Zoek.exe v5.0.0.1 Updated 31-December-2015 Tool run by deckx on zo 03/04/2016 at 16:34:28,04. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Safe\Desktop\zoek.exe [Scan all users] [Script inserted] [Checkboxes used] ==== Running Processes ====================== C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\AMD\CNext\CNext\cnext.exe C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\GWX\GWX.exe C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\PROGRA~2\RAPTRI~1\PlaysTV\plays_ep64.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Safe\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe ==== System Restore Info ====================== 3/04/2016 16:36:47 Zoek.exe System Restore Point Created Successfully. ==== Windows Installer Info ====================== Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6BAFE49EF3567384E9A86F73C71ACED0]C:\Windows\Installer\45b6189.msi Aeria Ignite [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E726D2EF0E7DAE64396A5838242058AF]C:\Windows\Installer\224a6e.msi AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AF5142F82F27920F4005E42BAF4E485C]C:\Windows\Installer\3d6e2.msi AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\34D0CA2A8879DB1B2B8AFE7C8519B61B]C:\Windows\Installer\7a765.msi AMD Fuel [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E9E02AA0D69102C4ED47F9D125F59DF]C:\Windows\Installer\30192.msi AMD Install Manager [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9172B6A30DB1A10DF3566299553A2BB1]C:\Windows\Installer\889050.msi AMD Radeon Settings [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3095EED075E488DB8B6A570A69712C2]C:\Windows\Installer\88921a.msi AMD Settings - Branding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E06ECA877BC05394CB4D3F4322016570]C:\Windows\Installer\889220.msi AMD Settings [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\812472AA7A5261CB91592411E17E73E1]C:\Windows\Installer\889196.msi AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0C4DC61CEE8404F09CDF7087AE7FF3DB]C:\Windows\Installer\64577.msi AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3A8411AB1E4F4E32D88C886B0E9EDBFB]C:\Windows\Installer\889056.msi AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7FE5E0368F27D5E9EB5FDE586B891E06]C:\Windows\Installer\2ff89.msi AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A285624F202C31DB85D0F5015ABCF39]C:\Windows\Installer\3d445.msi Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\42D78011D76588D7966C7D0AB8F5C474]C:\Windows\Installer\3018c.msi Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BDDB41196A6AD25160A09E397050A71D]C:\Windows\Installer\30197.msi Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6E9D5131B89B2E1E9393BA6B0012442]C:\Windows\Installer\3020a.msi Catalyst Control Center Next Localization BR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BB8AB99D8ACCC40281769E4054A9B837]C:\Windows\Installer\8891f0.msi Catalyst Control Center Next Localization CHS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2071BE1C02512BB5D9DE8572AF21BC68]C:\Windows\Installer\88920e.msi Catalyst Control Center Next Localization CHT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\77AC72BD902C6FFB07D0883EFFFA6ED3]C:\Windows\Installer\889214.msi Catalyst Control Center Next Localization CS [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5FC1EB0CD39F146213B4582EBEA42965]C:\Windows\Installer\88919c.msi Catalyst Control Center Next Localization DA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\34235900E114C492B6B7B1DE8B86AE93]C:\Windows\Installer\8891a2.msi Catalyst Control Center Next Localization DE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5E67A427769F3B522CDC63EBBB1BA004]C:\Windows\Installer\8891a8.msi Catalyst Control Center Next Localization EL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\053DDEEEB68B7DF0FC2FFE24C549347A]C:\Windows\Installer\8891ae.msi Catalyst Control Center Next Localization ES [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5C822CAD886C19F1EEAFAE1A052036F9]C:\Windows\Installer\8891b4.msi Catalyst Control Center Next Localization FI [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1AFDF07C54B4DCDF07B8CC793C8D30A3]C:\Windows\Installer\8891ba.msi Catalyst Control Center Next Localization FR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B6F1EC2C668108BDA26DDF050E6528D1]C:\Windows\Installer\8891c0.msi Catalyst Control Center Next Localization HU [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00FA739FF36B4F9EB125C409E343F7DC]C:\Windows\Installer\8891c6.msi Catalyst Control Center Next Localization IT [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\81C63CBE392ECA3CE9E8ABB4CA9043B6]C:\Windows\Installer\8891cc.msi Catalyst Control Center Next Localization JA [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7DC34C0AC8EA3F0B0413575684D14A15]C:\Windows\Installer\8891d2.msi Catalyst Control Center Next Localization KO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\270DFEC049649C6333E37CB7BFCDD9BA]C:\Windows\Installer\8891d8.msi Catalyst Control Center Next Localization NL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\0185254A6BB29894E053D687285616BB]C:\Windows\Installer\8891de.msi Catalyst Control Center Next Localization NO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\69B15D383349B653BE772FF6D46B6B22]C:\Windows\Installer\8891e4.msi Catalyst Control Center Next Localization PL [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F96374FDAEBD1BA85B26A018E50D4C45]C:\Windows\Installer\8891ea.msi Catalyst Control Center Next Localization RU [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4B93A500401C298CE8630F9062FD732B]C:\Windows\Installer\8891f6.msi Catalyst Control Center Next Localization SV [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\91C858FC3B57C31581F88AF7FEB8A410]C:\Windows\Installer\8891fc.msi Catalyst Control Center Next Localization TH [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4CE3E8954A4B3EC3DE24628D2A29015B]C:\Windows\Installer\889202.msi Catalyst Control Center Next Localization TR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\5E5AF3BB2563DDE4219240789EE39E05]C:\Windows\Installer\889208.msi ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A9F3643C536E0E203C15141D06472E20]C:\Windows\Installer\3020f.msi CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F922F307E3757E01B34443D15BA98DB6]C:\Windows\Installer\30200.msi CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6345E984101B9DAC551741476657CE3E]C:\Windows\Installer\30205.msi CCC Help Czech [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E4161ABB07461487A824BA5DABB7F3EF]C:\Windows\Installer\3019c.msi CCC Help Danish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3341E0AA61F810AA8E9E6E0458970D8D]C:\Windows\Installer\301a1.msi CCC Help Dutch [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D918405A0C359620070BBFD5A39D686]C:\Windows\Installer\301d8.msi CCC Help English [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\847594C630F579B065B8670D63F84B06]C:\Windows\Installer\301b0.msi CCC Help Finnish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\120ABC9D14BD637929F3253E4E6219D2]C:\Windows\Installer\301ba.msi CCC Help French [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A085A30B76D55CAD951AA77D5C3183C1]C:\Windows\Installer\301bf.msi CCC Help German [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2284FD9661B940EC5778220EF95BDFD1]C:\Windows\Installer\301a6.msi CCC Help Greek [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\29E0C8699AD64875A9B001160DBCC241]C:\Windows\Installer\301ab.msi CCC Help Hungarian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\38F8CB110627BE56E3A0AFA78C494BD2]C:\Windows\Installer\301c4.msi CCC Help Italian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\519CD4EF427DC27EFE68CDB59869A1FC]C:\Windows\Installer\301c9.msi CCC Help Japanese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\CBD3539CC74AB9C2FA23E5C2B8E4D3A3]C:\Windows\Installer\301ce.msi CCC Help Korean [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\099CBD73415C12836DBF210E47A59A09]C:\Windows\Installer\301d3.msi CCC Help Norwegian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B1703E97C0A8501C4624FC16712306E1]C:\Windows\Installer\301dd.msi CCC Help Polish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A1E8E21AD77A5E49278F8ED32665FA11]C:\Windows\Installer\301e2.msi CCC Help Portuguese [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9693E5DA0C0FFBCE545E3CB648092418]C:\Windows\Installer\301e7.msi CCC Help Russian [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C7602AFC09EA9FB360FA7E6EE576B9D3]C:\Windows\Installer\301ec.msi CCC Help Spanish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7EE4E0119A58B67B9B340C1CFCC0F247]C:\Windows\Installer\301b5.msi CCC Help Swedish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\79779A24552A9F9424055DA8C9AE9240]C:\Windows\Installer\301f1.msi CCC Help Thai [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\15B0CB136760135A930481816B90EE7A]C:\Windows\Installer\301f6.msi CCC Help Turkish [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2CE54BD97E09D246C79FA52CBFCD417F]C:\Windows\Installer\301fb.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E]C:\Windows\Installer\b2cd0.msi Google Update Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A089CE062ADB6BC44A720BA745894BAC]C:\Windows\Installer\a95cf.msi Java 8 Update 31 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EA42A62D9304AC4784BF2381208130F]C:\Windows\Installer\13740e0.msi League of Legends [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1094FB974CE162743B2C7A5879606C7E]C:\Windows\Installer\1912ae.msi Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6414876250E69FF3395387C6C7F05BEB]C:\Windows\Installer\ae3bbe.msi Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A3454E95D94D98444B5474D367C397FA]C:\Windows\Installer\189ba7.msi Microsoft Office Access MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109510090400000000000F01FEC]C:\Windows\Installer\4def4b.msi Microsoft Office Access Setup Metadata MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109711090400000000000F01FEC]C:\Windows\Installer\4def51.msi Microsoft Office Excel MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109610090400000000000F01FEC]C:\Windows\Installer\4def08.msi Microsoft Office Groove MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109AB0090400000000000F01FEC]C:\Windows\Installer\4def0e.msi Microsoft Office InfoPath MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109440090400000000000F01FEC]C:\Windows\Installer\4def44.msi Microsoft Office Office 64-bit Components 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A20000000100000000F01FEC]C:\Windows\Installer\4def64.msi Microsoft Office OneNote MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\000041091A0090400000000000F01FEC]C:\Windows\Installer\4def3e.msi Microsoft Office Outlook MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A10090400000000000F01FEC]C:\Windows\Installer\4def14.msi Microsoft Office PowerPoint MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109810090400000000000F01FEC]C:\Windows\Installer\4def02.msi Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109110000000000000000F01FEC]C:\Windows\Installer\4def6d.msi Microsoft Office Proof (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F10090400000000000F01FEC]C:\Windows\Installer\4def32.msi Microsoft Office Proof (French) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100C0400000000000F01FEC]C:\Windows\Installer\4def2c.msi Microsoft Office Proof (Spanish) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109F100A0C00000000000F01FEC]C:\Windows\Installer\4def26.msi Microsoft Office Proofing (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109C20090400000000000F01FEC]C:\Windows\Installer\4def38.msi Microsoft Office Publisher MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109910090400000000000F01FEC]C:\Windows\Installer\4def57.msi Microsoft Office Shared 64-bit MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109A20090400100000000F01FEC]C:\Windows\Installer\4def1a.msi Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109611090400100000000F01FEC]C:\Windows\Installer\4def20.msi Microsoft Office Shared MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109E60090400000000000F01FEC]C:\Windows\Installer\4deef6.msi Microsoft Office Shared Setup Metadata MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109511090400000000000F01FEC]C:\Windows\Installer\4deefc.msi Microsoft Office Word MUI (English) 2010 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00004109B10090400000000000F01FEC]C:\Windows\Installer\4def5d.msi Microsoft Silverlight [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D7314F9862C648A4DB8BE2A5B47BE100]c:\Windows\Installer\23bdcd.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1af2a8da7e60d0b429d7e6453b3d0182]C:\Windows\Installer\be9e0b.msi Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9eab5ec6ac3d99b498a1d16c1c815acf]C:\Windows\Installer\1912aa.msi Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\c1c4f01781cc94c4c8fb1542c0981a2a]C:\Windows\Installer\be9e19.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D20352A90C039D93DBF6126ECE614057]c:\Windows\Installer\3d6e7.msi Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E815EB96CCE9A53884E7857C57002F0]c:\Windows\Installer\1e9ecfb.msi Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1926E8D15D0BCE53481466615F760A7F]c:\Windows\Installer\9b37bd.msi Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1D5E3C0FEDA1E123187686FED06E995A]c:\Windows\Installer\9b094e.msi Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7C9F8B73BF303523781852719CD9C700]C:\Windows\Installer\be9e3f.msi Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3AEB2FCAE628F23AAB933F1E743AB79]C:\Windows\Installer\be9e22.msi Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C025571B2A687A53689168CD7369889B]C:\Windows\Installer\14dbad2.msi Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\DC8A59DBF9D1DA5389A1E3975220E6BB]C:\Windows\Installer\14dbab5.msi Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\62DBF9290209B993A9A757D1160F9B24]C:\Windows\Installer\33e0b1.msi Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6E8D947A316B3EB3F8F540C548BE2AB9]C:\Windows\Installer\33e0ac.msi Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\22BEFC8F7E2A1793E9ADB411DEFE1C58]C:\Windows\Installer\33e0a7.msi Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\21EE4A31AE32173319EEFE3BD6FDFFE3]C:\Windows\Installer\33e0a2.msi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4BEA594979BAED93C82408E6FE57CE7A]c:\Windows\Installer\a71d5.msi Oracle VM VirtualBox 5.0.12 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D13739F61E98F8A4DB9A1D4068D0BD20]C:\Windows\Installer\72a9ea.msi Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4EC82571333CBF849A4E8D147E59DCEC]C:\Windows\Installer\77cb8.msi Skype Click to Call [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9A1221D6FB710CE4182F723DE03C7010]C:\Windows\Installer\82b3.msi SkypeT 7.21 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\74A569CF9384AC046B81814F680F246C]C:\Windows\Installer\34f6e.msi System Requirements Lab Detection [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\13DA707366986C24F8EE00E361BA7D60]C:\Windows\Installer\f2d031.msi XSplit Broadcaster [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E3C71D1334D3E0C48B61760307A63C09]C:\Windows\Installer\45b618d.msi XSplit Gamecaster [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\561ADAA506BF0C148852E3B5C6F542C4]C:\Windows\Installer\169410f.msi ==== Empty Folders Check ====================== C:\PROGRA~2\Raptr deleted successfully C:\PROGRA~2\COMMON~1\Blizzard Entertainment deleted successfully C:\Users\deckx\AppData\Roaming\Opera Software deleted successfully C:\Users\deckx\AppData\Roaming\Pro PC Cleaner deleted successfully C:\Users\deckx\AppData\Local\Opera Software deleted successfully ==== Checking Systemdrive for Symlinks ====================== Volume in drive C has no label. Volume Serial Number is 38AF-78DE Directory of C:\ 14/07/2009 07:08 Documents and Settings [C:\Users] 0 File(s) 0 bytes Directory of C:\ProgramData 14/07/2009 07:08 Application Data [C:\ProgramData] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\ProgramData\Oracle\Java\javapath 06/02/2015 22:31 java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe] 06/02/2015 22:31 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe] 06/02/2015 22:31 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe] 3 File(s) 0 bytes Directory of C:\Users 14/07/2009 07:08 All Users [C:\ProgramData] 14/07/2009 07:08 Default User [C:\Users\Default] 0 File(s) 0 bytes Directory of C:\Users\All Users 14/07/2009 07:08 Application Data [C:\ProgramData] 14/07/2009 07:08 Desktop [C:\Users\Public\Desktop] 14/07/2009 07:08 Documents [C:\Users\Public\Documents] 14/07/2009 07:08 Favorites [C:\Users\Public\Favorites] 14/07/2009 07:08 Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\ProgramData\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\All Users\Oracle\Java\javapath 06/02/2015 22:31 java.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\java.exe] 06/02/2015 22:31 javaw.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaw.exe] 06/02/2015 22:31 javaws.exe [C:\Program Files (x86)\Java\jre1.8.0_31\bin\javaws.exe] 3 File(s) 0 bytes Directory of C:\Users\deckx 15/11/2014 18:18 Application Data [C:\Users\deckx\AppData\Roaming] 15/11/2014 18:18 Cookies [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Cookies] 15/11/2014 18:18 Local Settings [C:\Users\deckx\AppData\Local] 15/11/2014 18:18 My Documents [C:\Users\deckx\Documents] 15/11/2014 18:18 NetHood [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 15/11/2014 18:18 PrintHood [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 15/11/2014 18:18 Recent [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Recent] 15/11/2014 18:18 SendTo [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\SendTo] 15/11/2014 18:18 Start Menu [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu] 15/11/2014 18:18 Templates [C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\deckx\AppData\Local 15/11/2014 18:18 Application Data [C:\Users\deckx\AppData\Local] 15/11/2014 18:18 History [C:\Users\deckx\AppData\Local\Microsoft\Windows\History] 15/11/2014 18:18 Temporary Internet Files [C:\Users\deckx\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\deckx\Documents 15/11/2014 18:18 My Music [C:\Users\deckx\Music] 15/11/2014 18:18 My Pictures [C:\Users\deckx\Pictures] 15/11/2014 18:18 My Videos [C:\Users\deckx\Videos] 0 File(s) 0 bytes Directory of C:\Users\Default 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Roaming] 14/07/2009 07:08 Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies] 14/07/2009 07:08 Local Settings [C:\Users\Default\AppData\Local] 14/07/2009 07:08 My Documents [C:\Users\Default\Documents] 14/07/2009 07:08 NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 14/07/2009 07:08 PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 14/07/2009 07:08 Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent] 14/07/2009 07:08 SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo] 14/07/2009 07:08 Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu] 14/07/2009 07:08 Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Default\AppData\Local 14/07/2009 07:08 Application Data [C:\Users\Default\AppData\Local] 14/07/2009 07:08 History [C:\Users\Default\AppData\Local\Microsoft\Windows\History] 14/07/2009 07:08 Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Default\Documents 14/07/2009 07:08 My Music [C:\Users\Default\Music] 14/07/2009 07:08 My Pictures [C:\Users\Default\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Default\Videos] 0 File(s) 0 bytes Directory of C:\Users\Public\Documents 14/07/2009 07:08 My Music [C:\Users\Public\Music] 14/07/2009 07:08 My Pictures [C:\Users\Public\Pictures] 14/07/2009 07:08 My Videos [C:\Users\Public\Videos] 0 File(s) 0 bytes Directory of C:\Users\Safe 09/12/2014 13:08 Application Data [C:\Users\Safe\AppData\Roaming] 09/12/2014 13:08 Cookies [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Cookies] 09/12/2014 13:08 Local Settings [C:\Users\Safe\AppData\Local] 09/12/2014 13:08 My Documents [C:\Users\Safe\Documents] 09/12/2014 13:08 NetHood [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Network Shortcuts] 09/12/2014 13:08 PrintHood [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Printer Shortcuts] 09/12/2014 13:08 Recent [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Recent] 09/12/2014 13:08 SendTo [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\SendTo] 09/12/2014 13:08 Start Menu [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Start Menu] 09/12/2014 13:08 Templates [C:\Users\Safe\AppData\Roaming\Microsoft\Windows\Templates] 0 File(s) 0 bytes Directory of C:\Users\Safe\AppData\Local 09/12/2014 13:08 Application Data [C:\Users\Safe\AppData\Local] 09/12/2014 13:08 History [C:\Users\Safe\AppData\Local\Microsoft\Windows\History] 09/12/2014 13:08 Temporary Internet Files [C:\Users\Safe\AppData\Local\Microsoft\Windows\Temporary Internet Files] 0 File(s) 0 bytes Directory of C:\Users\Safe\Documents 09/12/2014 13:08 My Music [C:\Users\Safe\Music] 09/12/2014 13:08 My Pictures [C:\Users\Safe\Pictures] 09/12/2014 13:08 My Videos [C:\Users\Safe\Videos] 0 File(s) 0 bytes Total Files Listed: 6 File(s) 0 bytes 66 Dir(s) 540.207.788.032 bytes free ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3377807318-2724434003-2614323792-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Installed Programs ====================== æTorrent 7-Zip 9.20 Adobe Flash Player 11 ActiveX Aeria Ignite Alliance of Valiant Arms AMD Accelerated Video Transcoding AMD Drag and Drop Transcoding AMD Fuel AMD Install Manager AMD Radeon Settings AMD Settings - Branding AMD Settings AMD Wireless Display v3.0 Battle.net Belfius Smart Card Reader Chrome-App CADdy++ - SEE Electrical schoolversie Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Localization All Catalyst Control Center Next Localization BR Catalyst Control Center Next Localization CHS Catalyst Control Center Next Localization CHT Catalyst Control Center Next Localization CS Catalyst Control Center Next Localization DA Catalyst Control Center Next Localization DE Catalyst Control Center Next Localization EL Catalyst Control Center Next Localization ES Catalyst Control Center Next Localization FI Catalyst Control Center Next Localization FR Catalyst Control Center Next Localization HU Catalyst Control Center Next Localization IT Catalyst Control Center Next Localization JA Catalyst Control Center Next Localization KO Catalyst Control Center Next Localization NL Catalyst Control Center Next Localization NO Catalyst Control Center Next Localization PL Catalyst Control Center Next Localization RU Catalyst Control Center Next Localization SV Catalyst Control Center Next Localization TH Catalyst Control Center Next Localization TR ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CPUID HWMonitor 1.28 DAEMON Tools Lite De SimsT 3 Definition Update for Microsoft Office 2010 (KB3114887) 32-Bit Edition Dota 2 Dota 2 Workshop Tools Alpha EA Download Manager Ezvid Farming Simulator 15 Fraps Geeks3D.com FurMark 1.9.1 Google Chrome Google Update Helper Grand Theft Auto IV GTA San Andreas Hearthstone inminet Java 8 Update 31 Java Auto Updater League of Legends Malwarebytes Anti-Malware version 2.1.6.1022 Microsoft .NET Framework 4.5.2 Microsoft Games for Windows - LIVE Redistributable Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft WSE 3.0 Runtime Minecraft 1.8.1 version 1.8.1 Need for Speed - Rivals OMSI 2 Open Broadcaster Software OpenTTD 1.5.2 Oracle VM VirtualBox 5.0.12 PlanetSide 2 PlaysTV Portal 2 Prison Architect Raptr Real Time Stat Tracker Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Renesas Electronics USB 3.0 Host Controller Driver Rockstar Games Social Club Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft .NET Framework 4.5.2 (KB3122656) Security Update for Microsoft .NET Framework 4.5.2 (KB3127229) Security Update for Microsoft .NET Framework 4.5.2 (KB3135996) Skype Click to Call Skype Web Plugin SkypeT 7.21 Steam Stranded II 1.0.0.1 System Requirements Lab Detection TeamSpeak 3 Client TeamViewer 11 Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition WinRAR 5.20 (64-bit) World of Tanks XSplit Broadcaster XSplit Gamecaster ==== Deleting Services ====================== ==== Registry Fix Code x64 ====================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "LaunchWebURL"=- ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Raptr not found "C:\ProgramData\LaunchURL.bat" not found C:\Users\deckx\AppData\Roaming\inminet deleted C:\PROGRA~3\Video Accelerator deleted C:\PROGRA~3\Package Cache deleted C:\Users\deckx\AppData\Local\Installer deleted C:\Users\deckx\AppData\Local\CrashRpt deleted C:\Users\Safe\AppData\Local\Unity deleted C:\Users\Safe\AppData\LocalLow\Unity deleted C:\Windows\SysNative\config\systemprofile\Searches deleted C:\windows\SysNative\GroupPolicy\machine deleted C:\windows\SysNative\GroupPolicy\gpt.ini deleted C:\Windows\SysWow64\AI_RecycleBin deleted ==== System Specs ====================== Windows: Windows 7 Ultimate Edition (64-bit) Service Pack 1 (Build 7601) Memory (RAM): 8141 MB CPU Info: AMD FX(tm)-6300 Six-Core Processor CPU Speed: 3469,3 MHz Sound Card: Speakers (Realtek High Definiti | 1 - DELL 1908FP (2- AMD High De | Speakers (XSplit Stream Audio | Display Adapters: AMD Radeon R9 200 Series | AMD Radeon R9 200 Series | AMD Radeon R9 200 Series | AMD Radeon R9 200 Series | AMD Radeon R9 200 Series | AMD Radeon R9 200 Series | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 2x; Generic PnP Monitor | Generic PnP Monitor | Screen Resolution: 1440 X 900 - 32 bit Network: Network Present Network Adapters: Realtek PCIe GBE Family Controller | VirtualBox Host-Only Ethernet Adapter CD / DVD Drives: 2x (D: | F: | ) D: HL-DT-STDVDRAM GH24NSB0 | F: DiscSoftVirtual Ports: COM1 LPT Port NOT Present. Mouse: 3 Button Wheel Mouse Present Hard Disks: C: 931,4GB Hard Disks - Free: C: 503,1GB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 01/08/16 | _ASUS_ - 1072009 Time Zone: Romance Standard Time Motherboard *: MSI 970A-G43 (MS-7693) Country: Belgi‰ Language: NLB ==== System Specs (Software) ====================== SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Internet Explorer Version: 11.0.9600.18230 Google Chrome version: 49.0.2623.110 Sun Java version: 1.8.0_31 (32-bit) Sun Java version: 1.8.0_31 (64-bit) ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== 2016-03-24 22:21:55 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\notepad.exe 2016-03-24 22:20:33 9D77CC4A36FEEA644D002CFB9B2D42C0 3231232 ----a-w- C:\Windows\explorer.exe 2016-03-06 14:21:16 5AD9053201878BA470F1E66ACC91CCAC 753847 ----a-w- C:\Windows\unins000.exe 2016-03-06 14:21:16 0E6B56C813847298853B64A11BD6DA14 89822 ----a-w- C:\Windows\unins000.dat ====== C:\Users\deckx\AppData\Local\Temp ==== 2016-03-24 20:57:58 50754352847B5E71E11ABF4D30407148 441220 ------w- C:\Users\Safe\AppData\Local\Temp\jna\jna3989856240401229874.dll ====== Java Cache ===== ====== C:\Windows\SysWOW64 ===== 2016-03-25 21:07:10 D0CA74BE380498A0111A73EB9C76CF8F 342016 ----a-w- C:\Windows\SysWOW64\certcli.dll 2016-03-25 18:24:51 F60154A0DD1DCCF2EE75BE45A676BA51 1242624 ----a-w- C:\Windows\SysWOW64\comsvcs.dll 2016-03-25 18:24:51 169BDD4EF6E99E43720534E07798400C 487936 ----a-w- C:\Windows\SysWOW64\catsrvut.dll 2016-03-25 16:28:56 4FA66A573E9A45D05AD5A25B1E76A35D 103120 ----a-w- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-03-25 16:12:50 136AA5B5E93C0C9B426D6AD68343CEE8 3221504 ----a-w- C:\Windows\SysWOW64\mstscax.dll 2016-03-25 16:12:49 8D28FCB0502B9E0871AF42257091EE3E 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll 2016-03-25 16:12:48 67AF92E4BEF45CA8CC99996D96D51688 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll 2016-03-25 16:12:38 6E91F67335D57DDFFE798C815444B0E3 210432 ----a-w- C:\Windows\SysWOW64\cewmdm.dll 2016-03-25 16:12:37 4489D5077C5D2396E3A94D652ADAE1CA 14336 ----a-w- C:\Windows\SysWOW64\fixmapi.exe 2016-03-25 16:12:37 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapistub.dll 2016-03-25 16:12:37 2BB34CC2D6DF7194F46C6508589EF8FD 76800 ----a-w- C:\Windows\SysWOW64\mapi32.dll 2016-03-25 16:12:34 F681617A48EC4FA8E560D4F8F98DD94F 216064 ----a-w- C:\Windows\SysWOW64\InkEd.dll 2016-03-25 16:12:16 FB224B0A63B8F58E91FE8A314AD295AD 17408 ----a-w- C:\Windows\SysWOW64\diskperf.exe 2016-03-25 16:12:16 65A5E27C2217D606E212B6088CCD6104 92160 ----a-w- C:\Windows\SysWOW64\sechost.dll 2016-03-25 16:12:16 629AD3FDA168D82D459164044A29F9BB 40448 ----a-w- C:\Windows\SysWOW64\typeperf.exe 2016-03-25 16:12:16 3E6731BF36A7D6C62D09671B427B6B67 37888 ----a-w- C:\Windows\SysWOW64\relog.exe 2016-03-25 16:12:16 3C1BE79C3CE6EB378108B11D94CA1072 364544 ----a-w- C:\Windows\SysWOW64\tracerpt.exe 2016-03-25 16:12:16 3B5DA649BF7B7D07510C06DE0AEEB4EB 82944 ----a-w- C:\Windows\SysWOW64\logman.exe 2016-03-25 16:11:59 DCC148408770F2D55B201F8FC26438A1 988160 ----a-w- C:\Windows\SysWOW64\drmv2clt.dll 2016-03-25 16:11:59 003C51B9FE38287BA4E0E58D3AE080BD 744960 ----a-w- C:\Windows\SysWOW64\blackbox.dll 2016-03-25 16:11:58 833FCABCB5D95B1911BA6E62FC82AC04 617984 ----a-w- C:\Windows\SysWOW64\wmdrmsdk.dll 2016-03-25 16:11:56 BB73C907D1BD437B6C30F2C23BB089FC 406016 ----a-w- C:\Windows\SysWOW64\drmmgrtn.dll 2016-03-25 16:11:51 B7D2BB84C590F0AE9DA51DBB065A780E 1005056 ----a-w- C:\Windows\SysWOW64\cryptui.dll 2016-03-25 16:11:51 B54FD1991E659FD61EF1D34EC27AAECD 81408 ----a-w- C:\Windows\SysWOW64\cryptsp.dll 2016-03-25 16:11:48 320A8699369C43CF53B2DB4538D17C52 504320 ----a-w- C:\Windows\SysWOW64\msscp.dll 2016-03-25 16:11:46 70E96EBE87A38857619671FCB9C8EC7B 265216 ----a-w- C:\Windows\SysWOW64\msnetobj.dll 2016-03-25 16:11:43 A56F4029FDCF4F817E78953CDA953E28 442880 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll 2016-03-25 16:11:43 2D21189858856316D55EAD55DF4964C2 374784 ----a-w- C:\Windows\SysWOW64\AudioEng.dll 2016-03-25 16:11:42 50B8937A81360D16A5C772302BD32CFE 195584 ----a-w- C:\Windows\SysWOW64\AudioSes.dll 2016-03-25 16:10:44 3553707B119AD5AAF1F31BFF5517A093 627712 ----a-w- C:\Windows\SysWOW64\usp10.dll 2016-03-25 16:10:37 BCBE1BD34AA5E3E585E8A186ECE49FA0 13664 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-25 16:10:37 74126D3BED0E43DE875B66C63C608F42 19808 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-25 16:10:37 3A2E6016FF209066F3129543660BE0B5 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2016-03-25 16:10:37 386C6B538AC4F36737819B79E679132D 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2016-03-25 16:10:37 1D96A0D2EF83C6C1176806C02F96384A 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-25 16:10:36 E5DE5F75FF6739AC9AABBDD4740B22A9 14176 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2016-03-25 16:10:36 E37EC711D51AAF9FD8570739ED8A1AC0 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2016-03-25 16:10:36 DB9FEFF915F895BE960E9D1D47639324 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2016-03-25 16:10:36 D07F2E1FF3CA24A06ADDE429A0130E50 16224 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-25 16:10:36 B05D416F3162D1686914606E9C794997 12128 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2016-03-25 16:10:36 924E2F51DE0177D08AABAB725421D70C 22368 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2016-03-25 16:10:36 85CF361F1388D42FEEDD3E2516D50CE7 66400 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2016-03-25 16:10:36 5E98B6B1D884AE801EEF41C42A080084 12640 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2016-03-25 16:10:36 522226C519CDD233360BF0CE80B0CEBA 15712 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2016-03-25 16:10:36 3DF1D7DA8C1493A5A00C0474323FEF20 922432 ----a-w- C:\Windows\SysWOW64\ucrtbase.dll 2016-03-25 16:10:36 0E9D1BCE1BB8A5E25B505CE7B52CCE74 17760 ----a-w- C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2016-03-25 16:10:28 50620D7F4EF26981C76B703C89DFF0FE 67584 ----a-w- C:\Windows\SysWOW64\asycfilt.dll 2016-03-25 16:10:28 4CE464D543C536B2E039524C93413238 572416 ----a-w- C:\Windows\SysWOW64\oleaut32.dll 2016-03-25 16:10:09 E869DDBE1C64BECEA0FF26C2BEE6385C 30208 ----a-w- C:\Windows\SysWOW64\wups.dll 2016-03-25 16:10:09 D432C3E330EC381F18F1D8492FD5A990 93696 ----a-w- C:\Windows\SysWOW64\wudriver.dll 2016-03-25 16:10:09 363C311357833FAB98788CADDA82781C 35328 ----a-w- C:\Windows\SysWOW64\wuapp.exe 2016-03-25 16:10:08 8C7AF1C5ED43F6A19D14DE7D04CF2D28 573440 ----a-w- C:\Windows\SysWOW64\wuapi.dll 2016-03-25 16:10:08 7F4449BE58F9D9853F010ADEF57C627E 174080 ----a-w- C:\Windows\SysWOW64\wuwebv.dll 2016-03-25 16:09:43 B804EAA9E037580F96C22537C2ECB62A 171520 ----a-w- C:\Windows\SysWOW64\ubpm.dll 2016-03-25 16:09:42 744AB3C1A73A57DEED49D631F1BDEA1D 2311168 ----a-w- C:\Windows\SysWOW64\wpdshext.dll 2016-03-25 16:09:38 FDB73E2FFDEE1F28D1AF3B80E3F0FE99 1251328 ----a-w- C:\Windows\SysWOW64\DWrite.dll 2016-03-25 16:09:36 0A78439765E31510D75C9E2284F3A722 833024 ----a-w- C:\Windows\SysWOW64\user32.dll 2016-03-25 16:09:32 EB11947B250AD259755939A2DE349FBB 14848 ----a-w- C:\Windows\SysWOW64\wshrm.dll 2016-03-25 16:09:30 6B003E11CDBDA3B45A3D16E5A9D3F73B 82432 ----a-w- C:\Windows\SysWOW64\davclnt.dll 2016-03-25 16:09:30 55C70654420DBF429604FD567E6F3CD3 206848 ----a-w- C:\Windows\SysWOW64\WebClnt.dll 2016-03-25 16:09:25 E90B8C7F9667650544ADC778CCD43568 30720 ----a-w- C:\Windows\SysWOW64\iernonce.dll 2016-03-25 16:09:25 5CCF8CCADD86DEF3F503869E209CB771 47616 ----a-w- C:\Windows\SysWOW64\ieetwproxystub.dll 2016-03-25 16:09:25 52733FEAAF339B76CF7DD82B676A959E 91136 ----a-w- C:\Windows\SysWOW64\inseng.dll 2016-03-25 16:09:25 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\SysWOW64\ieuinit.inf 2016-03-25 16:09:24 FB7B95D4A7F5BA563516335CC23FC53C 130048 ----a-w- C:\Windows\SysWOW64\occache.dll 2016-03-25 16:09:24 FAC2BB786EF0B771633A6CAEEE343CEF 76288 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2016-03-25 16:09:24 C99B6E09C23BF1FB1F1B1D02F1E3072F 341200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll 2016-03-25 16:09:24 C54971134F66CFBDE313D7D74A297AAC 2280448 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2016-03-25 16:09:24 C04FE126FE7661A727E2EACA3773BF63 496640 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2016-03-25 16:09:24 98F4BA49FDCC7B72C49264C898D95D29 60416 ----a-w- C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-03-25 16:09:24 94295E6C1D6A458D611491C45DA86325 279040 ----a-w- C:\Windows\SysWOW64\dxtrans.dll 2016-03-25 16:09:24 6D78ABE37BC816FBC67A62A7A1A5C582 1311744 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2016-03-25 16:09:24 3DF6C79B9F93A289D02395642645319C 20352512 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2016-03-25 16:09:24 072926C6A8342EB10FF4DA3BBBE57DB5 687104 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2016-03-25 16:09:23 F513214BA350CF5D0D362A002FE79733 2050560 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2016-03-25 16:09:23 9ECBE17BAE1171042910A24800E1A59C 62464 ----a-w- C:\Windows\SysWOW64\iesetup.dll 2016-03-25 16:09:23 0D9E4C237A6B6B78BF237FCA65A1103C 710144 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll 2016-03-25 16:09:23 02B17540AEDFFD935E1FCFF62941FD63 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2016-03-25 16:09:22 F02CF24E59AF96F7F2FFF8C3204F57B8 13012480 ----a-w- C:\Windows\SysWOW64\ieframe.dll 2016-03-25 16:09:22 D7CCF5333B2F75EF0F5ADC85960872B8 620032 ----a-w- C:\Windows\SysWOW64\jscript9diag.dll 2016-03-25 16:09:22 B8106E5CE39EAF8472DB521BB2C62150 663552 ----a-w- C:\Windows\SysWOW64\jscript.dll 2016-03-25 16:09:22 9D41CAE6A55681E9F816BDC80451B916 416256 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll 2016-03-25 16:09:22 77305AE3440CB9A28E76A88AE609C414 47104 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2016-03-25 16:09:22 4A7149C25E250A2B3E320556D3B28D8F 476160 ----a-w- C:\Windows\SysWOW64\ieui.dll 2016-03-25 16:09:21 F6F1806F34BB8C6C220A259F584A80E1 341504 ----a-w- C:\Windows\SysWOW64\html.iec 2016-03-25 16:09:21 EFB16D89CDDE7648D14E09D765AE52EB 230400 ----a-w- C:\Windows\SysWOW64\webcheck.dll 2016-03-25 16:09:21 EDB9618FF3238EF0FC2734F584B13A33 2121216 ----a-w- C:\Windows\SysWOW64\wininet.dll 2016-03-25 16:09:21 D1A735C183F2AD39CF6FE60E8593B0B2 4611072 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2016-03-25 16:09:21 4F8E44453EDB8083F504DDF679B55034 1155072 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll 2016-03-25 16:09:21 2EC93A7E9DEE0D310729490FD39EB1ED 115712 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2016-03-25 16:09:20 E36BD63A2B9EAC4AE3C5F4F0E0FEA025 168960 ----a-w- C:\Windows\SysWOW64\msrating.dll 2016-03-25 16:09:20 A795080ED1B03288F90FE7A357B08FA6 64000 ----a-w- C:\Windows\SysWOW64\MshtmlDac.dll 2016-03-25 16:08:37 58788565442368B0615DDAF1D452B843 530432 ----a-w- C:\Windows\SysWOW64\comctl32.dll 2016-03-25 16:08:33 F4AFDB5ABEA0C9079E8193E24D1DB21D 1174528 ----a-w- C:\Windows\SysWOW64\crypt32.dll 2016-03-25 16:08:33 588D52C2D0E60EE71FD5A64407865B10 179200 ----a-w- C:\Windows\SysWOW64\wintrust.dll 2016-03-25 16:08:33 33F67BBCC3C0499D3F3382473114CFA8 143872 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll 2016-03-25 16:08:32 D864C283FFD7C080FDC25FD4C798FF8D 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll 2016-03-25 16:08:14 7DAD20AB1DD90D89F9EF851F5EB60651 3938240 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe 2016-03-25 16:08:14 565DE7C3364D2B17A4115116251D5718 3994560 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe 2016-03-25 16:08:13 F5071D3802BC7A7AA65D58D57F9B7D70 553472 ----a-w- C:\Windows\SysWOW64\kerberos.dll 2016-03-25 16:08:12 B8E6C6411AAE69972DE30D2CC6ECABFD 1314328 ----a-w- C:\Windows\SysWOW64\ntdll.dll 2016-03-25 16:08:12 1827E4CAD59C32A1E913AAC375AC094F 251392 ----a-w- C:\Windows\SysWOW64\schannel.dll 2016-03-25 16:08:11 B994002C9AC277B400D8616AAEB3D83E 259584 ----a-w- C:\Windows\SysWOW64\msv1_0.dll 2016-03-25 16:08:11 886F415E4F7A87AF69EBF5020C67EF6F 686080 ----a-w- C:\Windows\SysWOW64\adtschema.dll 2016-03-25 16:08:11 81D70F77DBC2A20E8057FB373D0F9AE6 665088 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll 2016-03-25 16:08:11 1B2966418D805A871C30998D45570109 642560 ----a-w- C:\Windows\SysWOW64\advapi32.dll 2016-03-25 16:08:10 A51056F0AB2386C1032977E89BCB267A 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll 2016-03-25 16:08:10 5107D0FCD28BC68995D862B718C98CDD 223232 ----a-w- C:\Windows\SysWOW64\ncrypt.dll 2016-03-25 16:08:10 295EE61AFA07756F3CBCDF6CA012F905 275456 ----a-w- C:\Windows\SysWOW64\KernelBase.dll 2016-03-25 16:08:09 5D7A25E110E666040C37E16DF634A723 36352 ----a-w- C:\Windows\SysWOW64\cryptbase.dll 2016-03-25 16:08:09 21404A9B0692E19E04EE714F5D5C6C48 171520 ----a-w- C:\Windows\SysWOW64\wdigest.dll 2016-03-25 16:08:09 009045301F508A498F11EAD9D0FAA3FD 65536 ----a-w- C:\Windows\SysWOW64\TSpkg.dll 2016-03-25 16:08:08 F0B10B63F257577F270D7E5265FA576C 146432 ----a-w- C:\Windows\SysWOW64\msaudite.dll 2016-03-25 16:08:08 B3AE2AB29B51BC44511262259499D18B 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll 2016-03-25 16:08:08 ADFB530BD8835ACE1B272DA8A7308A96 50176 ----a-w- C:\Windows\SysWOW64\auditpol.exe 2016-03-25 16:08:08 93BCAB853A5B5A0665E7495ADBB03B76 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll 2016-03-25 16:08:07 D6B30A1D95917A934BA1CEC152763EBB 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll 2016-03-25 16:08:07 C9E5B2084321B113344015FEE3C89CCF 17408 ----a-w- C:\Windows\SysWOW64\credssp.dll 2016-03-25 16:08:07 821BE1FA64525FEFD4DF40C37F19193A 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll 2016-03-25 16:08:07 42F930264A6F84D74C30955399619240 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe 2016-03-25 16:08:06 9BD14CC0F472E93F453D3D50BBD3BBDA 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll 2016-03-25 16:08:06 80F95AD6D1B88FD5444015D4EA8FFA6F 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe 2016-03-25 16:08:05 99D3E1FAB38B1D6DA536243631BAB839 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll 2016-03-25 16:08:04 75991ED3804C48A396D6596BEC029D49 2048 ----a-w- C:\Windows\SysWOW64\user.exe 2016-03-25 16:08:03 C9A9A093C04AA3DA11D12E6374D7650A 60416 ----a-w- C:\Windows\SysWOW64\msobjs.dll 2016-03-25 16:07:36 73B2226CA11907E2AE3427BBF4C09967 296448 ----a-w- C:\Windows\SysWOW64\mfds.dll 2016-03-25 16:07:35 A691D4B4B4167F56A717C421F9CF58C7 1372160 ----a-w- C:\Windows\SysWOW64\dwmcore.dll 2016-03-25 16:07:35 52213D271F6804AAA44F57AEFD2B778A 67584 ----a-w- C:\Windows\SysWOW64\dwmapi.dll 2016-03-24 22:23:35 B0AFC72F5BAE0C06DB30B409B9D05D8A 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll 2016-03-24 22:22:54 0D0FF2A38473552DDFF4F21756700F9B 50688 ----a-w- C:\Windows\SysWOW64\appidapi.dll 2016-03-24 22:22:42 F61A069A5517F85662ED9A6C5AD5445A 73216 ----a-w- C:\Windows\SysWOW64\msiexec.exe 2016-03-24 22:22:42 D7C4ABB0F1FFA371928EED0C7A6E24DC 2364416 ----a-w- C:\Windows\SysWOW64\msi.dll 2016-03-24 22:22:42 C08582E7F8EA706A2D4A3C7BD5AC35C1 337408 ----a-w- C:\Windows\SysWOW64\msihnd.dll 2016-03-24 22:22:41 A344B1EFA7DB86AE1407039CD596FB1E 25088 ----a-w- C:\Windows\SysWOW64\msimsg.dll 2016-03-24 22:22:26 965CFC7687F0D188F215DC142FC8F6A1 1987584 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll 2016-03-24 22:22:24 D5AFC3A476925CE740B7079D9BD2D269 295936 ----a-w- C:\Windows\SysWOW64\apphelp.dll 2016-03-24 22:22:24 2996B3E7BBA42BEA62D386D9386EDE97 20992 ----a-w- C:\Windows\SysWOW64\sdbinst.exe 2016-03-24 22:22:24 15DDF8D059752C6CBE3DCDCAA1264F45 5120 ----a-w- C:\Windows\SysWOW64\shimeng.dll 2016-03-24 22:22:23 E85BED746BBDDCD29AD63F6085E1CE78 299520 ----a-w- C:\Windows\SysWOW64\atmfd.dll 2016-03-24 22:22:23 BC8EA7CD95A7BA8B468B47BD7D9E55AF 25600 ----a-w- C:\Windows\SysWOW64\lpk.dll 2016-03-24 22:22:23 B1B26BEDCB21B574B3CADCDC3BE9E969 70656 ----a-w- C:\Windows\SysWOW64\fontsub.dll 2016-03-24 22:22:23 84E9A8646F19EC99673EC863D0815133 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll 2016-03-24 22:22:23 0F3A519AC7E43B77EE4EAE50F347C913 10240 ----a-w- C:\Windows\SysWOW64\dciman32.dll 2016-03-24 22:22:12 0E1490FB24DF3386AF80F66107A8515C 635392 ----a-w- C:\Windows\SysWOW64\tdh.dll 2016-03-24 22:21:54 A4F6DF0E33E644E802C8798ED94D80EA 179712 ----a-w- C:\Windows\SysWOW64\notepad.exe 2016-03-24 22:21:49 BBCD95BC468665A596D7ED2D6233A34E 509952 ----a-w- C:\Windows\SysWOW64\qedit.dll 2016-03-24 22:21:38 C489D8B4D8C64F20CC75A93F541F7D91 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe 2016-03-24 22:21:35 D1450810490EB170A182C4AC915CB87C 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL 2016-03-24 22:21:35 3CC0EF43C256D0A28C908F36AD06963D 970240 ----a-w- C:\Windows\SysWOW64\msmpeg2adec.dll 2016-03-24 22:21:34 EDCAA72A69E36517F1493F09B8A834F7 829952 ----a-w- C:\Windows\SysWOW64\MSMPEG2ENC.DLL 2016-03-24 22:21:34 B049A75BD074FC465D2BCE2BF5B15D75 3209728 ----a-w- C:\Windows\SysWOW64\mf.dll 2016-03-24 22:21:34 A0448DC7978E550FE64B9A984522B963 815616 ----a-w- C:\Windows\SysWOW64\WMADMOE.DLL 2016-03-24 22:21:34 96FF617934E6A87AA810719D1D911DA9 541184 ----a-w- C:\Windows\SysWOW64\WMVSDECD.DLL 2016-03-24 22:21:34 7368176B23E9BE5D23ED9BFE1D58AC0C 902144 ----a-w- C:\Windows\SysWOW64\WMADMOD.DLL 2016-03-24 22:21:34 62851F0D13AD06F0042C8109E680421F 739328 ----a-w- C:\Windows\SysWOW64\WMSPDMOD.DLL 2016-03-24 22:21:33 FEAEA5182DB9072EBD493466F8608EB8 1568768 ----a-w- C:\Windows\SysWOW64\WMVENCOD.DLL 2016-03-24 22:21:33 EDB8F80672DBF24C6C522A29F5854F14 153600 ----a-w- C:\Windows\SysWOW64\COLORCNV.DLL 2016-03-24 22:21:33 B25C60E9ED641AFF18198CBF6C288DB8 740352 ----a-w- C:\Windows\SysWOW64\wmpmde.dll 2016-03-24 22:21:33 A7FAA81D1622D6AF4467A81B42D30DBE 241152 ----a-w- C:\Windows\SysWOW64\MPG4DECD.DLL 2016-03-24 22:21:33 92BBFF13DE00F30DABC03CFF59D8678E 609280 ----a-w- C:\Windows\SysWOW64\MFWMAAEC.DLL 2016-03-24 22:21:33 89FBB1C25E02767572AB1F136EE8CD04 1329664 ----a-w- C:\Windows\SysWOW64\quartz.dll 2016-03-24 22:21:33 7C135C38EC6586F7562CFBC184A514E2 2285056 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll 2016-03-24 22:21:33 78E7D511C9FB80ADC9A1DD22CCF66C0E 519680 ----a-w- C:\Windows\SysWOW64\qdvd.dll 2016-03-24 22:21:33 71C9DDA9ED939361C1CA2CE21EA84DBF 665088 ----a-w- C:\Windows\SysWOW64\WMVXENCD.DLL 2016-03-24 22:21:33 6B1BB70E72B573EBDF1235B77DF5706D 1325056 ----a-w- C:\Windows\SysWOW64\WMSPDMOE.DLL 2016-03-24 22:21:33 66EB4C814BF7BD76CF7CBC7F562234BA 67584 ----a-w- C:\Windows\SysWOW64\devenum.dll 2016-03-24 22:21:33 65EED8B27B02573948434B583DACFB39 489984 ----a-w- C:\Windows\SysWOW64\evr.dll 2016-03-24 22:21:33 5CF623B21998B8F1D081D55910A0BDA7 206848 ----a-w- C:\Windows\SysWOW64\qasf.dll 2016-03-24 22:21:33 5342DCCA8EA8ED193ACAAD14A5046982 354816 ----a-w- C:\Windows\SysWOW64\mfplat.dll 2016-03-24 22:21:33 2C838797F2F6138EF36C8964487775B9 358400 ----a-w- C:\Windows\SysWOW64\WMVSENCD.DLL 2016-03-24 22:21:33 0697FF546D6D70AE7F77EF6398004153 241152 ----a-w- C:\Windows\SysWOW64\MP43DECD.DLL 2016-03-24 22:21:32 D6A767B747F4D58EBDAAD1925DC863FA 206848 ----a-w- C:\Windows\SysWOW64\RESAMPLEDMO.DLL 2016-03-24 22:21:32 BE2D4165A6845FEE05CBD36D8B41E518 193536 ----a-w- C:\Windows\SysWOW64\ksproxy.ax 2016-03-24 22:21:32 936E6F6F76136BC73B13D25A254BC84B 50176 ----a-w- C:\Windows\SysWOW64\rrinstaller.exe 2016-03-24 22:21:32 8A2A7AA90CBA77DD44FBAE713B4B3877 415744 ----a-w- C:\Windows\SysWOW64\MP4SDECD.DLL 2016-03-24 22:21:32 5DCE986C8D7E91B455FB3D57BF955A2A 79872 ----a-w- C:\Windows\SysWOW64\MP3DMOD.DLL 2016-03-24 22:21:32 4FBCDC326769C31CB283981A51C867F3 53248 ----a-w- C:\Windows\SysWOW64\mfvdsp.dll 2016-03-24 22:21:32 24D74CF313DC62C65EEA4726AE2EB3F8 154112 ----a-w- C:\Windows\SysWOW64\VIDRESZR.DLL 2016-03-24 22:21:31 FEB2B13697D1C482D84FB626A0F1F73A 2048 ----a-w- C:\Windows\SysWOW64\mferror.dll 2016-03-24 22:21:31 BBE4D9B89B3FBC97C0F381C2F9C4ADEF 23040 ----a-w- C:\Windows\SysWOW64\mfpmp.exe 2016-03-24 22:21:31 A4C85F362EBB7815676F1CD9CFC5BA59 4608 ----a-w- C:\Windows\SysWOW64\ksuser.dll 2016-03-24 22:21:31 41BAC1A440EAA15AD4CC15B0C7870AB0 103424 ----a-w- C:\Windows\SysWOW64\mfps.dll 2016-03-24 22:21:27 F615574BF6B81533F3382856BE359237 2048 ----a-w- C:\Windows\SysWOW64\msxml6r.dll 2016-03-24 22:21:27 BF49B5D47D80D8711E3D54C8E0A59130 1241088 ----a-w- C:\Windows\SysWOW64\msxml3.dll 2016-03-24 22:21:27 4DF7AD468DA9828D4B704805EEE2C7B1 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll 2016-03-24 22:21:27 2032B7698A8DCA5E157FD4ED153E9A76 1391104 ----a-w- C:\Windows\SysWOW64\msxml6.dll 2016-03-24 22:21:19 63F52FF6FCA2C492F4FB7EE545319FA8 251000 ----a-w- C:\Windows\SysWOW64\bcryptprimitives.dll 2016-03-24 22:21:18 E00604CE082BA387AC1D354C45F7EDEC 1413632 ----a-w- C:\Windows\SysWOW64\ole32.dll 2016-03-24 22:20:59 84B460BB65567ED42DD605FA044DB370 828928 ----a-w- C:\Windows\SysWOW64\msctf.dll 2016-03-24 22:20:52 6AF4B613D9EAC33034D2B5776B89394D 535040 ----a-w- C:\Windows\SysWOW64\EncDec.dll 2016-03-24 22:20:52 3F37385824263575518137EB6D60C90B 642048 ----a-w- C:\Windows\SysWOW64\CPFilters.dll 2016-03-24 22:20:50 C8D06454D122EE572A117CB2BD198E2E 114176 ----a-w- C:\Windows\SysWOW64\mtxoci.dll 2016-03-24 22:20:49 1682569FCB2BD576B7F8BCC5506BAF24 176128 ----a-w- C:\Windows\SysWOW64\msorcl32.dll 2016-03-24 22:20:33 F4AC739D8C76DD13CA2EBF638D030B2D 12877824 ----a-w- C:\Windows\SysWOW64\shell32.dll 2016-03-24 22:20:32 B4ABC755C1CB8066DA8EE29100C78FC4 1498624 ----a-w- C:\Windows\SysWOW64\ExplorerFrame.dll 2016-03-24 22:20:32 7335DD3AB298309DD343DD0785144E59 1805824 ----a-w- C:\Windows\SysWOW64\authui.dll 2016-03-24 22:20:32 2A156D5EBF221EF2A6AE7CE452324DAC 2973184 ----a-w- C:\Windows\SysWOW64\explorer.exe 2016-03-24 22:20:20 0BACC9DB52051142492AA8F09ADAF8B5 11411456 ----a-w- C:\Windows\SysWOW64\wmp.dll 2016-03-24 22:20:19 6535F092A603C6EEED0D923AB05735E1 8192 ----a-w- C:\Windows\SysWOW64\spwmp.dll 2016-03-24 22:20:19 43C68440DD263F5CAEF8C34C12214A4A 12625408 ----a-w- C:\Windows\SysWOW64\wmploc.DLL 2016-03-24 22:20:19 0B24E6A3563BB541F4DCAF48EC9AE152 4096 ----a-w- C:\Windows\SysWOW64\msdxm.ocx 2016-03-24 22:20:19 0B24E6A3563BB541F4DCAF48EC9AE152 4096 ----a-w- C:\Windows\SysWOW64\dxmasf.dll 2016-03-24 22:20:18 5F3628DCF926C4499BE1DC74431DFBC8 1230848 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll 2016-03-24 22:20:14 E7CA874DA58A607E11ACAB33718AE9FA 179712 ----a-w- C:\Windows\SysWOW64\els.dll 2016-03-24 22:20:14 7FD1DCF4F11C61621AE9279E26FADCF3 312320 ----a-w- C:\Windows\SysWOW64\gdi32.dll 2016-03-24 22:20:13 D824C1C235349B67E652A5CA70D1AA49 58880 ----a-w- C:\Windows\SysWOW64\clfsw32.dll 2016-03-24 22:02:25 9566C8BBD2271A7962D4432A624762AD 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll ====== C:\Windows\SysWOW64\drivers ===== 2016-03-10 17:06:53 ED32D389F8B0E74E400932E020BCFBDF 676864 ----a-w- C:\Windows\SysWOW64\drivers\hardlock.sys ====== C:\Windows\Sysnative ===== 2016-03-25 21:07:10 ED4B980701D081AC42F7B121C1E42149 460800 ----a-w- C:\Windows\Sysnative\certcli.dll 2016-03-25 18:24:51 E385472FF300F2BFD323B667EBAE93C7 1735680 ----a-w- C:\Windows\Sysnative\comsvcs.dll 2016-03-25 18:24:51 75DFE3CE6A8BFC995CC1D615B74DF8B0 525312 ----a-w- C:\Windows\Sysnative\catsrvut.dll 2016-03-25 16:28:56 52ED64BF80D360B0EA2B6E5F1504CDFF 124624 ----a-w- C:\Windows\Sysnative\PresentationCFFRasterizerNative_v0300.dll 2016-03-25 16:13:13 40686B59C127F0C93B4234E4A1E3472A 1110016 ----a-w- C:\Windows\Sysnative\schedsvc.dll 2016-03-25 16:13:08 168EA9CD9BD6056BB6F60B57D5304BBE 52736 ----a-w- C:\Windows\Sysnative\basesrv.dll 2016-03-25 16:12:50 6390B8C0F8FEBCE0C38BF3070ABD13F6 3722752 ----a-w- C:\Windows\Sysnative\mstscax.dll 2016-03-25 16:12:49 FD61A5C38FFD7D8D797319209A6632E0 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll 2016-03-25 16:12:49 D11620533175884EB3491E1ED770C86A 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll 2016-03-25 16:12:38 60696836CAD56F1B47059E1BA739787D 254976 ----a-w- C:\Windows\Sysnative\cewmdm.dll 2016-03-25 16:12:37 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapistub.dll 2016-03-25 16:12:37 73DC9840FE246158ECCBC8270847CCBC 91648 ----a-w- C:\Windows\Sysnative\mapi32.dll 2016-03-25 16:12:37 2FFBA1EAE28B45A92E2EA70C61C66F14 17920 ----a-w- C:\Windows\Sysnative\fixmapi.exe 2016-03-25 16:12:34 799E20ADF08BB7EB5D0FF784C311F4B3 275456 ----a-w- C:\Windows\Sysnative\InkEd.dll 2016-03-25 16:12:34 313E9727FD22B721E356B3E75D3B7FDD 24576 ----a-w- C:\Windows\Sysnative\jnwmon.dll 2016-03-25 16:12:29 71C85477DF9347FE8E7BC55768473FCA 328704 ----a-w- C:\Windows\Sysnative\services.exe 2016-03-25 16:12:16 E20BF3FA89DE67B00ED713B5254C0BF0 47104 ----a-w- C:\Windows\Sysnative\typeperf.exe 2016-03-25 16:12:16 858F04B3C39239972959E9EE97CACAE4 43008 ----a-w- C:\Windows\Sysnative\relog.exe 2016-03-25 16:12:16 6703266C1E56157B5965F9AC868A20AC 404992 ----a-w- C:\Windows\Sysnative\tracerpt.exe 2016-03-25 16:12:16 4F90A7A0FCBC0ED18E573917860062FF 113664 ----a-w- C:\Windows\Sysnative\sechost.dll 2016-03-25 16:12:16 210E7D1EA34369194BE09493784E27BE 104448 ----a-w- C:\Windows\Sysnative\logman.exe 2016-03-25 16:12:16 1B93381366141875D8EE7EC1085236B9 19456 ----a-w- C:\Windows\Sysnative\diskperf.exe 2016-03-25 16:11:59 DF6104DCED89E13A78BA5539CEF5100A 1202176 ----a-w- C:\Windows\Sysnative\drmv2clt.dll 2016-03-25 16:11:59 A53A63831185FF5339E76221BE45E6B9 842240 ----a-w- C:\Windows\Sysnative\blackbox.dll 2016-03-25 16:11:58 7F4D59E70DD6E757E96B40570B498D5C 782848 ----a-w- C:\Windows\Sysnative\wmdrmsdk.dll 2016-03-25 16:11:57 B2F02AB28864B6D5B5B9BEDA565D41BB 497664 ----a-w- C:\Windows\Sysnative\drmmgrtn.dll 2016-03-25 16:11:52 410F6B1BE785F3630B4782F8E3D85A24 1069056 ----a-w- C:\Windows\Sysnative\cryptui.dll 2016-03-25 16:11:51 DB2D62AA2DF6B1F3D690A9EC9701AA2C 188416 ----a-w- C:\Windows\Sysnative\pcasvc.dll 2016-03-25 16:11:51 94BC902494AFC9F5EBC5FBB61445D73F 82432 ----a-w- C:\Windows\Sysnative\cryptsp.dll 2016-03-25 16:11:50 F88B4A9EA1A956F09D5001D08B546228 641024 ----a-w- C:\Windows\Sysnative\msscp.dll 2016-03-25 16:11:48 AE66D26930CA536706078537CB5AC840 325632 ----a-w- C:\Windows\Sysnative\msnetobj.dll 2016-03-25 16:11:48 6968D02DC38757C3FBE7ED7C2F9670AA 680960 ----a-w- C:\Windows\Sysnative\audiosrv.dll 2016-03-25 16:11:47 C0AE7ABD87254B2789C8CB34AF274A65 296448 ----a-w- C:\Windows\Sysnative\AudioSes.dll 2016-03-25 16:11:47 7BC64DEEFD0E6812E21DE89F0CF50A49 500224 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll 2016-03-25 16:11:47 6E974F1C384615DEB0710E44F4847351 126464 ----a-w- C:\Windows\Sysnative\audiodg.exe 2016-03-25 16:11:43 A84C94CF795E08BBB99E4E145F9E81A3 11264 ----a-w- C:\Windows\Sysnative\pcawrk.exe 2016-03-25 16:11:43 3A7BC2DC99D3C5B172465E890B3C3B14 440832 ----a-w- C:\Windows\Sysnative\AudioEng.dll 2016-03-25 16:11:43 27793FE3FF2D0123896D1A01A2D222C7 37376 ----a-w- C:\Windows\Sysnative\pcadm.dll 2016-03-25 16:11:42 ED6BF1E1C4F40F600DFEC0CB101A1789 9728 ----a-w- C:\Windows\Sysnative\pcalua.exe 2016-03-25 16:11:42 56FD1BC602EE0E7949F92EE2EE327B72 284672 ----a-w- C:\Windows\Sysnative\EncDump.dll 2016-03-25 16:11:41 FE03B35A22C3D2714B494FC2AB32AC5B 8704 ----a-w- C:\Windows\Sysnative\pcaevts.dll 2016-03-25 16:10:45 077CC8BF1076D49E85687AACB30956A1 802304 ----a-w- C:\Windows\Sysnative\usp10.dll 2016-03-25 16:10:37 EBA98AF7BA9FC4696BFD3F03D43CE07B 13664 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-filesystem-l1-1-0.dll 2016-03-25 16:10:37 D8F7A8440C5B23A587D981E7B9A4892C 15712 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-convert-l1-1-0.dll 2016-03-25 16:10:37 A98EC7EDB339CD967E5CBD5EEC174CEB 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-conio-l1-1-0.dll 2016-03-25 16:10:37 0753722E5BD0AF130C1B465F2981477C 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-environment-l1-1-0.dll 2016-03-25 16:10:36 E9C7DF2BC9C5157F2195737948DBFA0B 19808 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-multibyte-l1-1-0.dll 2016-03-25 16:10:36 CB20CCF93E34CC08AB4B58A344E76DD1 14176 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-time-l1-1-0.dll 2016-03-25 16:10:36 CAB18EAC01B9FCF6A0CA74E95FADB8B7 20832 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-math-l1-1-0.dll 2016-03-25 16:10:36 C2F694722F8D98990B218ECAB729B0FE 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-heap-l1-1-0.dll 2016-03-25 16:10:36 A4FA9CA07855A7F237D1908E62B5B1C7 12640 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-process-l1-1-0.dll 2016-03-25 16:10:36 92375150AD3F19431B49793DC7111962 63840 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-private-l1-1-0.dll 2016-03-25 16:10:36 6A2C655BC6B7E2EDFC98B632B521697D 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-string-l1-1-0.dll 2016-03-25 16:10:36 62ED9DA33AFE5624A08D9427527536FE 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-locale-l1-1-0.dll 2016-03-25 16:10:36 4CDCE034568C1177325799A60F987F27 16224 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-runtime-l1-1-0.dll 2016-03-25 16:10:36 1EB17F650462EEA820F4CD727D2D3AB1 994760 ----a-w- C:\Windows\Sysnative\ucrtbase.dll 2016-03-25 16:10:36 1EA4F3D5312C15A64904A6E9E457612D 12128 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-utility-l1-1-0.dll 2016-03-25 16:10:36 020E0DCC82A7C5AFDEE3FBA57C5F30D3 17760 ----a-w- C:\Windows\Sysnative\api-ms-win-crt-stdio-l1-1-0.dll 2016-03-25 16:10:29 B429BEF73402E8D2B2731ECA08D6195F 862208 ----a-w- C:\Windows\Sysnative\oleaut32.dll 2016-03-25 16:10:28 86A6D548E36B0F77138388E3395A04A8 84992 ----a-w- C:\Windows\Sysnative\asycfilt.dll 2016-03-25 16:10:08 F50C6862DB860F91051625800F61F71E 12288 ----a-w- C:\Windows\Sysnative\wu.upgrade.ps.dll 2016-03-25 16:10:08 F0D39C0EB4DEED96714499518156BC6C 3169792 ----a-w- C:\Windows\Sysnative\wucltux.dll 2016-03-25 16:10:08 F09D8A5175BDD9533F7F900CAD213C91 37888 ----a-w- C:\Windows\Sysnative\wuapp.exe 2016-03-25 16:10:08 D7DBB0C85B065CAFD6C5C888220A31E1 37888 ----a-w- C:\Windows\Sysnative\wups2.dll 2016-03-25 16:10:08 86F11B85102AFA6A1A6101DCE2F09386 2610688 ----a-w- C:\Windows\Sysnative\wuaueng.dll 2016-03-25 16:10:08 7BD7019E51A13D5CFAFAE8A68C416C64 36864 ----a-w- C:\Windows\Sysnative\wups.dll 2016-03-25 16:10:08 70A3693BE74AE57DEA201DAD89A6B703 192512 ----a-w- C:\Windows\Sysnative\wuwebv.dll 2016-03-25 16:10:08 6B6050BC5BE9F4ADF7766BCBD34B5F6C 98816 ----a-w- C:\Windows\Sysnative\wudriver.dll 2016-03-25 16:10:08 3DC8EC659B29A47D0DD05A454F4C9FF8 709120 ----a-w- C:\Windows\Sysnative\wuapi.dll 2016-03-25 16:10:08 37795555D27002BF1A59135B60268690 91136 ----a-w- C:\Windows\Sysnative\WinSetupUI.dll 2016-03-25 16:10:08 1F0038F5B57D5BDA7C1368EA240B4D57 140288 ----a-w- C:\Windows\Sysnative\wuauclt.exe 2016-03-25 16:09:43 1FB81632476857E8451DDA8A456EF3CE 215552 ----a-w- C:\Windows\Sysnative\ubpm.dll 2016-03-25 16:09:42 E5404072A5A9E0B452ADDF1D1339176C 2543104 ----a-w- C:\Windows\Sysnative\wpdshext.dll 2016-03-25 16:09:38 BCB16AE33AA58E0042F3EF34CFB6396A 1180160 ----a-w- C:\Windows\Sysnative\FntCache.dll 2016-03-25 16:09:38 1AE1D0D71C3C61A0ECA941140E1E2FF8 1648128 ----a-w- C:\Windows\Sysnative\DWrite.dll 2016-03-25 16:09:36 06BF84D26A05D400F6B3FB3D3DE0B03A 1008640 ----a-w- C:\Windows\Sysnative\user32.dll 2016-03-25 16:09:32 2DA9EB73046595D79ADE306BC22B02C4 17408 ----a-w- C:\Windows\Sysnative\wshrm.dll 2016-03-25 16:09:30 4E89FC53493704BF835F0300DC201C34 260096 ----a-w- C:\Windows\Sysnative\WebClnt.dll 2016-03-25 16:09:30 16FD9A0F6EDEF091A72D7D3B77574008 102912 ----a-w- C:\Windows\Sysnative\davclnt.dll 2016-03-25 16:09:25 530EDBCCA18717998332B45F5E71F01B 2887680 ----a-w- C:\Windows\Sysnative\iertutil.dll 2016-03-25 16:09:25 2CBD6D22499EB13A2666F62EF33D00E2 16303 ----a-w- C:\Windows\Sysnative\ieuinit.inf 2016-03-25 16:09:25 143B716CCA1E11CC326D3ACEA323D2D0 34304 ----a-w- C:\Windows\Sysnative\iernonce.dll 2016-03-25 16:09:24 F6B1086C15175B9749A8D856ACA5FE9C 107520 ----a-w- C:\Windows\Sysnative\inseng.dll 2016-03-25 16:09:24 AC21A5E51B9EFBD13E87BF861653E18B 77824 ----a-w- C:\Windows\Sysnative\JavaScriptCollectionAgent.dll 2016-03-25 16:09:24 9E4DB338EFBF08913171B7C83E8B412F 718336 ----a-w- C:\Windows\Sysnative\ie4uinit.exe 2016-03-25 16:09:24 73368D36DEF5EBBB199B3585D375DE2D 114688 ----a-w- C:\Windows\Sysnative\ieetwcollector.exe 2016-03-25 16:09:24 5ED817DF292B92A8090A9D8201549A93 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2016-03-25 16:09:24 06B2FF74CA284C00692D8AC1AC79045E 48640 ----a-w- C:\Windows\Sysnative\ieetwproxystub.dll 2016-03-25 16:09:23 FB56458B902E3B7F4D09A493FC8CBFFE 1546752 ----a-w- C:\Windows\Sysnative\urlmon.dll 2016-03-25 16:09:23 B3A8B66922B6B97A09F02C8AA5C32F64 152064 ----a-w- C:\Windows\Sysnative\occache.dll 2016-03-25 16:09:23 548929D367CEC5FFCF9884D41B101B6B 387792 ----a-w- C:\Windows\Sysnative\iedkcs32.dll 2016-03-25 16:09:22 D43EEF5FD3A6F51FA7F253CB98C9B351 315392 ----a-w- C:\Windows\Sysnative\dxtrans.dll 2016-03-25 16:09:22 81A506305EA2DBA0E0EE33332B642143 968704 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe 2016-03-25 16:09:22 59F1834740128C82558092CC774D35F9 800768 ----a-w- C:\Windows\Sysnative\ieapfltr.dll 2016-03-25 16:09:22 41E59B7B8DAFFC5C9BE91B1158E3894B 66560 ----a-w- C:\Windows\Sysnative\iesetup.dll 2016-03-25 16:09:22 128A43A30C77B8E610ECE3E0D37D8793 4096 ----a-w- C:\Windows\Sysnative\ieetwcollectorres.dll 2016-03-25 16:09:22 0326E57CEEE24A37F39FB43F0F8E7B29 798720 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2016-03-25 16:09:21 A66C23356E24B52B0C877B5147E5005F 571904 ----a-w- C:\Windows\Sysnative\vbscript.dll 2016-03-25 16:09:21 3E116772A7B17F05C6F26EA613949D98 2123264 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2016-03-25 16:09:21 0933A68F09692D19FC1EC6BC6A2C629F 54784 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2016-03-25 16:09:20 9E0DE6FE9C1790571AE3915DFB4FAB95 615936 ----a-w- C:\Windows\Sysnative\ieui.dll 2016-03-25 16:09:20 93D65A0011C3DC4F7422624068A6A4FC 1359360 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll 2016-03-25 16:09:20 85C65082595511D7153C18D3F422E632 92160 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2016-03-25 16:09:20 820B76DCF5708DD4DB5784C01F9254B4 489984 ----a-w- C:\Windows\Sysnative\dxtmsft.dll 2016-03-25 16:09:20 3DA511916E94D4B75D173E4CD8B7DA51 14613504 ----a-w- C:\Windows\Sysnative\ieframe.dll 2016-03-25 16:09:19 C15649DEABA6B45562009663673E23D1 2597376 ----a-w- C:\Windows\Sysnative\wininet.dll 2016-03-25 16:09:19 89176EBC1F9E152BF444B114AB802D2A 262144 ----a-w- C:\Windows\Sysnative\webcheck.dll 2016-03-25 16:09:19 883F1ED2E13465CD71CA97707ABD3694 144384 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2016-03-25 16:09:19 612B73825E88F6CF137D29A44495BD82 817664 ----a-w- C:\Windows\Sysnative\jscript.dll 2016-03-25 16:09:19 51389B3929CDAE54DE7516ACBC4BE062 814080 ----a-w- C:\Windows\Sysnative\jscript9diag.dll 2016-03-25 16:09:19 26DCAEEFB541175137FCE9406E2AF2B0 6052352 ----a-w- C:\Windows\Sysnative\jscript9.dll 2016-03-25 16:09:18 D46791D9D1F7D2D5DE0A58F7BD35F75B 88064 ----a-w- C:\Windows\Sysnative\MshtmlDac.dll 2016-03-25 16:09:18 8F84D4D9632C0B95D16C1BB5D74C793B 25816576 ----a-w- C:\Windows\Sysnative\mshtml.dll 2016-03-25 16:09:18 59571CCC6E1820D43E233BC7D0877B7A 199680 ----a-w- C:\Windows\Sysnative\msrating.dll 2016-03-25 16:09:18 30E0B077DC484292B999C11D77A065F3 417792 ----a-w- C:\Windows\Sysnative\html.iec 2016-03-25 16:08:37 51F89CE2D0FEC66070354504E6C4C3E4 633856 ----a-w- C:\Windows\Sysnative\comctl32.dll 2016-03-25 16:08:33 C5752F5CE47B6B00F914AE91087C0CB4 229376 ----a-w- C:\Windows\Sysnative\wintrust.dll 2016-03-25 16:08:33 7EE0A3B9E904AF4744E4D8F00CB5CA32 140288 ----a-w- C:\Windows\Sysnative\cryptnet.dll 2016-03-25 16:08:33 7BC3E861F7E8EB543A630090FAE779E0 188416 ----a-w- C:\Windows\Sysnative\cryptsvc.dll 2016-03-25 16:08:33 71187FA11F58012C188453877E16EB8B 1480192 ----a-w- C:\Windows\Sysnative\crypt32.dll 2016-03-25 16:08:15 F4401BE752919B5EE271A9B355F5710A 5572032 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe 2016-03-25 16:08:15 9C3035A9AA1986DAA9A7A233724BA71B 1733592 ----a-w- C:\Windows\Sysnative\ntdll.dll 2016-03-25 16:08:14 EFF15466D1D6C61E92CB129B00D5D24E 1461248 ----a-w- C:\Windows\Sysnative\lsasrv.dll 2016-03-25 16:08:14 9A16001E1924D9EAAC3CA359A516EEE7 1214464 ----a-w- C:\Windows\Sysnative\rpcrt4.dll 2016-03-25 16:08:14 89AB9AECC8906A1379701B43D25205D8 730112 ----a-w- C:\Windows\Sysnative\kerberos.dll 2016-03-25 16:08:13 F3CF4E9A48E3CE7011A8FF2E188D8208 344064 ----a-w- C:\Windows\Sysnative\schannel.dll 2016-03-25 16:08:13 02886B176A15FFAC7DFED97E59A7B227 880128 ----a-w- C:\Windows\Sysnative\advapi32.dll 2016-03-25 16:08:12 A78AC1497CCFF3966F50F164C33B18C4 422400 ----a-w- C:\Windows\Sysnative\KernelBase.dll 2016-03-25 16:08:12 9C3B66C746C71DCACD54841B7EAF3F3B 315392 ----a-w- C:\Windows\Sysnative\msv1_0.dll 2016-03-25 16:08:12 4E3E2F8EA0920FC793634479866C5198 1163264 ----a-w- C:\Windows\Sysnative\kernel32.dll 2016-03-25 16:08:11 DE8B9B1788ACCA1020CEEA8AA13B5A9E 686080 ----a-w- C:\Windows\Sysnative\adtschema.dll 2016-03-25 16:08:11 A1CD166DE0901E9199766A2B5A57B90F 312320 ----a-w- C:\Windows\Sysnative\ncrypt.dll 2016-03-25 16:08:11 0F72703FE77940E14E3E7522BFCB5A6A 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll 2016-03-25 16:08:10 EF6DF5EF674A3588D5BFB22A38426C95 503808 ----a-w- C:\Windows\Sysnative\srcore.dll 2016-03-25 16:08:10 E4315DDCF53CE9D123268BD2219B2423 86528 ----a-w- C:\Windows\Sysnative\TSpkg.dll 2016-03-25 16:08:10 DE4812AB2E6926D0FF2423F3B774585A 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll 2016-03-25 16:08:10 78F5915B2B03E7391B4282E20338D29A 243712 ----a-w- C:\Windows\Sysnative\wow64.dll 2016-03-25 16:08:09 E7D004C3EC24A3C2AD6FAF1855F29DC9 43520 ----a-w- C:\Windows\Sysnative\cryptbase.dll 2016-03-25 16:08:09 BAB3E8C0C2CFC7A9DC6A52615BC6064E 112640 ----a-w- C:\Windows\Sysnative\smss.exe 2016-03-25 16:08:09 AE92D51D6DF58C9D3C996ECC9262CBC9 210432 ----a-w- C:\Windows\Sysnative\wdigest.dll 2016-03-25 16:08:09 94C5B49D3E89CE9E02A6D6133A4F4321 338432 ----a-w- C:\Windows\Sysnative\conhost.exe 2016-03-25 16:08:09 3A3F7FD8FC36207D4261E1AA5BE2131F 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll 2016-03-25 16:08:09 1F7C02AC2950F0472B5C5FC368A52300 296960 ----a-w- C:\Windows\Sysnative\rstrui.exe 2016-03-25 16:08:08 7FB33A9A2E6B6D5CA9318668B95CA69C 30720 ----a-w- C:\Windows\Sysnative\lsass.exe 2016-03-25 16:08:08 7631804095CEB86A925DBE5102A27AFC 50176 ----a-w- C:\Windows\Sysnative\srclient.dll 2016-03-25 16:08:08 6AB9573BB3939ACF8D78552E03F85292 28160 ----a-w- C:\Windows\Sysnative\secur32.dll 2016-03-25 16:08:08 3381B6E84547D54E8DB78A0899AA2FE0 135680 ----a-w- C:\Windows\Sysnative\sspicli.dll 2016-03-25 16:08:08 1FA2CA8150B17250935A862913CC26B1 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll 2016-03-25 16:08:08 100D0A458DFC159E1FF274EA406BBEB2 146432 ----a-w- C:\Windows\Sysnative\msaudite.dll 2016-03-25 16:08:08 0B3256BA5B4D06C46773B0D22A8E4643 22016 ----a-w- C:\Windows\Sysnative\credssp.dll 2016-03-25 16:08:08 006E72FB24C9FF96DC30CB83964A5498 64000 ----a-w- C:\Windows\Sysnative\auditpol.exe 2016-03-25 16:08:07 E1E91CE6D3D6109561683844535E4178 28672 ----a-w- C:\Windows\Sysnative\sspisrv.dll 2016-03-25 16:08:06 ABE221DB1510A1878399C0692D64A0BF 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll 2016-03-25 16:08:05 F9E31A4B00A333EEC05A90EDCE4AC12A 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll 2016-03-25 16:08:03 A98E4419A0116848D449ECB1C308A5E3 60416 ----a-w- C:\Windows\Sysnative\msobjs.dll 2016-03-25 16:07:37 C63EFDE6CA3BA3FEFA4943DDF2051D4B 381440 ----a-w- C:\Windows\Sysnative\mfds.dll 2016-03-25 16:07:36 05FD1920E7D9965F33DBBBEE58387B24 3211264 ----a-w- C:\Windows\Sysnative\win32k.sys 2016-03-25 16:07:35 B8542140074D2B51FDC55E6907996CC4 82944 ----a-w- C:\Windows\Sysnative\dwmapi.dll 2016-03-25 16:07:35 502237267638281B1365D1F20082AECF 1632256 ----a-w- C:\Windows\Sysnative\dwmcore.dll 2016-03-24 22:23:35 6EDEA5EDF5AA979CB2A99617A8478AD3 2048 ----a-w- C:\Windows\Sysnative\tzres.dll 2016-03-24 22:23:14 2E730941CC5BF6200A4F56D1E9C24AAD 1743360 ----a-w- C:\Windows\Sysnative\sysmain.dll 2016-03-24 22:23:13 7ADF0CB99051D1E0DB7F65DA1D8099F1 11264 ----a-w- C:\Windows\Sysnative\msmmsp.dll 2016-03-24 22:22:55 87FEDB1FF42C3A10FFE2CE95AB2AF306 616360 ----a-w- C:\Windows\Sysnative\winresume.efi 2016-03-24 22:22:55 7A4064169FBA91F39DB1FDC094A18DA8 619056 ----a-w- C:\Windows\Sysnative\winload.exe 2016-03-24 22:22:55 73D81B5B4B2655CB1B5662E770F755D5 532176 ----a-w- C:\Windows\Sysnative\winresume.exe 2016-03-24 22:22:55 541B7C53EDA8F84790A593B13FB32E56 692672 ----a-w- C:\Windows\Sysnative\winload.efi 2016-03-24 22:22:54 B6C85437FDC8EC6464BE359D41BBC3F7 59392 ----a-w- C:\Windows\Sysnative\appidapi.dll 2016-03-24 22:22:54 B17B1E5FB5CE63DA4DB4D49E3683487F 17920 ----a-w- C:\Windows\Sysnative\appidcertstorecheck.exe 2016-03-24 22:22:54 ABC373B9C6275D45F17DB559408FFD1B 32768 ----a-w- C:\Windows\Sysnative\appidsvc.dll 2016-03-24 22:22:54 999A7FD4D9F8B1656F1167D94743E50A 457400 ----a-w- C:\Windows\Sysnative\ci.dll 2016-03-24 22:22:54 7503BAD9B2A08B8A95319F7C0CA9F869 63488 ----a-w- C:\Windows\Sysnative\setbcdlocale.dll 2016-03-24 22:22:54 7030F95F994B2F2CCC1C521E342369DB 147456 ----a-w- C:\Windows\Sysnative\appidpolicyconverter.exe 2016-03-24 22:22:42 D9A91A779B5059E72D7FAD2B38275EA4 3242496 ----a-w- C:\Windows\Sysnative\msi.dll 2016-03-24 22:22:42 81CB8D34112178CE1826C86BA5F268C3 128000 ----a-w- C:\Windows\Sysnative\msiexec.exe 2016-03-24 22:22:41 CDAD406033C31DB34185DDAECDD35FE2 504320 ----a-w- C:\Windows\Sysnative\msihnd.dll 2016-03-24 22:22:41 91593D4FB7D89249014564A5F3EC389B 25088 ----a-w- C:\Windows\Sysnative\msimsg.dll 2016-03-24 22:22:27 D4FB2E00F49711C9DD3E2C2646D7C767 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll 2016-03-24 22:22:24 E9DE8D0A3A7306AF26B25F52F13A9234 23552 ----a-w- C:\Windows\Sysnative\sdbinst.exe 2016-03-24 22:22:24 BBD257696E3FB0B8B1D3C115072116C6 6656 ----a-w- C:\Windows\Sysnative\shimeng.dll 2016-03-24 22:22:24 262D7C87D0AC20B96EF9877D3CA478A0 72192 ----a-w- C:\Windows\Sysnative\aelupsvc.dll 2016-03-24 22:22:24 07EAEA9D3E09340E64918EED526A5FFE 342016 ----a-w- C:\Windows\Sysnative\apphelp.dll 2016-03-24 22:22:23 C969B7F33F3C47103D302AC086A54483 14336 ----a-w- C:\Windows\Sysnative\dciman32.dll 2016-03-24 22:22:23 C8B4E3DBD1D0A6E5819AA8F546945504 41472 ----a-w- C:\Windows\Sysnative\lpk.dll 2016-03-24 22:22:23 8203AC96912496988983FF7D527D8390 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll 2016-03-24 22:22:23 39092B766B0C28E9C7C4F1B2D5A89B3A 372736 ----a-w- C:\Windows\Sysnative\atmfd.dll 2016-03-24 22:22:23 1CEF42611A2449A85C74429B81EA0809 100864 ----a-w- C:\Windows\Sysnative\fontsub.dll 2016-03-24 22:22:15 ED824E1EAE1C16C5B1902213FE093CED 41984 ----a-w- C:\Windows\Sysnative\UtcResources.dll 2016-03-24 22:22:15 EC3F433D00365F1A9BC3411BCA7C7140 1390592 ----a-w- C:\Windows\Sysnative\diagtrack.dll 2016-03-24 22:22:13 3B5D6CAC765E86BE07AA7959A35D553C 879104 ----a-w- C:\Windows\Sysnative\tdh.dll 2016-03-24 22:21:55 B32189BDFF6E577A92BAA61AD49264E6 193536 ----a-w- C:\Windows\Sysnative\notepad.exe 2016-03-24 22:21:51 764747F8F08CE69ECC36C6E2D0AE43B1 1112576 ----a-w- C:\Windows\Sysnative\rdpcorets.dll 2016-03-24 22:21:50 D5A447E642518F5A2F3950CEA9ECD6DE 162816 ----a-w- C:\Windows\Sysnative\rdpudd.dll 2016-03-24 22:21:49 D33DF59002203FED8DE6087256DFDE89 624640 ----a-w- C:\Windows\Sysnative\qedit.dll 2016-03-24 22:21:46 3EA5DA3F459F6ED19E10166965F6892F 70656 ----a-w- C:\Windows\Sysnative\appinfo.dll 2016-03-24 22:21:46 2E0A046F24D89C807B10FE3D202F1238 115136 ----a-w- C:\Windows\Sysnative\consent.exe 2016-03-24 22:21:38 C7E50B04623FC6FF54EAF88938A8936E 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe 2016-03-24 22:21:36 FF5D49FAA86DBD9033DABC1ABCEA3429 1232896 ----a-w- C:\Windows\Sysnative\WMADMOD.DLL 2016-03-24 22:21:36 5BAEB6D045DA253787F3F1984B712835 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL 2016-03-24 22:21:36 27221616A71A25E0B7065926FCC417A7 1307136 ----a-w- C:\Windows\Sysnative\msmpeg2adec.dll 2016-03-24 22:21:35 5EA57A6AD59D0785C9A390DF14736899 978944 ----a-w- C:\Windows\Sysnative\WMSPDMOD.DLL 2016-03-24 22:21:35 55C3F89354C086EFFF1C5AAD1E808134 1160192 ----a-w- C:\Windows\Sysnative\MSMPEG2ENC.DLL 2016-03-24 22:21:34 E6A0093D872D860BEA437DF6C666DF89 632320 ----a-w- C:\Windows\Sysnative\evr.dll 2016-03-24 22:21:34 BF9CFEE3D22CE61E5B57C9B8A14F172D 1026048 ----a-w- C:\Windows\Sysnative\wmpmde.dll 2016-03-24 22:21:34 B7CBAC1F4175C1D59B197020268A290B 1153024 ----a-w- C:\Windows\Sysnative\WMADMOE.DLL 2016-03-24 22:21:34 91E1D7BE8513032B5CCA26AFD0BF0ADC 666112 ----a-w- C:\Windows\Sysnative\WMVSDECD.DLL 2016-03-24 22:21:34 82AB148A0E747855F83F332FC83B254F 1573888 ----a-w- C:\Windows\Sysnative\quartz.dll 2016-03-24 22:21:34 759DF4479855EED0D78249798325D373 1955328 ----a-w- C:\Windows\Sysnative\WMVENCOD.DLL 2016-03-24 22:21:34 530B3A72692DB253DE8BB8E8C11468DD 1010688 ----a-w- C:\Windows\Sysnative\mcmde.dll 2016-03-24 22:21:34 3B6466686CDC57453592E6188C3FA4DC 4121600 ----a-w- C:\Windows\Sysnative\mf.dll 2016-03-24 22:21:33 DB018B9F38BC34E9AE21C01448E810D2 1575424 ----a-w- C:\Windows\Sysnative\WMSPDMOE.DLL 2016-03-24 22:21:33 D66AE152C1EE7DA2548EC2AF4203025D 653824 ----a-w- C:\Windows\Sysnative\MP4SDECD.DLL 2016-03-24 22:21:33 BEFEDC65A88D44153983455C699F81C8 100864 ----a-w- C:\Windows\Sysnative\MP3DMOD.DLL 2016-03-24 22:21:33 B62CEF4A731EE983D440804A2B9DA0B1 642048 ----a-w- C:\Windows\Sysnative\WMVXENCD.DLL 2016-03-24 22:21:33 A64D697EA82530530693AA2102FCA420 292352 ----a-w- C:\Windows\Sysnative\VIDRESZR.DLL 2016-03-24 22:21:33 9A2DCBE0A803AF0DF58D8B3EB041065E 447488 ----a-w- C:\Windows\Sysnative\WMVSENCD.DLL 2016-03-24 22:21:33 9524717B1B183A066E0516BFF2888D51 70144 ----a-w- C:\Windows\Sysnative\mfvdsp.dll 2016-03-24 22:21:33 6C6CF29B05DBCA772AED1551AF0DF6DF 76288 ----a-w- C:\Windows\Sysnative\devenum.dll 2016-03-24 22:21:33 65BA8738CC3C21C62E746A1DDF04EC74 223744 ----a-w- C:\Windows\Sysnative\MP43DECD.DLL 2016-03-24 22:21:33 60957C2BD1C03CF395006FDBC29D2569 189952 ----a-w- C:\Windows\Sysnative\COLORCNV.DLL 2016-03-24 22:21:33 3AECE087DB6F663C2B7F538C81C60F64 432128 ----a-w- C:\Windows\Sysnative\mfplat.dll 2016-03-24 22:21:33 2A8760952F296D6208FE5FC358ECD59A 484864 ----a-w- C:\Windows\Sysnative\MFWMAAEC.DLL 2016-03-24 22:21:33 294B7F30B70E0D7867F5EB69E630884A 225792 ----a-w- C:\Windows\Sysnative\RESAMPLEDMO.DLL 2016-03-24 22:21:33 18A11A96B3C1C9E2FD1E6137C8BD4018 224768 ----a-w- C:\Windows\Sysnative\MPG4DECD.DLL 2016-03-24 22:21:32 D624DE0DED716916F69D495807C9D787 254464 ----a-w- C:\Windows\Sysnative\qasf.dll 2016-03-24 22:21:32 C62B3D8C69437192AA58AD6E380E4BC3 371712 ----a-w- C:\Windows\Sysnative\qdvd.dll 2016-03-24 22:21:32 ACA7F078CAD7D225D4F2D973C9812225 250880 ----a-w- C:\Windows\Sysnative\ksproxy.ax 2016-03-24 22:21:32 A54381C84F3CEBF4D339778339D141F0 2777088 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll 2016-03-24 22:21:32 8B995A315448ABFC6E41A200079E7DBA 55808 ----a-w- C:\Windows\Sysnative\rrinstaller.exe 2016-03-24 22:21:32 6727B79444C3C8362DB4045E86152707 206848 ----a-w- C:\Windows\Sysnative\mfps.dll 2016-03-24 22:21:32 2F0BA9348CB8D62FF8C28B4B83D57FA3 378880 ----a-w- C:\Windows\Sysnative\SysFxUI.dll 2016-03-24 22:21:31 A2877C3165FCD229D1BFC9CC4FFC2B2E 2048 ----a-w- C:\Windows\Sysnative\mferror.dll 2016-03-24 22:21:31 777654DB4C306B22A5A54690A258650D 24576 ----a-w- C:\Windows\Sysnative\mfpmp.exe 2016-03-24 22:21:31 6D21051C8EA17C1DD0A6FD07CCAB8232 5120 ----a-w- C:\Windows\Sysnative\ksuser.dll 2016-03-24 22:21:30 A19623BDD61E66A12AB53992002B4F3A 30720 ----a-w- C:\Windows\Sysnative\seclogon.dll 2016-03-24 22:21:27 FDE5C7F271A8424B019EEFDAFD8CBD75 2004480 ----a-w- C:\Windows\Sysnative\msxml6.dll 2016-03-24 22:21:27 F06A3A6A49F6E059D6727A215A8FAA70 1887232 ----a-w- C:\Windows\Sysnative\msxml3.dll 2016-03-24 22:21:27 A25E5E8A16E0BA2A74390EA63319BE1D 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll 2016-03-24 22:21:27 3940461513FE8C7D94D76CCDBC783B93 2048 ----a-w- C:\Windows\Sysnative\msxml6r.dll 2016-03-24 22:21:19 E8089A2512554E3C97423D89F3253CD0 2085888 ----a-w- C:\Windows\Sysnative\ole32.dll 2016-03-24 22:21:18 BA6F0BC094ABBB9EFA3BB636D032C403 299632 ----a-w- C:\Windows\Sysnative\bcryptprimitives.dll 2016-03-24 22:20:59 E88A78273D429554B6B2D2BDA945ED9B 1067520 ----a-w- C:\Windows\Sysnative\msctf.dll 2016-03-24 22:20:53 EC51D04CF0ED31C8B0FDEB00A7155596 723968 ----a-w- C:\Windows\Sysnative\EncDec.dll 2016-03-24 22:20:53 3D0AB0FA5B425420B6F6AD261874200D 961024 ----a-w- C:\Windows\Sysnative\CPFilters.dll 2016-03-24 22:20:50 C66C5B5793F458807AE043E73440EB47 159744 ----a-w- C:\Windows\Sysnative\mtxoci.dll 2016-03-24 22:20:34 BE2A89D0652666AE9DE606B1063DBF01 14179840 ----a-w- C:\Windows\Sysnative\shell32.dll 2016-03-24 22:20:33 AEDC4464B75A44811F18A312392E4B22 1866752 ----a-w- C:\Windows\Sysnative\ExplorerFrame.dll 2016-03-24 22:20:33 94B4047E4646C15B893271BAA6A55953 1940992 ----a-w- C:\Windows\Sysnative\authui.dll 2016-03-24 22:20:21 4EA9F4738CE519E3D8C31A41AE2DE822 14634496 ----a-w- C:\Windows\Sysnative\wmp.dll 2016-03-24 22:20:19 E6F065C2A34AE8768E355D23A2BE5A63 12625920 ----a-w- C:\Windows\Sysnative\wmploc.DLL 2016-03-24 22:20:19 D341F4F570658CDBB660FC3A1D5F762D 5120 ----a-w- C:\Windows\Sysnative\msdxm.ocx 2016-03-24 22:20:19 D341F4F570658CDBB660FC3A1D5F762D 5120 ----a-w- C:\Windows\Sysnative\dxmasf.dll 2016-03-24 22:20:19 8ABE421AE8A49EA9EAF8E7BC455F138B 9728 ----a-w- C:\Windows\Sysnative\spwmp.dll 2016-03-24 22:20:18 0A4D03A4C0F908B15B8A4C48FB18F197 1424896 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll 2016-03-24 22:20:14 AD46BED774CF502E9C0100CFC29C1F82 405504 ----a-w- C:\Windows\Sysnative\gdi32.dll 2016-03-24 22:20:14 218D2848CDDE80DD9AF72D5DD78F225C 241664 ----a-w- C:\Windows\Sysnative\els.dll 2016-03-24 22:20:13 745DE455E02693423B1B78F448D52961 79360 ----a-w- C:\Windows\Sysnative\clfsw32.dll 2016-03-24 22:20:13 404B7DF9CA4D1CB675045AF220FF3285 367552 ----a-w- C:\Windows\Sysnative\clfs.sys 2016-03-24 22:02:41 FE323BDBE00DB71740D5C3A47359B823 76800 ----a-w- C:\Windows\Sysnative\acmigration.dll 2016-03-24 22:02:41 F809935C814853C159F97F5809A8A278 1373184 ----a-w- C:\Windows\Sysnative\appraiser.dll 2016-03-24 22:02:41 C96B880CE00D71939A9E982307589029 210432 ----a-w- C:\Windows\Sysnative\aepic.dll 2016-03-24 22:02:41 89333E9BCD30DF68821C8DB1D8534971 1168896 ----a-w- C:\Windows\Sysnative\aeinv.dll 2016-03-24 22:02:41 84E7911058EC06ACDF1E79EC14F13200 38336 ----a-w- C:\Windows\Sysnative\CompatTelRunner.exe 2016-03-24 22:02:41 6639BE7D8BFD124CBC51D5E3668D695D 499200 ----a-w- C:\Windows\Sysnative\devinv.dll 2016-03-24 22:02:41 63ABD1E5E37D096A54A383CB5F12D1A7 689152 ----a-w- C:\Windows\Sysnative\generaltel.dll 2016-03-24 22:02:41 4A4C972237F6F087021AA0F43CD9B41D 696832 ----a-w- C:\Windows\Sysnative\invagent.dll 2016-03-24 22:02:25 CBA2694BFC61F371181F2BE2BCD66C40 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll ====== C:\Windows\Sysnative\drivers ===== 2016-03-25 16:12:30 D029DD09E22EB24318A8FC3D8138BA43 91648 ----a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS 2016-03-25 16:11:56 ED6E75158D28D33A2E2A020AC5B2B59D 663552 ----a-w- C:\Windows\Sysnative\drivers\PEAuth.sys 2016-03-25 16:09:34 47B2D0B31BDC3EBE6090228E2BA3764D 1684416 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys 2016-03-25 16:09:33 5BD6B1EC997FF3DD779D62E05D2079A8 146944 ----a-w- C:\Windows\Sysnative\drivers\rmcast.sys 2016-03-25 16:08:11 CC1B3B52F33CBC1CE60867DA4E23537C 154560 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys 2016-03-25 16:08:11 8856E45D23BFF4D977BF06D0543BCD96 290816 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb10.sys 2016-03-25 16:08:10 8D383CED28332B5F3894658857472F47 129024 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb20.sys 2016-03-25 16:08:10 07F8F6B0CAEC7ADD30EBD94940A315D7 159232 ----a-w- C:\Windows\Sysnative\drivers\mrxsmb.sys 2016-03-25 16:08:09 211A379BAAB812A7B437319BD85B2435 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys 2016-03-24 22:23:39 D7ADC2B83CA0B0381F75A98351F72CEE 141312 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys 2016-03-24 22:23:14 67050452C0118BAF2883928E6FCCFE47 94656 ----a-w- C:\Windows\Sysnative\drivers\mountmgr.sys 2016-03-24 22:22:54 27DABFB4A6B0140C34DBEC713469592B 61440 ----a-w- C:\Windows\Sysnative\drivers\appid.sys 2016-03-24 22:22:45 AA77EB517D2F07A947294F260E3ACA83 118272 ----a-w- C:\Windows\Sysnative\drivers\tdx.sys 2016-03-24 22:22:45 9A4A1EEE802BF2F878EE8EAB407B21B7 497664 ----a-w- C:\Windows\Sysnative\drivers\afd.sys 2016-03-24 22:21:50 065F79543D7999EC28B687F87E96B803 20992 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys 2016-03-24 22:21:31 C51B07394A087DA666A410DBFD26663A 116736 ----a-w- C:\Windows\Sysnative\drivers\drmk.sys 2016-03-24 22:21:31 647599CAE8CA0EF2FB09C4B150BC97FF 230400 ----a-w- C:\Windows\Sysnative\drivers\portcls.sys 2016-03-24 22:21:31 26FE888505E5A945B0536AF9A2A27A6F 5632 ----a-w- C:\Windows\Sysnative\drivers\drmkaud.sys 2016-03-24 22:21:29 36E0DDD19038C92B7C7709BFA03F813F 69888 ----a-w- C:\Windows\Sysnative\drivers\stream.sys 2016-03-24 22:21:28 F61634BEC53F73702A10DE69F6DCAF57 754688 ----a-w- C:\Windows\Sysnative\drivers\http.sys 2016-03-24 22:21:19 EC0511BB85BAA42A9734011685A6732C 460776 ----a-w- C:\Windows\Sysnative\drivers\cng.sys 2016-03-24 22:20:17 F7309F42555F8AAB7144A51A1F2585B0 950720 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys ====== C:\Windows\Tasks ====== 2016-03-24 20:17:57 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform 2016-03-15 10:13:53 6A0FADD617BC13DA072FA9AE0A03B9AF 4224 ----a-w- C:\Windows\Sysnative\Tasks\AMD Updater ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2016-03-26 10:27:21 -------- d-----w- C:\Program Files\OBS 2016-03-26 10:11:58 -------- d-----w- C:\Program Files\Microsoft Silverlight 2016-03-24 20:16:48 -------- d-----w- C:\Program Files\Microsoft Office 2016-03-24 19:38:05 -------- d-----w- C:\Program Files\trend micro ======= C:\PROGRA~2 ===== 2016-03-30 18:12:09 -------- d-----w- C:\PROGRA~2\COMMON~1\Skype 2016-03-26 10:27:15 -------- d-----w- C:\PROGRA~2\OBS 2016-03-26 10:11:58 -------- d-----w- C:\PROGRA~2\Microsoft Silverlight 2016-03-24 20:19:27 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER 2016-03-24 20:19:07 -------- d-----w- C:\PROGRA~2\Microsoft Synchronization Services 2016-03-24 20:18:55 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server Compact Edition 2016-03-24 20:17:15 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio 8 2016-03-24 20:16:34 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services 2016-03-24 20:15:54 -------- d-----w- C:\PROGRA~2\Microsoft Office 2016-03-15 10:11:48 -------- d-----w- C:\PROGRA~2\Raptr Inc 2016-03-10 17:06:41 -------- d-----w- C:\PROGRA~2\CADdy++ - SEE Electrical School 2016-03-06 14:21:11 -------- d-----w- C:\PROGRA~2\ezvid ======= ===== ====== C:\Users\deckx\AppData\Roaming ====== 2016-03-31 18:15:45 -------- d-----w- C:\Users\Safe\AppData\Local\SkypePlugin 2016-03-27 11:51:22 -------- d-----w- C:\Users\Safe\AppData\Local\GWX 2016-03-26 10:28:02 -------- d-----w- C:\Users\Safe\AppData\Roaming\OBS 2016-03-26 10:27:29 -------- d-----w- C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software 2016-03-24 20:15:58 -------- d-----w- C:\Users\deckx\AppData\Local\Microsoft Help 2016-03-15 10:15:26 -------- d-----w- C:\Users\Safe\AppData\Roaming\PlaysTV 2016-03-15 10:12:13 -------- d-----w- C:\Users\deckx\AppData\Roaming\PlaysTV 2016-03-15 10:11:38 -------- d-----w- C:\Users\deckx\AppData\Roaming\Raptr 2016-03-14 21:31:37 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm 2016-03-14 19:05:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking 2016-03-11 19:23:43 -------- d-----w- C:\Users\Safe\AppData\Roaming\LolClient 2016-03-11 18:32:41 -------- d-----w- C:\Users\Safe\AppData\Roaming\Riot Games 2016-03-06 14:21:29 391BBDE88AE130EC95F38C40DFCE27E6 3584 ----a-w- C:\Users\Safe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-03-06 14:21:29 -------- d-----w- C:\Users\Safe\AppData\Local\ezvid,_inc ====== C:\Users\deckx ====== 2016-03-31 09:41:30 -------- d-----w- C:\ProgramData\Electronic Arts 2016-03-30 18:07:28 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2016-03-26 10:26:34 B68F9B7265BD7BF1701AA1C034D7D75B 68037144 ----a-w- C:\Users\Safe\Downloads\OBS_0_657b_With_Browser_Installer.exe 2016-03-26 10:12:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-03-24 20:19:40 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint 2016-03-24 20:19:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-03-24 20:15:54 -------- d-----w- C:\ProgramData\Microsoft Help 2016-03-24 19:27:32 -------- d-----w- C:\ProgramData\ATI 2016-03-24 19:18:05 0D217E002070482EE582C4AE59BAF5ED 486870 ----a-w- C:\Users\Safe\Downloads\dc-setup.exe 2016-03-15 10:12:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved 2016-03-15 10:11:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings 2016-03-11 18:36:21 -------- d-----w- C:\ProgramData\Riot Games 2016-03-11 18:35:29 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends 2016-03-10 17:06:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CADdy++ - SEE Electrical School 2016-03-06 14:21:16 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid ====== C: exe-files == 2016-04-01 08:35:11 D27C8C88CEB69075465B41DA6ECF3374 835664 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe 2016-03-31 09:45:46 FBEE0A4C83E5907589EC52D24E8BE1F0 7534912 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP09\TS3SP09.exe 2016-03-31 09:45:46 75095C796D8FCFE635C7232656D3706D 7645504 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP04\TS3SP04.exe 2016-03-31 09:45:46 5FBFCF1054658D5C9D67858E5788CD56 7641408 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP05\TS3SP05.exe 2016-03-31 09:45:46 4C88C0C7F004440D8788226872551EF3 7530816 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP08\TS3SP08.exe 2016-03-31 09:45:46 47D5BB96F7743D410C964748BDE0ECF2 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP06\TS3SP06.exe 2016-03-31 09:45:46 07333F6D7C5444D7E5672011730704F3 7547200 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP07\TS3SP07.exe 2016-03-31 09:45:45 B5B4C3734340D26A86B6A8AE679EA24A 7518528 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP09\TS3EP09.exe 2016-03-31 09:45:45 AE9B007A053C54358598F7E8A89675B0 7559488 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP03\TS3SP03.exe 2016-03-31 09:45:45 72105BD2E825D77F4E2226DDF9EB0564 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP01\TS3SP01.exe 2016-03-31 09:45:45 5EFAD2FCC681E02F42014AE3C9D66CC8 7608640 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP11\TS3EP11.exe 2016-03-31 09:45:45 3FBB1FEF2DC0D21F870407685BEF3241 7612736 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP10\TS3EP10.exe 2016-03-31 09:45:45 2781F21FEF8C5A6FF52B694162893135 7551296 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3SP02\TS3SP02.exe 2016-03-31 09:45:44 F17D8A9DE1A84052CEB3A8E1D093DE4F 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP03\TS3EP03.exe 2016-03-31 09:45:44 EEC2D79BD64F3D9C513EB8CD833BEC37 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP04\TS3EP04.exe 2016-03-31 09:45:44 D0ED6FEB24074411CF6E3421CCA1F393 7530816 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP08\TS3EP08.exe 2016-03-31 09:45:44 97874994F66C87039A62CD7FB751A96F 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP07\TS3EP07.exe 2016-03-31 09:45:44 783C40E131E58897C8FDF179B03D1779 7547200 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP06\TS3EP06.exe 2016-03-31 09:45:44 3EE77D3D89945C002BD922CE2A96BB62 7559488 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP05\TS3EP05.exe 2016-03-31 09:45:43 E897CD2D0900D4D15F47B04453616C70 7559488 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP02\TS3EP02.exe 2016-03-31 09:45:43 82E4727B71AA02CB698FCA819A5D1976 7555392 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3\TS3.exe 2016-03-31 09:45:43 66CB5848D3509A36F12201BE285A5DE3 7551296 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Packs\TS3EP01\TS3EP01.exe 2016-03-31 09:45:35 DC1E2ABE1FE4F3CA48B2A1E04BE4E01C 14514496 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\TS3W.exe 2016-03-31 09:45:35 17FB64294969C90474EA256941536A13 1562944 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\Sims3LauncherW.exe 2016-03-31 09:44:54 BC49243557991AC42FCC01B8E3BB05D2 393216 ------w- C:\Program Files (x86)\InstallShield Installation Information\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\1.67.2\setup.exe 2016-03-31 09:44:54 9785B6EFB0EAADD1AAE9B87B6A42F406 108864 ----a-w- C:\Program Files (x86)\Electronic Arts\De Sims 3\Game\Bin\S3Launcher.exe 2016-03-31 09:41:10 8806DA99699ABA1F1D04B79A6D373984 177202 ----a-w- C:\Program Files (x86)\Electronic Arts\EADM\Uninstall.exe 2016-03-31 07:47:57 ACDDDCD662CF23936178DCDCE4473D18 3225688 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\49.0.2623.110\49.0.2623.110_49.0.2623.87_chrome_updater.exe === C: other files == 2016-04-03 14:19:39 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server3.raptr.com 2016-04-01 08:34:13 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server7.raptr.com 2016-03-31 23:22:49 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server8.raptr.com 2016-03-31 09:40:20 A842B48277A2D8645A37B9F596838D2A 1230 ----a-w- C:\Users\Safe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1U8MSMQ2\flXHR[1].vbs 2016-03-31 07:40:30 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server4.raptr.com 2016-03-30 19:34:52 230593AEE526D82AFB17F25B70258374 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-3377807318-2724434003-2614323792-1005\$IW212FY.zip 2016-03-30 19:23:07 76401A46739D5061AD64C025A0BD0D2B 69397 ----a-w- C:\$Recycle.Bin\S-1-5-21-3377807318-2724434003-2614323792-1005\$RW212FY.zip 2016-03-30 18:28:16 274E9C23D9496BAE758F25BFED5BA1BD 19516 ----a-w- C:\Users\Safe\Documents\My Games\FarmingSimulator2015\mods\AnimalWaterHUD.zip 2016-03-30 18:27:08 13CE847BCB8CC2BD758E47EB20D1B899 26754 ----a-w- C:\Users\Safe\Documents\My Games\FarmingSimulator2015\mods\Inspector_V24.zip 2016-03-30 18:06:12 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server5.raptr.com 2016-03-30 16:56:18 6D82EB58ED232986301E4551714E6C14 770794 ----a-w- C:\Users\Safe\Documents\My Games\FarmingSimulator2015\mods\ZZZ_courseplay.zip 2016-03-27 16:44:35 B5BBC86645A135B13E6B41C5B0E7DE2D 1217 ----a-w- C:\Users\Safe\AppData\Roaming\Raptr\data\raptrguestg86klaoo\config\certificates\x509\tls_peers\xmpp-server6.raptr.com ==== Orphaned Tasks deleted from Registry ====================== ProPCCleaner_Popup deleted ProPCCleaner_Start deleted ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-3377807318-2724434003-2614323792-1000\Software\Microsoft\Windows\CurrentVersion\Run] "RGSC"="C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun" "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" [HKEY_USERS\S-1-5-21-3377807318-2724434003-2614323792-1005\Software\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-3377807318-2724434003-2614323792-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe -update activex" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "Aeria Ignite"="C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe silent" "PlaysTV"="C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe --startup" "Raptr"="C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup" "BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "RGSC"="C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent" "DAEMON Tools Lite Automount"="C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun" "EA Core"="C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe -update activex" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s" "StartCN"="C:\Program Files\AMD\CNext\CNext\cnext.exe atlogon" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "MSPCLOCK"="rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}" "MSPQM"="rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}" "MSKSSRV"="rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}" "MSTEE.CxTransform"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install" "MSTEE.Splitter"="rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install" "WDM_DRMKAUD"="rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install" ==== Startup Registry Disabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RGSC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RGSC" "hkey"="HKCU" "command"="C:\\Program Files (x86)\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe /silent" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Skype" "hkey"="HKCU" "command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun" ==== Task Scheduler Jobs ====================== C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/02/2015 16:50] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 21:20] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [29/08/2015 21:20] ==== Other Scheduled Tasks ====================== "C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe] "C:\Windows\SysNative\tasks\AMD Updater" ["C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe"] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe] "C:\Windows\SysNative\tasks\Minecraft Checksum Validator" [C:\Program] "C:\Windows\SysNative\tasks\{015D44F5-2E15-43B1-B934-1C9090AFA537}" [C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe] "C:\Windows\SysNative\tasks\{C0D68CA8-984B-408C-A1BB-55CC30E9C653}" [C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe] "C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc] ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[08/01/2016 11:47] Google Slides - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Google Docs Offline - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Skype - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Chrome Web Store Payments - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - deckx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia Belfius Smart Card Reader Chrome Extension - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\agicnfmechmlphpjmeefookfjhifbmhi Skype Calling - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij YouTube - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo PS2 Alerts - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\bondapheaemfkkiabfjnhdempfmnikcg selector is not a valid CSS selector - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb Google Search - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Skype - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl Tribal Wars Time Extension - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lljnlokhllljaokggocinhlomnfnmgpo Chrome Web Store Payments - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - Safe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== Chromium Fix ====================== C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.lyricsfreak.com_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.metrolyrics.com_0.localstorage deleted successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage deleted successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.azlyrics.com_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.360yield.com_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Use Search Asst"="yes" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "Default"="www.google.com" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://www.google.com" "SearchAssistant"="http://www.google.com" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Use Search Asst"="no" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl] "(Default)"="http://search.msn.com/results.asp?q=%s" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search] "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Safe\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\Safe\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully C:\Users\Safe\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\deckx\Desktop\Alliance of Valiant Arms.lnk - C:\AeriaGames\AVA\aeria_launcher.exe av C:\Users\deckx\Desktop\COD MW3.lnk - C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe C:\Users\deckx\Desktop\Farming Simulator 15 Gold Edition.lnk - C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe C:\Users\deckx\Desktop\FurMark.lnk - C:\Program Files (x86)\Geeks3D\Benchmarks\FurMark_1.9.1\FurMark.exe C:\Users\deckx\Desktop\Need for Speed - Rivals (x64).lnk - C:\Program Files (x86)\R.G. Mechanics\Need for Speed - Rivals\NFS14.exe C:\Users\deckx\Desktop\Open Broadcaster Software.lnk - C:\Program Files (x86)\OBS\OBS.exe C:\Users\deckx\Desktop\PlanetSide 2.lnk - C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.exe C:\Users\deckx\Desktop\Real Time Stat Tracker.lnk - C:\Program Files (x86)\Recursion\RealTimeStatTracker\RTST.exe C:\Users\Safe\Desktop\COD MW3.lnk - C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe C:\Users\Safe\Desktop\FarmingSimulator2015.lnk - C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe C:\Users\Safe\Desktop\Open Broadcaster Software.lnk - C:\Program Files (x86)\OBS\OBS.exe C:\Users\Safe\Desktop\PlanetSide 2.lnk - C:\Users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\LaunchPad.exe C:\Users\Safe\Desktop\Play Need for Speed - Rivals (x32).lnk - C:\Program Files (x86)\R.G. Mechanics\Need for Speed - Rivals\NFS14_x86.exe C:\Users\Safe\Desktop\WarThunder.lnk - C:\Users\Safe\AppData\Local\WarThunder\launcher.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Aeria Ignite.lnk - C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe C:\Users\Public\Desktop\CADdy++ - SEE Electrical schoolversie.lnk - C:\Program Files (x86)\CADdy++ - SEE Electrical School\CAEManager.exe C:\Users\Public\Desktop\CPUID HWMonitor.lnk - C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLauncher.exe C:\Users\Public\Desktop\De Sims™ 3.lnk - C:\Users\Public\Desktop\EA Download Manager.lnk - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe C:\Users\Public\Desktop\ezvid.lnk - C:\Program Files (x86)\ezvid\ezvid.exe C:\Users\Public\Desktop\Fraps.lnk - C:\Fraps\fraps.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Grand Theft Auto IV.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe C:\Users\Public\Desktop\GTA San Andreas.lnk - C:\Program Files (x86)\Rockstar Games\GTA San Andreas\gta_sa.exe C:\Users\Public\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe C:\Users\Public\Desktop\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Minecraft.lnk - C:\Program Files (x86)\.minecraft\Minecraft Launcher.exe C:\Users\Public\Desktop\OpenTTD.lnk - C:\Program Files\OpenTTD\openttd.exe C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Public\Desktop\Prison Architect.lnk - C:\GOG Games\Prison Architect\Prison Architect.exe C:\Users\Public\Desktop\Rockstar Games Social Club.lnk - C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\Stranded II.lnk - C:\Stranded II\StrandedII.exe C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe C:\Users\Public\Desktop\TeamViewer 11.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\Public\Desktop\World of Tanks.lnk - C:\Games\World_of_Tanks\WoTLauncher.exe C:\Users\Public\Desktop\XSplit Broadcaster.lnk - C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe C:\Users\Public\Desktop\XSplit Gamecaster.lnk - C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe ==== shortcuts in Users Start Menu ====================== C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (32bit).lnk - C:\Program Files (x86)\OBS\OBS.exe C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Open Broadcaster Software (64bit).lnk - C:\Program Files\OBS\OBS.exe C:\Users\deckx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software\Uninstall.lnk - C:\Program Files (x86)\OBS\uninstall.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Download Manager.lnk - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved\AMD Gaming Evolved.lnk - C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk - C:\Program Files (x86)\AMD\CNext\CNext\cnext.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CADdy++ - SEE Electrical School\CADdy++ - SEE Electrical Help.lnk - C:\Program Files (x86)\CADdy++ - SEE Electrical School\CAEMANAGER.HLP C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CADdy++ - SEE Electrical School\CADdy++ - SEE Electrical schoolversie.lnk - C:\Program Files (x86)\CADdy++ - SEE Electrical School\CAEManager.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\HWMonitor.lnk - C:\Program Files\CPUID\HWMonitor\HWMonitor.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\HWMonitor\Uninstall HWMonitor.lnk - C:\Program Files\CPUID\HWMonitor\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid\ezvid log.lnk - C:\Users\deckx\Documents\ezvid\errors\errorlog.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid\ezvid.lnk - C:\Program Files (x86)\ezvid\ezvid.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ezvid\uninstall ezvid.lnk - C:\Windows\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Fraps.lnk - C:\Fraps\fraps.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps\Uninstall.lnk - C:\Fraps\uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Prison Architect.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Prison Architect\Prison Architect.lnk - C:\GOG Games\Prison Architect\Prison Architect.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com\Prison Architect\Uninstall Prison Architect.lnk - C:\GOG Games\Prison Architect\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe /design C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\License_en_US.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\doc\UserManual.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe ==== shortcuts in Quick Launch ====================== C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\XSplit Broadcaster.lnk - C:\Program Files (x86)\SplitmediaLabs\XSplit Broadcaster\XSplit.Core.exe C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\deckx\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Farming Simulator 15 Gold Edition.lnk - C:\Program Files (x86)\Farming Simulator 2015\FarmingSimulator2015.exe C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Safe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe ==== Uninstall List x64 ====================== æTorrent [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent] 7-Zip 9.20 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip] Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E94EFAB6-653F-4837-9E8A-F6377CA1EC0D}] Aeria Ignite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE2D627E-D7E0-46EA-93A6-8583420285FA}] Aeria Ignite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Aeria Ignite 1.13.3296] Aeria Ignite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Aeria Ignite] Alliance of Valiant Arms [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Alliance of Valiant Arms] AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8F2415FA-72F2-F029-0450-4EB2FAE484C5}] AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A2AC0D43-9788-B1BD-B2A8-EFC758916BB1}] AMD Fuel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{AA20E9E6-96D0-C201-E44D-F7D921F595FD}] AMD Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3A6B2719-1BD0-D01A-3F65-269955A3B21B}] AMD Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AMD Catalyst Install Manager] AMD Radeon Settings [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DEE5903A-E570-D884-8B6B-5A076A79212C}] AMD Settings - Branding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{78ACE60E-0CB7-4935-BCD4-F33422105607}] AMD Settings [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA274218-25A7-BC16-1995-42111EE7371E}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{426582A8-202F-D13C-8BD5-F00551BAFC93}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{630E5EF7-72F8-9E5D-BEF5-ED85B698E160}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BA1148A3-F4E1-23E4-8DC8-88B6E0E9BDBF}] AMD Wireless Display v3.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C16CD4C0-48EE-0F40-C9FD-0778EAF73FBD}] Battle.net [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Battle.net] Belfius Smart Card Reader Chrome-App [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3A2575B9-5F74-4357-9B96-3EB102030300}] CADdy++ - SEE Electrical schoolversie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E040012F-A895-482E-87EF-D747ABB0F1D6}] Catalyst Control Center - Branding [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11087D24-567D-7D88-69C6-D7A08B5F4C47}] Catalyst Control Center Graphics Previews Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9114BDDB-A6A6-152D-060A-E99307057AD1}] Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{315D9E6B-98B1-1E2B-9E93-B36A0B104224}] Catalyst Control Center Next Localization BR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D99BA8BB-CCA8-204C-1867-E904459A8B73}] Catalyst Control Center Next Localization CHS [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C1EB1702-1520-5BB2-9DED-5827FA12CB86}] Catalyst Control Center Next Localization CHT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DB27CA77-C209-BFF6-700D-88E3FFAFE63D}] Catalyst Control Center Next Localization CS [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C0BE1CF5-F93D-2641-314B-85E2EB4A9256}] Catalyst Control Center Next Localization DA [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{00953243-411E-294C-6B7B-1BEDB868EA39}] Catalyst Control Center Next Localization DE [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{724A76E5-F967-25B3-C2CD-36BEBBB10A40}] Catalyst Control Center Next Localization EL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EEEDD350-B86B-0FD7-CFF2-EF425C9443A7}] Catalyst Control Center Next Localization ES [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DAC228C5-C688-1F91-EEFA-EAA15002639F}] Catalyst Control Center Next Localization FI [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C70FDFA1-4B45-FDCD-708B-CC97C3D8033A}] Catalyst Control Center Next Localization FR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2CE1F6B-1866-DB80-2AD6-FD50E056821D}] Catalyst Control Center Next Localization HU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F937AF00-B63F-E9F4-1B52-4C903E347FCD}] Catalyst Control Center Next Localization IT [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{EBC36C18-E293-C3AC-9E8E-BA4BAC09346B}] Catalyst Control Center Next Localization JA [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A0C43CD7-AE8C-B0F3-4031-7565481DA451}] Catalyst Control Center Next Localization KO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0CEFD072-4694-36C9-333E-C77BFBDC9DAB}] Catalyst Control Center Next Localization NL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A4525810-2BB6-4989-0E35-6D78826561BB}] Catalyst Control Center Next Localization NO [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{83D51B96-9433-356B-EB77-F26F4DB6B622}] Catalyst Control Center Next Localization PL [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF47369F-DBEA-8AB1-B562-0A815ED0C454}] Catalyst Control Center Next Localization RU [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{005A39B4-C104-C892-8E36-F00926DF37B2}] Catalyst Control Center Next Localization SV [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF858C19-75B3-513C-188F-A87FEF8B4A01}] Catalyst Control Center Next Localization TH [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{598E3EC4-B4A4-3CE3-ED42-26D8A29210B5}] Catalyst Control Center Next Localization TR [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BB3FA5E5-3652-4EDD-1229-0487E93EE950}] ccc-utility64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C3463F9A-E635-02E0-C351-41D16074E202}] CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{703F229F-573E-10E7-3B44-341DB59AD86B}] CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{489E5436-B101-CAD9-5571-14746675ECE3}] CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BBA1614E-6470-7841-8A42-ABD5BA7B3FFE}] CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AA0E1433-8F16-AA01-E8E9-E6408579D0D8}] CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{504819D1-3C0A-2695-0007-BBDFA5936D68}] CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C495748-5F03-0B97-568B-76D0368FB460}] CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D9CBA021-DB41-9736-923F-52E3E426912D}] CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B03A580A-5D67-DAC5-59A1-7AD7C513381C}] CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{69DF4822-9B16-CE04-7587-22E09FB5FD1D}] CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{968C0E92-6DA9-5784-9A0B-1061D0CB2C14}] CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{11BC8F83-7260-65EB-3E0A-FA7AC894B42D}] CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FE4DC915-D724-E72C-EF86-DC5B89961ACF}] CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C9353DBC-A47C-2C9B-AF32-5E2C8B4E3D3A}] CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37DBC990-C514-3821-D6FB-12E0745AA990}] CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{79E3071B-8A0C-C105-6442-CF611732601E}] CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A12E8E1A-A77D-94E5-72F8-E83D6256AF11}] CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AD5E3969-F0C0-ECBF-45E5-C36B84904281}] CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CFA2067C-AE90-3BF9-06AF-E7E65E679B3D}] CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{110E4EE7-85A9-B76B-B943-C0C1CF0C2F74}] CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{42A97797-A255-49F9-4250-D58A9CEA2904}] CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{31BC0B51-0676-A531-3940-1818B609EEA7}] CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9DB45EC2-90E7-642D-7CF9-5AC2FBDC14F7}] CPUID HWMonitor 1.28 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CPUID HWMonitor_is1] DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite] De SimsT 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}] Dota 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 570] Dota 2 Workshop Tools Alpha [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 316570] EA Download Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\EADM] Ezvid [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F96D619D-99D6-4C9C-A393-0CD22DE1CA66}_is1] Farming Simulator 15 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FarmingSimulator2015INT_is1] Fraps [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Fraps] Geeks3D.com FurMark 1.9.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1] Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}] Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}] Grand Theft Auto IV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{579BA58C-F33D-4970-9953-B94B43768AC3}] GTA San Andreas [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}] Hearthstone [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hearthstone] inminet [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e20d6e44-c692-4329-d495-57e2996fc3ed}] Java 8 Update 31 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83218031F0}] League of Legends [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{79BF4901-1EC4-4726-B3C2-A7859706C6E7}] League of Legends [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\League of Legends 3.0.1] Malwarebytes Anti-Malware version 2.1.6.1022 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26784146-6E05-3FF9-9335-786C7C0FB5BE}] Microsoft .NET Framework 4.5.2 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033] Microsoft Games for Windows - LIVE Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{59E4543A-D49D-4489-B445-473D763C79AF}] Microsoft Office Professional Plus 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.PROPLUS] Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}] Microsoft Visual C++ 2005 Redistributable (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}] Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}] Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}] Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}] Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}] Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}] Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{37B8F9C7-03FB-3253-8781-2517C99D7C00}] Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}] Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B175520C-86A2-35A7-8619-86DC379688B9}] Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}] Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7f51bdb9-ee21-49ee-94d6-90afc321780e}] Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}] Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}] Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}] Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}] Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}] Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}] Microsoft Visual Studio 2010 Tools for Office Runtime (x64) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)] Microsoft WSE 3.0 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}] Minecraft 1.8.1 version 1.8.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Minecraft 1.8.1_is1] Need for Speed - Rivals [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Need for Speed - Rivals_R.G. Mechanics_is1] OMSI 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 252530] Open Broadcaster Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Open Broadcaster Software] OpenTTD 1.5.2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\OpenTTD] Oracle VM VirtualBox 5.0.12 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6F93731D-89E1-4A8F-BDA9-D104860DDB02}] PlanetSide 2 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE-PlanetSide 2] PlaysTV [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PlaysTV] Portal 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 620] Prison Architect [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1441974651_is1] Raptr [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raptr] Real Time Stat Tracker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E8E4D4FD-D449-4CF2-AA23-2191B76AE3B4}] Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}] Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}] Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17528CE4-C333-48FB-A9E4-D841E795CDCE}] Renesas Electronics USB 3.0 Host Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}] Rockstar Games Social Club [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{08B3869E-D282-424C-9AFC-870E04A4BA14}] Skype Click to Call [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}] Skype Web Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A51A9885-30AA-4736-BECA-5DB4BCB1A2EA}] SkypeT 7.21 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FC965A47-4839-40CA-B618-18F486F042C6}] Steam [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam] Stranded II 1.0.0.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE0900ED-C76A-40C0-8DB4-0F68D825B283}_is1] System Requirements Lab Detection [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3707AD31-8966-42C6-8FEE-003E16ABD706}] TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TeamSpeak 3 Client] TeamViewer 11 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\TeamViewer] WinRAR 5.20 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver] World of Tanks [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1] XSplit Broadcaster [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{31D17C3E-3D43-4C0E-B816-6730706AC390}] XSplit Gamecaster [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5AADA165-FB60-41C0-8825-3E5B6C5F244C}] ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Raptr deleted successfully HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{e20d6e44-c692-4329-d495-57e2996fc3ed} deleted successfully HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\44e6d02e296c92344d59752e99f63cde deleted successfully ==== HijackThis Entries ====================== F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll O4 - HKLM\..\Run: [RUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Aeria Ignite] "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent O4 - HKLM\..\Run: [PlaysTV] "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup O4 - HKLM\..\Run: [Raptr] C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe -update activex O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-3377807318-2724434003-2614323792-1005\..\Run: [Akamai NetSession Interface] "C:\Users\Safe\AppData\Local\Akamai\netsession_win.exe" (User 'Safe') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.aeriagames.com O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Plays.tv Update Service (PlaysService) - Plays.tv, LLC - C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Silent Runners ====================== "Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/ Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++} RGSC = C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent [null data] DAEMON Tools Lite Automount = "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun [Disc Soft Ltd] EA Core = "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent [Electronic Arts] HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\ {++} FlashPlayerUpdate = C:\Windows\system32\Macromed\Flash\FlashUtil64_11_8_800_175_ActiveX.exe -update activex [Adobe Systems Incorporated] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} RTHDVCPL = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [Realtek Semiconductor] StartCN = "C:\Program Files\AMD\CNext\CNext\cnext.exe" atlogon [Advanced Micro Devices, Inc.] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ {++} MSPCLOCK = rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} [MS] MSPQM = rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} [MS] MSKSSRV = rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} [MS] MSTEE.CxTransform = rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install [MS] MSTEE.Splitter = rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install [MS] WDM_DRMKAUD = rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++} RUSB3MON = "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [Renesas Electronics Corporation] SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [Oracle Corporation] Aeria Ignite = "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent [null data] PlaysTV = "C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe" --startup [Plays.tv, LLC] Raptr = C:\PROGRA~2\RAPTRI~1\Raptr\raptrstub.exe --startup [Raptr, Inc] BCSSync = "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [MS] HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\ {66C64F22-FC60-4E6C-A6B5-F0D580E680CE}\(Default) = Enable TLS1.1 and 1.2 \StubPath = C:\Windows\System32\ie4uinit.exe -EnableTLS [MS] {6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default) = Microsoft Windows Media Player \StubPath = C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [MS] {7D715857-A67C-4C2F-A929-038448584D63}\(Default) = Disable SSL3 \StubPath = C:\Windows\System32\ie4uinit.exe -DisableSSL3 [MS] {89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update \StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\ {6BF52A52-394A-11d3-B153-00C04F79FAA6}\(Default) = Microsoft Windows Media Player \StubPath = C:\Windows\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI [MS] {89820200-ECBD-11cf-8B85-00AA005B4340}\(Default) = Windows Desktop Update \StubPath = regsvr32.exe /s /n /i:U shell32.dll [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided) -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [Oracle Corporation] {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO -> {HKLM...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] -> {HKLM...Wow...CLSID} = Skype Click to Call for Internet Explorer \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] {B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO -> {HKLM...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS] -> {HKLM...Wow...CLSID} = Office Document Cache Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL [MS] {DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided) -> {HKLM...Wow...CLSID} = Java(tm) Plug-In 2 SSV Helper \InProcServer32\(Default) = C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [Oracle Corporation] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {B41DB860-64E4-11D2-9906-E49FADC173CA} = WinRAR shell extension -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] {5E2121EE-0300-11D4-8D3B-444553540000} = Catalyst Context Menu extension -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL [MS] {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler -> {HKLM...CLSID} = Microsoft Office Metadata Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler -> {HKLM...CLSID} = Microsoft Office Thumbnail Handler \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...CLSID} = Workspaces \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] {7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext -> {HKLM...CLSID} = Enterprise Projects \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ {23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov] {42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler -> {HKLM...Wow...CLSID} = (no title provided) \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll [MS] {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension -> {HKLM...Wow...CLSID} = Workspaces \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} = Microsoft OneNote Namespace Extension for Windows Desktop Search -> {HKLM...Wow...CLSID} = Microsoft OneNote Namespace Extension for Windows Desktop Search \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL [MS] {506F4668-F13E-4AA1-BB04-B43203AB3CC0} = {506F4668-F13E-4AA1-BB04-B43203AB3CC0} -> {HKLM...Wow...CLSID} = ImageExtractorShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {D66DC78C-4F61-447F-942B-3FB6980118CF} = {D66DC78C-4F61-447F-942B-3FB6980118CF} -> {HKLM...Wow...CLSID} = CInfoTipShellExt Class \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL [MS] {72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper -> {HKLM...Wow...CLSID} = Groove GFS Browser Helper \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar -> {HKLM...Wow...CLSID} = Groove Folder Synchronization \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...Wow...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler -> {HKLM...Wow...CLSID} = Groove GFS Stub Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {HKLM...Wow...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub) \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler -> {HKLM...Wow...CLSID} = Groove XML Icon Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] {00020D75-0000-0000-C000-000000000046} = Microsoft Outlook Desktop Icon Handler -> {HKLM...Wow...CLSID} = Microsoft Outlook \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\MLSHEXT.DLL [MS] {0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler -> {HKLM...Wow...CLSID} = Outlook File Icon Extension \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ <> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook -> {HKLM...CLSID} = Groove GFS Stub Execution Hook \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\ <> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945} -> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter \InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS] HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\ <> skypec2c\CLSID = {91774881-D725-4E58-B298-07617B9B86A8} -> {HKLM...CLSID} = Skype Click to Call for IE Pluggable Protocol \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov] WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\ XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\ 7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000} -> {HKLM...Wow...CLSID} = 7-Zip Shell Extension \InProcServer32\(Default) = C:\Program Files (x86)\7-Zip\7-zip.dll [Igor Pavlov] HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\ ACE\(Default) = {5E2121EE-0300-11D4-8D3B-444553540000} -> {HKLM...CLSID} = SimpleShlExt Class \InProcServer32\(Default) = C:\Program Files\AMD\CNext\CNext\atiacm64.dll [Advanced Micro Devices, Inc.] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D} -> {HKLM...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] -> {HKLM...Wow...CLSID} = Groove GFS Context Menu Handler \InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\ WinRAR\(Default) = {B41DB860-64E4-11D2-9906-E49FADC173CA} -> {HKLM...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext.dll [Alexander Roshal] WinRAR32\(Default) = {B41DB860-8EE4-11D2-9906-E49FADC173CA} -> {HKLM...Wow...CLSID} = WinRAR \InProcServer32\(Default) = C:\Program Files\WinRAR\rarext32.dll [Alexander Roshal] Active Desktop and Wallpaper: ----------------------------- Active Desktop may be disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState Displayed if Active Desktop disabled and wallpaper not set by Group Policy: HKCU\Control Panel\Desktop\ Wallpaper = %windir%\web\wallpaper\windows\img0.jpg Windows Portable Device AutoPlay Handlers ----------------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\ MSPlayCDAudioOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.AudioCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS] MSPlayDVDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.DVD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS] MSPlaySuperVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSPlayVideoCDMovieOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.VCD InvokeVerb = play HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS] MSWMPBurnCDOnArrival\ Provider = @wmploc.dll,-6502 InvokeProgID = WMP.BurnCD InvokeVerb = Burn HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS] Non-disabled Scheduled Tasks: {++} ----------------------------- C:\Windows\System32\Tasks Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated] AMD Updater -> (HIDDEN!) launches: "C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe" /AUTOUPDATEIN [Advanced Micro Devices, Inc.] GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.] GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.] Minecraft Checksum Validator -> launches: C:\Program Files (x86)\.minecraft\MinecraftChecksumValidator.exe [file not found] {015D44F5-2E15-43B1-B934-1C9090AFA537} -> launches: C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe [null data] {6D14CE76-F58C-4DF9-AFFF-B96CBEB5FD99} -> launches: C:\Windows\system32\pcalua.exe -a E:\SETUP.EXE -d E:\ [MS] {C0D68CA8-984B-408C-A1BB-55CC30E9C653} -> launches: C:\Program Files (x86)\Call of Duty- Modern Warfare 3\iw5sp.exe [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} -> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] -> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler \InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience AitAgent -> launches: aitagent [MS] Microsoft Compatibility Appraiser -> launches: %windir%\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly [MS] ProgramDataUpdater -> launches: %windir%\system32\compattelrunner.exe -maintenance [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Autochk Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060} -> {HKLM...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] -> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler \InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS] KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c} -> {HKLM...CLSID} = KernelCeipCustomHandler \InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS] UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8} -> {HKLM...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] -> {HKLM...Wow...CLSID} = UsbCeip \InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Defrag ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3} -> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Location Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D} -> {HKLM...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] -> {HKLM...Wow...CLSID} = WinSAT Task Manger Task \InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Media Center ActivateWindowsSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch [MS] ConfigureInternetTimeService -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService [MS] DispatchRecoveryTasks -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) [MS] ehDRMInit -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DRMInit [MS] InstallPlayReady -> launches: %SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) [MS] mcupdate -> launches: %SystemRoot%\ehome\mcupdate $(Arg0) [MS] MediaCenterRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask [MS] ObjectStoreRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask [MS] OCURActivate -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURActivate [MS] OCURDiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) [MS] PBDADiscovery -> launches: %SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery [MS] PBDADiscoveryW1 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery [MS] PBDADiscoveryW2 -> launches: %SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery [MS] PvrRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask [MS] PvrScheduleTask -> launches: %SystemRoot%\ehome\mcupdate.exe -PvrSchedule [MS] RegisterSearch -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) [MS] ReindexSearchRoot -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot [MS] SqlLiteRecoveryTask -> launches: %SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask [MS] UpdateRecordPath -> launches: %SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2} -> {HKLM...CLSID} = MemoryDiagnosticCustomHandler \InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E} -> {HKLM...CLSID} = HotStart User Agent \InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\MUI LPRemove -> launches: %windir%\system32\lpremove.exe [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543} -> {HKLM...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] -> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class \InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data] C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RAC RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6} -> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] -> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler \InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Ras MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa} -> {HKLM...CLSID} = RasMobilityManager \InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Registry RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2} -> {HKLM...CLSID} = RegistryIdleBackupHandler \InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\gwx launchtrayprocess -> launches: %windir%\system32\GWX\GWX.exe /tasklaunch [MS] refreshgwxconfig -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfig [MS] refreshgwxconfigandcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] refreshgwxcontent -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshContent [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Setup\GWXTriggers Logon-5d -> launches: %windir%\system32\GWX\GWX.exe /event:7 [MS] MachineUnlock-5d -> launches: %windir%\system32\GWX\GWX.exe /event:8 [MS] OnIdle-5d -> launches: %windir%\system32\GWX\GWX.exe /event:6 [MS] OutOfIdle-5d -> launches: %windir%\system32\GWX\GWX.exe /event:11 [MS] OutOfSleep-5d -> launches: %windir%\system32\GWX\GWX.exe /event:9 [MS] refreshgwxconfig-B -> launches: %windir%\system32\GWX\GWXConfigManager.exe /RefreshConfigAndContent [MS] ScheduleUpgradeReminderTime -> launches: %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime [MS] ScheduleUpgradeTime -> launches: %windir%\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime [MS] Time-5d -> launches: %windir%\system32\GWX\GWX.exe /event:10 [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SideShow GadgetManager -> launches: {FF87090D-4A9A-4f47-879B-29A80C355D61} -> {HKLM...CLSID} = GadgetsManager Class \InProcServer32\(Default) = C:\Windows\System32\AuxiliaryDisplayServices.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4} -> {HKLM...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] -> {HKLM...Wow...CLSID} = RunTask \InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS] IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS] C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} -> {HKLM...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] -> {HKLM...Wow...CLSID} = MsCtfMonitor task handler \InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS] C:\Windows\System32\Tasks\Microsoft\Windows\UPnP UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WDI ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} -> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] -> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler \InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Activation Technologies ValidationTask -> (HIDDEN!) launches: %SystemRoot%\system32\Wat\WatAdminSvc.exe /run [MS] ValidationTaskDeadline -> (HIDDEN!) launches: %SystemRoot%\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS] C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS] C:\Windows\System32\Tasks\Microsoft\Windows\Wininet CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148} -> {HKLM...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] -> {HKLM...Wow...CLSID} = Wininet Cache task object \InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS] C:\Windows\System32\Tasks\Microsoft\Windows Defender MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS] C:\Windows\System32\Tasks\WPD SqmUpload_S-1-5-21-3377807318-2724434003-2614323792-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++} 000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS] 000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS] 000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS] 000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS] 000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS] Transport Service Providers HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 10 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS] HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32\(Default) = C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL [MS] Extensions (Tools menu items, main toolbar menu buttons) HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call settings CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...CLSID} = Skype Click to Call settings \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [MS] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\ {2670000A-7350-4F3C-8081-5663EE0C6C49}\ ButtonText = Send to OneNote MenuText = Se&nd to OneNote CLSIDExtension = {48E73304-E1D6-4330-914C-F5F514E3486C} -> {HKLM...Wow...CLSID} = Send to OneNote from Internet Explorer button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [MS] {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\ ButtonText = OneNote Lin&ked Notes MenuText = OneNote Lin&ked Notes CLSIDExtension = {FFFDC614-B694-4AE6-AB38-5D6374584B52} -> {HKLM...Wow...CLSID} = Linked Notes button \InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [MS] {898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ ButtonText = Skype Click to Call settings CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -> {HKLM...Wow...CLSID} = Skype Click to Call settings \InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [MS] Miscellaneous IE Hijack Points ------------------------------ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\ <> InPrivate = res://ieframe.dll/inprivate_win7.htm [MS] Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ AMD External Events Utility, AMD External Events Utility, C:\Windows\system32\atiesrxx.exe [AMD] AMD FUEL Service, AMD FUEL Service, "C:\Program Files\AMD\ATI.ACE\Fuel\Fuel.Service.exe" /launchService [Advanced Micro Devices, Inc.] Diagnostics Tracking Service, DiagTrack, C:\Windows\System32\svchost.exe -k utcsvc {C:\Windows\system32\diagtrack.dll [MS]} Disc Soft Lite Bus Service, Disc Soft Lite Bus Service, "C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe" [Disc Soft Ltd] Plays.tv Update Service, PlaysService, "C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe" [Plays.tv, LLC] Skype Click to Call PNR Service, c2cpnrsvc, "C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe" /service [MS] Skype Click to Call Updater, c2cautoupdatesvc, "C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe" /service [MS] TeamViewer 11, TeamViewer, "C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe" [TeamViewer GmbH] UMVPFSrv, UMVPFSrv, C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [Logitech Inc.] Safe Mode Drivers & Services (subkey name, subkey default value): ----------------------------------------------------------------- HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\ <> PEVSystemStart, Service HKLM\System\CurrentControlSet\Control\SafeBoot\Network\ <> PEVSystemStart, Service <>: Suspicious data at a browser hijack point. ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\deckx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\deckx\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Safe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Safe\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Safe\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully C:\Users\deckx\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Safe\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ======== System Restore Points ======== RP111: 26/03/2016 12:30:29 - Windows Update RP112: 26/03/2016 22:00:09 - Windows Update RP114: 1/04/2016 10:40:24 - Windows Update RP115: 3/04/2016 16:36:32 - zoek.exe restore point ==== C:\zoek_backup content ====================== C:\zoek_backup (files=55 folders=50 33811146 bytes) ==== Empty Temp Folders ====================== C:\Users\deckx\AppData\Local\Temp will be emptied at reboot C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Safe\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\deckx\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Safe\AppData\Local\Temp\FXSAPIDebugLogFile.txt" not deleted "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found "C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted ==== EOF on zo 03/04/2016 at 17:01:33,10 ======================