/12/11 01:56:30 | 000,170,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppCapture.dll
[2016/12/11 01:56:29 | 007,219,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2016/12/11 01:56:29 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DisplayManager.dll
[2016/12/11 01:56:28 | 002,287,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2016/12/11 01:56:27 | 004,708,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll
[2016/12/11 01:56:25 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtcprx.dll
[2016/12/11 01:56:25 | 000,870,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmkvsrcsnk.dll
[2016/12/11 01:56:25 | 000,142,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\migisol.dll
[2016/12/11 01:56:25 | 000,126,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfaudiocnv.dll
[2016/12/11 01:56:24 | 000,374,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFPlay.dll
[2016/12/11 01:56:24 | 000,187,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudStorageWizard.exe
[2016/12/11 01:56:24 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dialserver.dll
[2016/12/11 01:56:24 | 000,122,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\migisol.dll
[2016/12/11 01:56:24 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ProvSysprep.dll
[2016/12/11 01:56:23 | 001,691,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aitstatic.exe
[2016/12/11 01:56:23 | 000,198,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dpapisrv.dll
[2016/12/11 01:56:23 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppnp.dll
[2016/12/11 01:56:23 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgentc.exe
[2016/12/11 01:56:22 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msdtcuiu.dll
[2016/12/11 01:56:22 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2016/12/11 01:56:22 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RjvMDMConfig.dll
[2016/12/11 01:56:21 | 001,430,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2016/12/11 01:56:21 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2016/12/11 01:56:21 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2016/12/11 01:56:17 | 006,664,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mspaint.exe
[2016/12/11 01:56:17 | 000,495,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DataSenseHandlers.dll
[2016/12/11 01:56:17 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2016/12/11 01:56:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2016/12/11 01:56:16 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2016/12/11 01:56:16 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\stobject.dll
[2016/12/11 01:56:15 | 002,611,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gameux.dll
[2016/12/11 01:56:14 | 004,673,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2016/12/11 01:56:14 | 000,936,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NMAA.dll
[2016/12/11 01:56:14 | 000,905,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapControlCore.dll
[2016/12/11 01:56:14 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LaunchWinApp.exe
[2016/12/11 01:56:14 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManHTTPConfig.exe
[2016/12/11 01:56:13 | 009,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2016/12/11 01:56:13 | 000,388,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\zipfldr.dll
[2016/12/11 01:56:13 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\IdCtrls.dll
[2016/12/11 01:56:12 | 007,654,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mos.dll
[2016/12/11 01:56:12 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll
[2016/12/11 01:56:11 | 001,709,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIAutomationCore.dll
[2016/12/11 01:56:10 | 003,400,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncCenter.dll
[2016/12/11 01:56:10 | 000,779,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cscui.dll
[2016/12/11 01:56:09 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\JpMapControl.dll
[2016/12/11 01:56:08 | 007,812,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BingMaps.dll
[2016/12/11 01:56:07 | 002,206,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2016/12/11 01:56:07 | 001,969,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\hevcdecoder.dll
[2016/12/11 01:56:06 | 003,441,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapRouter.dll
[2016/12/11 01:56:06 | 002,953,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapGeocoder.dll
[2016/12/11 01:56:06 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsStore.dll
[2016/12/11 01:56:06 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshostcore.dll
[2016/12/11 01:56:05 | 000,489,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupShim.dll
[2016/12/11 01:56:05 | 000,446,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapConfiguration.dll
[2016/12/11 01:56:05 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupShim.dll
[2016/12/11 01:56:05 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MapsBtSvc.dll
[2016/12/11 01:56:05 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\setupugc.exe
[2016/12/11 01:56:05 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupugc.exe
[2016/12/11 01:56:04 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rasapi32.dll
[2016/12/11 01:56:04 | 000,587,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vpnike.dll
[2016/12/11 01:56:04 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2016/12/11 01:56:04 | 000,167,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscapi.dll
[2016/12/11 01:56:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sendmail.dll
[2016/12/11 01:56:04 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\umpoext.dll
[2016/12/11 01:56:04 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MosStorage.dll
[2016/12/11 01:56:04 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\moshost.dll
[2016/12/11 01:56:03 | 001,196,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscui.cpl
[2016/12/11 01:56:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wscinterop.dll
[2016/12/11 01:56:03 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetCfgNotifyObjectHost.exe
[2016/12/11 01:56:03 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetCfgNotifyObjectHost.exe
[2016/12/11 01:56:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CbtBackgroundManagerPolicy.dll
[2016/12/11 01:56:03 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgentc.exe
 
========== Files - Modified Within 30 Days ==========
 
[2017/01/08 17:48:42 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/01/08 17:46:59 | 000,000,180 | ---- | M] () -- C:\WINDOWS\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2017/01/08 17:46:40 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/01/08 17:46:37 | 3377,709,056 | -HS- | M] () -- C:\hiberfil.sys
[2017/01/08 14:24:57 | 000,036,808 | ---- | M] (Wellbia.com Co., Ltd.) -- C:\WINDOWS\xhunter1.sys
[2017/01/08 14:11:14 | 000,000,034 | ---- | M] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
[2017/01/08 12:17:27 | 000,018,960 | ---- | M] () -- C:\WINDOWS\xspirit.sys
[2017/01/08 11:14:37 | 000,000,000 | ---- | M] () -- C:\TOSTACK
[2017/01/06 04:53:08 | 002,137,268 | ---- | M] () -- C:\WINDOWS\c0c91d1690dfef183bb804d7961336af.exe
[2017/01/05 18:11:57 | 000,001,067 | ---- | M] () -- C:\Users\Michael Stiven\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2017/01/05 17:42:02 | 001,427,036 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017/01/05 17:42:02 | 001,148,468 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017/01/05 17:42:02 | 000,270,694 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017/01/05 17:35:09 | 000,293,952 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2016/12/30 16:47:04 | 000,552,184 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\EasyAntiCheat.sys
[2016/12/21 07:56:44 | 000,395,536 | ---- | M] (EasyAntiCheat Ltd) -- C:\WINDOWS\SysWow64\EasyAntiCheat.exe
[2016/12/12 06:56:25 | 000,835,576 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2016/12/12 06:56:25 | 000,177,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2016/12/11 00:33:39 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enrollmentapi.dll
 
========== Files Created - No Company Name ==========
 
[2017/01/08 11:14:37 | 000,000,000 | ---- | C] () -- C:\TOSTACK
[2017/01/08 11:14:01 | 000,000,034 | ---- | C] () -- C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
[2017/01/06 04:53:08 | 002,137,268 | ---- | C] () -- C:\WINDOWS\c0c91d1690dfef183bb804d7961336af.exe
[2017/01/05 18:11:57 | 000,001,067 | ---- | C] () -- C:\Users\Michael Stiven\Application Data\Microsoft\Internet Explorer\Quick Launch\Guitar Pro 6.lnk
[2017/01/05 18:03:29 | 000,001,294 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2017/01/05 17:22:43 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
[2016/12/24 12:25:14 | 000,552,184 | ---- | C] () -- C:\WINDOWS\SysNative\drivers\EasyAntiCheat.sys
[2016/12/15 22:46:33 | 002,681,200 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2016/12/15 22:46:07 | 002,048,496 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2016/10/03 18:53:44 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2016/10/03 04:04:50 | 000,932,736 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2016/10/03 04:02:04 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/10/03 04:00:32 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/09/08 16:58:10 | 000,000,027 | ---- | C] () -- C:\WINDOWS\option.ini
[2016/08/27 00:30:44 | 035,133,368 | ---- | C] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016/08/27 00:26:48 | 008,916,512 | ---- | C] () -- C:\WINDOWS\SysWow64\nvptxJitCompiler.dll
[2016/08/27 00:26:48 | 000,611,608 | ---- | C] () -- C:\WINDOWS\SysWow64\nvfatbinaryLoader.dll
[2016/07/29 21:22:30 | 002,279,413 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\DongTom.bin
[2016/07/29 21:22:10 | 007,129,600 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\agent.dat
[2016/07/29 21:22:10 | 000,126,464 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\noah.dat
[2016/07/29 21:22:10 | 000,067,968 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\Config.xml
[2016/07/29 21:22:10 | 000,018,432 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\Main.dat
[2016/07/29 21:22:10 | 000,005,568 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\md.xml
[2016/07/29 21:22:09 | 001,905,357 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\Home-Is.tst
[2016/07/29 21:21:57 | 000,684,032 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\Home-Is.exe
[2016/07/29 21:21:35 | 000,129,024 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\Installer.dat
[2016/07/29 21:21:35 | 000,014,400 | ---- | C] () -- C:\Users\Michael Stiven\AppData\Roaming\InstallationConfiguration.xml
[2016/07/16 18:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 18:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 18:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 18:43:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2016/07/16 18:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 18:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 18:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 18:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 18:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 18:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2016/07/15 17:51:45 | 000,129,824 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1.dll
[2016/07/15 17:51:45 | 000,040,224 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo.exe
[2016/07/09 12:11:56 | 000,000,400 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2016/07/08 18:52:39 | 000,000,000 | ---- | C] () -- C:\Users\Michael Stiven\systeminfo
[2016/07/05 17:58:49 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SysWow64\winsevr.dat
[2016/05/04 09:23:30 | 000,129,824 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1-1-0-11-1.dll
[2016/05/04 09:22:58 | 000,040,224 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-11-1.exe
[2016/01/04 16:12:33 | 000,018,960 | ---- | C] () -- C:\WINDOWS\xspirit.sys
[2015/12/23 23:56:27 | 000,004,608 | ---- | C] () -- C:\WINDOWS\SECOH-QAD.exe
[2015/12/23 23:56:27 | 000,003,584 | ---- | C] () -- C:\WINDOWS\SECOH-QAD.dll
[2015/12/23 10:38:35 | 000,210,944 | ---- | C] () -- C:\WINDOWS\SysWow64\msvcrt10.dll
[2015/12/23 10:36:23 | 000,026,112 | ---- | C] () -- C:\WINDOWS\KMS-R@1n.exe
[2015/12/23 10:36:23 | 000,005,120 | ---- | C] () -- C:\WINDOWS\KMS-R@1nHook.exe
[2015/12/23 10:36:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\KMS-R@1nHook.dll
 
========== ZeroAccess Check ==========
 
[2016/10/03 04:19:28 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2016/11/11 17:01:16 | 007,219,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2016/11/11 14:47:14 | 005,722,832 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 18:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 18:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 18:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2016/12/13 09:43:18 | 000,328,990 | ---- | M] () MD5=1A99A94F52664794AD113506BF983C5C -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_7f29128d906f1326\explorer.exe
[2016/11/11 16:56:12 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=4E10FB1A015B49AC68F76C1A3F4D9C0F -- C:\Windows\explorer.exe
[2016/11/11 16:56:12 | 004,673,304 | ---- | M] (Microsoft Corporation) MD5=4E10FB1A015B49AC68F76C1A3F4D9C0F -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.479_none_8b70395b17bb92f4\explorer.exe
[2016/11/11 14:41:45 | 004,311,736 | ---- | M] (Microsoft Corporation) MD5=AF46710DDB8B0E304AA4FD2B940CABD8 -- C:\Windows\SysWOW64\explorer.exe
[2016/11/11 14:41:45 | 004,311,736 | ---- | M] (Microsoft Corporation) MD5=AF46710DDB8B0E304AA4FD2B940CABD8 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.479_none_95c4e3ad4c1c54ef\explorer.exe
[2016/12/13 09:51:29 | 000,265,668 | ---- | M] () MD5=E3DF53EEDDD68BA837D16A84FDE24BE4 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_10.0.14393.0_none_897dbcdfc4cfd521\explorer.exe
 
< MD5 for: SVCHOST.EXE  >
[2016/07/16 18:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=1F8434DD4907C832E6E90D6298EAB85B -- C:\Windows\SysWOW64\svchost.exe
[2016/07/16 18:42:55 | 000,038,792 | ---- | M] (Microsoft Corporation) MD5=1F8434DD4907C832E6E90D6298EAB85B -- C:\Windows\WinSxS\wow64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.14393.0_none_ed846f6e50612447\svchost.exe
[2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) MD5=36F670D89040709013F6A460176767EC -- C:\WINDOWS\SysNative\svchost.exe
[2016/07/16 18:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) MD5=36F670D89040709013F6A460176767EC -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_10.0.14393.0_none_e32fc51c1c00624c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2016/07/16 18:42:27 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=C1B1FFC800BE2F31EB2CF8CB40629C69 -- C:\WINDOWS\SysNative\userinit.exe
[2016/07/16 18:42:27 | 000,033,280 | ---- | M] (Microsoft Corporation) MD5=C1B1FFC800BE2F31EB2CF8CB40629C69 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_10.0.14393.0_none_099d2590e8629c72\userinit.exe
[2016/07/16 18:42:55 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=FA900E6CCCF0A429D5B720C6F0E2274B -- C:\Windows\SysWOW64\userinit.exe
[2016/07/16 18:42:55 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=FA900E6CCCF0A429D5B720C6F0E2274B -- C:\Windows\WinSxS\wow64_microsoft-windows-userinit_31bf3856ad364e35_10.0.14393.0_none_13f1cfe31cc35e6d\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2016/11/11 16:05:00 | 000,673,792 | ---- | M] (Microsoft Corporation) MD5=DE6DF9BBBECAFDEF462A37D839167368 -- C:\WINDOWS\SysNative\winlogon.exe
[2016/11/11 16:05:00 | 000,673,792 | ---- | M] (Microsoft Corporation) MD5=DE6DF9BBBECAFDEF462A37D839167368 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.14393.479_none_a97e935f72f0a02a\winlogon.exe
[2016/12/13 09:48:36 | 000,047,112 | ---- | M] () MD5=DED50FC36B30273887A595748D5AE52C -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_10.0.14393.0_none_9d376c91eba4205c\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: ST1000DM003-1ER162
Partitions: 7
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 500.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 146.00GB
Starting Offset: 525336576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 391.00GB
Starting Offset: 157287448576
Hidden sectors: 0
 
 
DeviceID: Disk #0, Partition #3
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 394.00GB
Starting Offset: 576717848576
Hidden sectors: 0
 
 
========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5] -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE -> Junction
[C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5] -> C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE -> Junction
< End of report >


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,091 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:05:49 PM

Posted 10 January 2017 - 06:23 PM

If infected, I'd suggest posting over in the Am I Infected forum:  http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Please read the pinned topics at the top of the forum for instructions on how to post there.

 


My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users