# Malware keeps reappearing



## Squeedlejinks (Feb 27, 2014)

I have a problem with malware that keeps reappearing a couple days after the computer SEEMS clean.

It started when I downloaded a tool that I've used before with no problems. Either I got the wrong program by mistake, or it's changed for the worse since the last time I used it. I did scan it with Malware Bytes and Windows Defender before running it, but neither found any problems.

I immediately got YAC, Amonitize, Conduit.A, Amonitize.A, Software Updater and probably something else that I can't remember. I ran MalwareBytes which found and removed them. Windows Defender found nothing and neither did TrendMicro HouseCall. Full scans on everything, always. After a second scan of each of them, with nothing found, it seemed the computer was clean.

Two days later, I watched as YAC reinstalled and revived, along with several of its friends. I've run MalwareBytes, Windows Defender, TrendMicro RUBotted, Avast! and cleaned it out with CCleaner multiple times with each. It looked clean, but today as I did one more paranoid check in my Programs and Features to see if anything new was there that could be uninstalled, I found a software updater that didn't list a lot of details. I went back to MalwareBytes and found 14 old enemies again, although no sign of YAC yet - knock on wood.

I'm including the log files, and let you know ahead of time that I appreciate you taking the time to look them over and offer some advice.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8, 64 bit
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 8074 Mb
Graphics Card: Intel(R) HD Graphics 4000, -1984 Mb
Hard Drives: C: Total - 687643 MB, Free - 590189 MB; D: Total - 26964 MB, Free - 3188 MB;
Motherboard: Hewlett-Packard, 18A4
Antivirus: Windows Defender, Disabled
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[BTW, I got a note from HijackThis that the system denied access to the HOSTS file.]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:03:22 AM, on 2/27/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16798)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Users\Cathy\Desktop\HijackThis.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NETGEAR USB Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdateTool] C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem29.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateSoftware (UpdateServiceTool) - VIS without Co - C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13734 bytes


----------



## Squeedlejinks (Feb 27, 2014)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16798
Run by Cathy at 2:05:42 on 2014-02-27
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.8075.6523 [GMT -6:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\dwm.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe
C:\Windows\system32\valWBFPolicyService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Core Temp\Core Temp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Program Files\Common Files\AuthenTec\TrueService.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [NETGEAR USB Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [UpdateTool] C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\Users\Cathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\Windows\System32\RunDll32.exe
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\4636363646D277962756C6563737 : DHCPNameServer = 144.162.165.240 144.162.216.240
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\66D676D24756D607 : DHCPNameServer = 192.168.3.32 192.168.7.24
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\C416175796E64716D223 : DHCPNameServer = 10.6.18.1
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\C416175796E64716D2F66636 : DHCPNameServer = 10.6.18.1
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\D66736D256465713 : DHCPNameServer = 144.162.216.230 144.162.10.230
TCP: Interfaces\{8C912BB9-E1A3-4C69-A5D9-A0020450C086}\E45445745414259303 : DHCPNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: TidyNetwork: {830BFF44-A135-325C-CEAF-062383344D86} - 
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: ClassicIE9BHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
x64-IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310}
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\
FF - prefs.js: browser.search.selectedEngine - Startpage (SSL)
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\Drivers\aswRvrt.sys [2014-2-17 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\Drivers\aswVmm.sys [2014-2-17 207904]
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2014-2-17 1038072]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2014-2-17 421704]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-5 92536]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2014-2-17 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-17 50344]
R2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\Windows\System32\Drivers\ekaprot6.sys [2012-3-23 27288]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [2012-8-10 1641320]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-9-24 31040]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-31 35232]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-11-5 165760]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2014-2-19 443416]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-11-5 364416]
R2 UpdateServiceTool;UpdateSoftware;C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [2014-2-11 6656]
R2 valWBFPolicyService;Validity WBF Policy Service;C:\Windows\System32\valWBFPolicyService.exe [2012-9-6 28160]
R3 aswStm;aswStm;C:\Windows\System32\Drivers\aswStm.sys [2014-2-17 80184]
R3 cbfs3;EldoS Callback File System driver v3;C:\Windows\System32\Drivers\cbfs3.sys [2012-12-3 352144]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-6-20 342528]
R3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;C:\Windows\System32\Drivers\NetgearUDSMBus.sys [2013-4-11 107296]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2013-4-15 2482960]
R3 RSBASTOR;Realtek PCIE CardReader Driver - BA;C:\Windows\System32\Drivers\RtsBaStor.sys [2012-11-5 294544]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-5 690832]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2013-7-28 33008]
R3 TrueService;TrueAPI Service component;C:\Program Files\Common Files\AuthenTec\TrueService.exe [2012-7-16 401256]
R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
S2 HOSTS Anti-PUPs;HOSTS Anti-PUPs;C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update --> C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 NetgearUDSTcpBus;NetgearUDSTcpBus;C:\Windows\System32\Drivers\NetgearUDSTcpBus.sys [2013-4-11 183584]
S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-5 41272]
.
=============== Created Last 30 ================
.
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
2014-02-27 06:34:57	159744	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
2014-02-27 04:38:46	272496	----a-w-	C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-27 04:38:44	28272	----a-w-	C:\Program Files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2014-02-22 07:36:45	--------	d-----w-	C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-02-20 07:50:47	--------	d-----w-	C:\AdwCleaner
2014-02-19 08:21:22	--------	d-----w-	C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-19 08:18:57	91352	----a-w-	C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-19 08:13:46	--------	d-----w-	C:\Program Files (x86)\WinPcap
2014-02-19 08:13:37	--------	d-----w-	C:\ProgramData\Trend Micro
2014-02-19 08:12:37	--------	d-----w-	C:\Program Files (x86)\Trend Micro
2014-02-17 06:21:20	--------	d-----w-	C:\Users\Cathy\AppData\Roaming\AVAST Software
2014-02-17 06:20:03	80184	----a-w-	C:\Windows\System32\drivers\aswStm.sys
2014-02-17 06:20:03	207904	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2014-02-17 06:20:02	92544	----a-w-	C:\Windows\System32\drivers\aswRdr2.sys
2014-02-17 06:20:02	78648	----a-w-	C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-17 06:20:02	65776	----a-w-	C:\Windows\System32\drivers\aswRvrt.sys
2014-02-17 06:20:02	1038072	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2014-02-17 06:19:54	43152	----a-w-	C:\Windows\avastSS.scr
2014-02-17 06:19:21	--------	d-----w-	C:\Program Files\AVAST Software
2014-02-17 06:16:53	--------	d-----w-	C:\ProgramData\AVAST Software
2014-02-16 09:00:11	10315576	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C90B54D7-FCEB-4619-A112-3B08F0BDF63F}\mpengine.dll
2014-02-12 05:36:47	175528	----a-w-	C:\Windows\System32\drivers\tmcomm.sys
2014-02-11 22:12:56	3960320	----a-w-	C:\Windows\System32\jscript9.dll
2014-02-11 22:12:56	2877952	----a-w-	C:\Windows\SysWow64\jscript9.dll
2014-02-11 22:12:52	108032	----a-w-	C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-02-11 22:11:27	1845248	----a-w-	C:\Windows\System32\msxml3.dll
2014-02-11 22:11:27	1419264	----a-w-	C:\Windows\SysWow64\msxml3.dll
2014-02-11 22:11:26	2232664	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2014-02-11 22:10:43	600064	----a-w-	C:\Windows\System32\vbscript.dll
2014-02-11 22:10:43	523776	----a-w-	C:\Windows\SysWow64\vbscript.dll
2014-02-11 22:10:42	83968	----a-w-	C:\Windows\System32\drivers\hidclass.sys
2014-02-11 22:10:41	583680	----a-w-	C:\Windows\System32\msdrm.dll
2014-02-11 22:10:41	451072	----a-w-	C:\Windows\SysWow64\msdrm.dll
2014-02-11 22:10:33	3842560	----a-w-	C:\Windows\System32\d2d1.dll
2014-02-11 22:10:33	3288576	----a-w-	C:\Windows\SysWow64\d2d1.dll
2014-02-11 22:10:33	2238976	----a-w-	C:\Windows\System32\d3d10warp.dll
2014-02-11 22:10:32	2032640	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2014-02-11 21:56:49	10315576	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-02-11 21:40:25	--------	d-----w-	C:\Program Files\CCleaner
2014-02-11 07:05:32	--------	d-----w-	C:\Users\Cathy\AppData\Roaming\eCyber
2014-02-11 07:05:22	--------	d-----w-	C:\Windows\System32\log
2014-02-11 06:03:20	--------	d-----w-	C:\Program Files (x86)\Bin
.
==================== Find3M ====================
.
2014-02-17 22:03:37	78304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-17 22:03:37	694240	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-01 09:19:49	2241536	----a-w-	C:\Windows\System32\wininet.dll
2014-02-01 09:19:36	915968	----a-w-	C:\Windows\System32\uxtheme.dll
2014-02-01 09:19:36	53760	----a-w-	C:\Windows\System32\UXInit.dll
2014-02-01 09:18:21	67072	----a-w-	C:\Windows\System32\iesetup.dll
2014-02-01 09:18:21	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2014-02-01 07:58:31	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
2014-02-01 07:58:24	44032	----a-w-	C:\Windows\SysWow64\UXInit.dll
2014-02-01 07:57:16	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2014-02-01 07:57:16	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2014-02-01 07:40:43	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2014-02-01 07:34:53	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2014-02-01 05:08:52	534528	----a-w-	C:\Windows\SysWow64\uxtheme.dll
2014-01-19 07:33:29	270496	------w-	C:\Windows\System32\MpSigStub.exe
2014-01-17 22:24:12	94208	----a-w-	C:\Windows\SysWow64\QuickTimeVR.qtx
2014-01-17 22:24:12	69632	----a-w-	C:\Windows\SysWow64\QuickTime.qts
2013-12-07 06:37:24	688640	----a-w-	C:\Windows\System32\WSShared.dll
2013-12-07 06:37:24	163840	----a-w-	C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-07 05:15:46	562688	----a-w-	C:\Windows\SysWow64\WSShared.dll
2013-12-07 05:15:46	124928	----a-w-	C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
.
============= FINISH: 2:06:51.90 ===============

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 11/30/2012 5:53:43 AM
System Uptime: 2/27/2014 1:48:53 AM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 18A4
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz | U3E1 | 2501/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 672 GiB total, 576.389 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 3.114 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP60: 2/8/2014 2:38:55 AM - Windows Update
RP61: 2/11/2014 4:13:26 PM - Windows Update
RP62: 2/15/2014 11:00:51 AM - Restore Operation
RP63: 2/17/2014 12:19:07 AM - avast! antivirus system restore point
RP64: 2/25/2014 3:04:21 AM - Scheduled Checkpoint
RP65: 2/27/2014 12:33:48 AM - Installed QuickTime 7
.
==== Installed Programs ======================
.
4 Elements II
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 11.6
AIM 7
Amaya
Apple Application Support
Apple Software Update
AuthenTec TrueAPI 64-bit
avast! Free Antivirus
Bejeweled 3
Bonjour
Build-a-lot 4 - Power Source
Bullzip PDF Printer 9.3.0.1516
Canon MP210 series
CCleaner
Chuzzle Deluxe
Classic Shell
Core Temp 1.0 RC4
Cradle Of Egypt Collector's Edition
Cradle of Rome 2
CrypTool 1.4.30
CyberLink LabelPrint
CyberLink Media Suite 10
CyberLink PhotoDirector
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Ekahau HeatMapper
Energy Star
Farm Frenzy
FATE: The Cursed King
Final Drive Fury
FlatOut 2
Governor of Poker 2 Premium Edition
Hewlett-Packard ACLM.NET v1.2.0.0
Hoyle Card Games
HP 3D DriveGuard
HP Connected Backup
HP Connected Music (Meridian - installer)
HP CoolSense
HP Customer Experience Enhancements
HP Documentation
HP Games
HP MyRoom
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Postscript Converter
HP Quick Launch
HP Recovery Manager
HP Registration Service
HP SimplePass
HP Software Framework
HP Support Assistant
HP Update
HP Utility Center
HP Wireless Button Driver
I.R.I.S. OCR
IDT Audio
iExplorer 3.2.0.2
Instant Eyedropper 1.75
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Jewel Match 3
John Deere Drive Green
Luxor Evolved
Mahjongg Dimensions Deluxe: Tiles in Time
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mortimer Beckett and the Crimson Thief Premium Edition
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Mystery P.I. - Curious Case of Counterfeit Cove
NETGEAR USB Control Center 
NirSoft Wireless Network Watcher
Peggle Nights
Penguins!
Polar Bowler
Polar Golfer
QuickTime 7
Ralink RT5390R 802.11bgn Wi-Fi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Roads of Rome 3
Safari
SeaMonkey 2.21 (x86 en-US)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Skype 6.11
swMSM
Synaptics Pointing Device Driver
Tales of Lagoona
Trend Micro RUBotted 2.0 Beta
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest - Australia
Validity WBF DDK
WildTangent Games
WildTangent Games App
WinDirStat 1.1.2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Language Selector
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.3
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/27/2014 1:49:55 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HOSTS Anti-PUPs service to connect.
2/27/2014 1:49:55 AM, Error: Service Control Manager [7000] - The HOSTS Anti-PUPs service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/27/2014 1:48:57 AM, Error: Microsoft-Windows-Kernel-General [6] - An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): ''.
2/22/2014 1:36:48 AM, Error: Service Control Manager [7030] - The HOSTS Anti-PUPs service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/21/2014 12:02:02 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================


----------



## Squeedlejinks (Feb 27, 2014)

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-27 02:24:02
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000004c Hitachi_HTS547575A9E384 rev.JE4OA50A 698.64GB
Running: b0xrsxq1.exe; Driver: C:\Users\Cathy\AppData\Local\Temp\awrcyaod.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion  000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\smss.exe[328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess  000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread  000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\wininit.exe[572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\wininit.exe[572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2  000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\csrss.exe[620] C:\Windows\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl  000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\winlogon.exe[664] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion  000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\services.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\services.exe[696] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\lsass.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection  000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[812] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260


----------



## Squeedlejinks (Feb 27, 2014)

.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder  000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\svchost.exe[984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\svchost.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[1012] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess  000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread  000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[404] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore  000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread  000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\dwm.exe[392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\dwm.exe[392] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\svchost.exe[708] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\svchost.exe[708] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore  000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\IDT\WDM\STacSV64.exe[960] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\Hpservice.exe[1352] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort  000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\System32\WUDFHost.exe[1404] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[1516] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort  000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore  000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360


----------



## Squeedlejinks (Feb 27, 2014)

.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\System32\spoolsv.exe[1852] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread  000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[1884] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[1840] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx  000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess  000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair  000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Bonjour\mDNSResponder.exe[1936] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx  000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\dashost.exe[1572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2316] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection  000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\svchost.exe[2548] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess  000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[2572] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair  000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe[2648] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220


----------



## Squeedlejinks (Feb 27, 2014)

.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\valWBFPolicyService.exe[2696] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection  000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\svchost.exe[800] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\svchost.exe[800] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\svchost.exe[3524] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject  000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\taskhostex.exe[4048] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\Classic Shell\ClassicStartMenu.exe[1192] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort  000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\wbem\wmiprvse.exe[4016] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\wbem\unsecapp.exe[2640] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject  000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\Explorer.EXE[4248] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\Explorer.EXE[4248] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess  000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\SearchIndexer.exe[4728] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250


----------



## Squeedlejinks (Feb 27, 2014)

.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection  000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3028] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread  000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore  000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent  000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject  000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb8ed81b32 4 bytes [D8, 8E, FB, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb8ed81b3a 4 bytes [D8, 8E, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[5672] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[5584] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [620:640] fffff96000b815e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Again, thank you for looking at this.


----------



## Squeedlejinks (Feb 27, 2014)

.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4960] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Common Files\AuthenTec\TrueService.exe[4984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[3028] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\System32\igfxpers.exe[4320] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\IDT\WDM\sttray64.exe[4360] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe[4592] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007fb8ed91532 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007fb8ed9153a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007fb8ed9165a 4 bytes [D9, 8E, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Windows\system32\RunDll32.exe[1420] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe[4724] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007fb9c6c177a 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe[5624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007fb9c6c1782 4 bytes [6C, 9C, FB, 07]
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 000007fb9ea42c90 5 bytes JMP 000007fc1ec10460
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 000007fb9ea42ce0 5 bytes JMP 000007fc1ec10450
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 000007fb9ea42e40 5 bytes JMP 000007fc1ec10370
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 000007fb9ea42e90 5 bytes JMP 000007fc1ec10470
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 000007fb9ea42ea0 5 bytes JMP 000007fc1ec103e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection  000007fb9ea42f50 5 bytes JMP 000007fc1ec10320
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000007fb9ea42f80 5 bytes JMP 000007fc1ec103b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 000007fb9ea42fa0 5 bytes JMP 000007fc1ec10390
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 000007fb9ea42fe0 5 bytes JMP 000007fc1ec102e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 000007fb9ea43060 5 bytes JMP 000007fc1ec102d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 000007fb9ea43080 1 byte JMP 000007fc1ec10310
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection + 2 000007fb9ea43082 3 bytes {JMP 0xffffffff801cd290}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 000007fb9ea430c0 5 bytes JMP 000007fc1ec103c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 000007fb9ea43110 5 bytes JMP 000007fc1ec103f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 000007fb9ea43281 5 bytes JMP 000007fc1ec10230
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 000007fb9ea43471 5 bytes JMP 000007fc1ec10480
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 000007fb9ea434a1 5 bytes JMP 000007fc1ec103a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 000007fb9ea435b1 5 bytes JMP 000007fc1ec102f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 000007fb9ea435d1 5 bytes JMP 000007fc1ec10350
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 000007fb9ea43641 5 bytes JMP 000007fc1ec10290
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 000007fb9ea436d1 5 bytes JMP 000007fc1ec102b0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000007fb9ea436f1 5 bytes JMP 000007fc1ec103d0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 000007fb9ea43701 5 bytes JMP 000007fc1ec10330
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 000007fb9ea437a1 5 bytes JMP 000007fc1ec10410
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 000007fb9ea437d1 5 bytes JMP 000007fc1ec10240
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 000007fb9ea43ae1 5 bytes JMP 000007fc1ec101e0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 000007fb9ea43ba1 5 bytes JMP 000007fc1ec10250
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 000007fb9ea43bd1 5 bytes JMP 000007fc1ec10490
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 000007fb9ea43be1 5 bytes JMP 000007fc1ec104a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 000007fb9ea43c11 5 bytes JMP 000007fc1ec10300
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 000007fb9ea43c21 5 bytes JMP 000007fc1ec10360
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 000007fb9ea43c81 5 bytes JMP 000007fc1ec102a0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 000007fb9ea43cd1 5 bytes JMP 000007fc1ec102c0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 000007fb9ea43d01 5 bytes JMP 000007fc1ec10380
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 000007fb9ea43d11 5 bytes JMP 000007fc1ec10340
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 000007fb9ea44021 5 bytes JMP 000007fc1ec10440
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 000007fb9ea44221 5 bytes JMP 000007fc1ec10260
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 000007fb9ea44231 5 bytes JMP 000007fc1ec10270
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000007fb9ea44251 5 bytes JMP 000007fc1ec10400
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 000007fb9ea44431 5 bytes JMP 000007fc1ec101f0
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 000007fb9ea44441 5 bytes JMP 000007fc1ec10210
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 000007fb9ea444b1 5 bytes JMP 000007fc1ec10200
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 000007fb9ea44521 5 bytes JMP 000007fc1ec10420
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 000007fb9ea44531 5 bytes JMP 000007fc1ec10430
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 000007fb9ea44541 5 bytes JMP 000007fc1ec10220
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 000007fb9ea44651 5 bytes JMP 000007fc1ec10280
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007fb8ed81b32 4 bytes [D8, 8E, FB, 07]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2872] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007fb8ed81b3a 4 bytes [D8, 8E, FB, 07]
.text C:\Windows\system32\wbem\wmiprvse.exe[5672] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[5584] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 163 000007fb9cdff7eb 1 byte [62]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\csrss.exe [620:640] fffff96000b815e8

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Again, thank you for looking at this.


----------



## kevinf80 (Mar 21, 2006)

Hello and welcome to TSG,

Run the following in the order given and post those logs..

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for *PUP* > Select: Show in Results List and Check for removal.

Please *Update* and run a *Quick* scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.


 Double click on AdwCleaner.exe to run the tool.
 Vista/Windows 7/8 users right-click and select Run As Administrator
 Click on the Scan button.
 AdwCleaner will begin...be patient as the scan may take some time to complete.
 When it's done you'll see: Pending: Uncheck any elements you don't want removed.
 Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
 Look over the log especially under Files/Folders for any program you want to save.
 If there's a program you want to save, just uncheck it from AdwCleaner.
 If you're not sure, post the log for review.
 If you're ready to clean it all up.....click the Clean button.
 After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 Copy and paste the contents of that logfile in your next reply.
 A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
 To restore an item that has been deleted (if necessary):
 Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (*Addition.txt*). Please attach it to your reply.

Let me see those logs,

Kevin....


----------



## Squeedlejinks (Feb 27, 2014)

Hello, and thank you for the welcome!

I am currently at work but I'll get those to you as soon as I'm back at the computer.

I've been scanning regularly with both MalwareBytes and AdwCleaner. They're the only tools that seem to find anything. 

Thank you very much for your help!

Cathy


----------



## kevinf80 (Mar 21, 2006)

Thanks Cathy, posts the logs when you`re ready....


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I have a whole lot of data here! Before I post the logs, I want to let you know that after I ran MalwareBytes, it required a reboot. When the computer got to the "Rebooting..." screen, it stayed there for about 5 minutes, then I got a BSOD with the information that the computer had to be restarted. It listed the problem as Driver_power_state_failure. It kept logs, which I can post if you think they would be of any help.

Thank you, and here are the logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.27.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Cathy :: SPRINGTIME [administrator]

2/27/2014 5:25:04 PM
mbam-log-2014-02-27 (17-25-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 218439
Time elapsed: 3 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd.1 (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
HKCR\Updater.AmiUpd (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 7
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.SoftwareUpdater) -> Quarantined and deleted successfully.
C:\Windows\Temp\awhAD28.tmp (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\setup__4615.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\setup__4793.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Temp\is-63F0E.tmp\Bundle.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\SwvUpdater\Updater.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

(end)


----------



## Squeedlejinks (Feb 27, 2014)

# AdwCleaner v3.020 - Report created 27/02/2014 at 17:55:43
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Cathy - SPRINGTIME
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Cathy\AppData\Roaming\eCyber

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16798

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\prefs.js ]

*************************

AdwCleaner[R0].txt - [3952 octets] - [20/02/2014 01:51:07]
AdwCleaner[R1].txt - [938 octets] - [20/02/2014 23:58:11]
AdwCleaner[R2].txt - [1056 octets] - [22/02/2014 01:38:25]
AdwCleaner[R3].txt - [1181 octets] - [24/02/2014 23:58:35]
AdwCleaner[R4].txt - [1297 octets] - [26/02/2014 22:05:53]
AdwCleaner[R5].txt - [1490 octets] - [27/02/2014 17:49:04]
AdwCleaner[S0].txt - [3806 octets] - [20/02/2014 02:05:59]
AdwCleaner[S1].txt - [998 octets] - [20/02/2014 23:59:19]
AdwCleaner[S2].txt - [1118 octets] - [22/02/2014 01:39:43]
AdwCleaner[S3].txt - [1243 octets] - [25/02/2014 00:01:23]
AdwCleaner[S4].txt - [1359 octets] - [26/02/2014 22:06:37]
AdwCleaner[S5].txt - [1413 octets] - [27/02/2014 17:55:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [1473 octets] ##########


----------



## Squeedlejinks (Feb 27, 2014)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Cathy on Thu 02/27/2014 at 18:08:54.22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{910C82E6-C5BE-43BF-AA89-32507EA70C82}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [Folder] C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\h2vlw8be.default\extensions\staged
Emptied folder: C:\Users\Cathy\AppData\Roaming\mozilla\firefox\profiles\h2vlw8be.default\minidumps [12 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/27/2014 at 18:13:45.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


----------



## Squeedlejinks (Feb 27, 2014)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-02-2014 02
Ran by Cathy (administrator) on SPRINGTIME on 27-02-2014 18:28:32
Running from C:\Users\Cathy\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
() C:\Program Files\Core Temp\Core Temp.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
() C:\Windows\system32\valWBFPolicyService.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
() C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Safari.exe
(Apple Inc.) C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\HP SimplePass\DownloadAD.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NETGEAR USB Control Center] - C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe [4139008 2012-09-20] ()
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [UpdateTool] - C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe
HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] - C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [HOSTS Anti-Adware_PUPs] - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe [302961 2014-02-22] ()
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4122548210-2413772287-1355096437-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-4122548210-2413772287-1355096437-1001\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {34FA5360-6333-4EC6-95CD-F6E509A5E894} URL = https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: TidyNetwork - {830BFF44-A135-325C-CEAF-062383344D86} - C:\Program Files (x86)\TidyNetwork\petn64.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
FF DefaultSearchEngine: Startpage (SSL)
FF SelectedSearchEngine: Startpage (SSL)
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\searchplugins\ixquick.xml
FF SearchPlugin: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\searchplugins\startpage-ssl.xml
FF Extension: ModPlugin - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\Extensions\{31d88f70-c791-42d8-8187-faaf71d42f67} [2013-09-11]
FF Extension: NO Google Analytics - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\Extensions\[email protected] [2013-03-18]
FF Extension: NoScript - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-03-19]
FF Extension: Adblock Plus - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-18]
FF Extension: Tab Mix Plus - C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012-12-05]

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software)
R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
S2 HOSTS Anti-PUPs; C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe [285795 2014-02-22] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
S2 UpdateServiceTool; C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe [6656 2013-12-02] (VIS without Co)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-17] ()
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R2 EkaProt6; C:\Windows\system32\DRIVERS\ekaprot6.sys [27288 2012-03-23] (Ekahau Inc.)
R3 NetgearUDSMBus; C:\Windows\system32\drivers\NetgearUDSMBus.sys [107296 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\System32\drivers\NetgearUDSTcpBus.sys [183584 2012-08-13] (Windows (R) Codename Longhorn DDK provider)
S3 NetgearUDSTcpBus; C:\Windows\SysWOW64\drivers\NetgearUDSTcpBus.sys [153600 2012-06-15] (Windows (R) Codename Longhorn DDK provider)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-28] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20288 2012-08-03] (Hewlett-Packard Development Company, L.P.)
R3 ALSysIO; \??\C:\Users\Cathy\AppData\Local\Temp\ALSysIO64.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-27 18:28 - 2014-02-27 18:28 - 00017720 _____ () C:\Users\Cathy\Desktop\FRST.txt
2014-02-27 18:28 - 2014-02-27 18:28 - 00000000 ____D () C:\FRST
2014-02-27 18:23 - 2014-02-27 18:23 - 02155520 _____ (Farbar) C:\Users\Cathy\Desktop\FRST64.exe
2014-02-27 18:13 - 2014-02-27 18:13 - 00001022 _____ () C:\Users\Cathy\Desktop\JRT.txt
2014-02-27 18:08 - 2014-02-27 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 18:01 - 2014-02-27 18:01 - 01037734 _____ (Thisisu) C:\Users\Cathy\Desktop\JRT.exe
2014-02-27 18:00 - 2014-02-27 18:00 - 00001557 _____ () C:\Users\Cathy\Desktop\AdwCleaner[S5].txt
2014-02-27 17:48 - 2014-02-27 18:27 - 00000161 _____ () C:\Users\Cathy\Desktop\Windows Smart Screen.txt
2014-02-27 17:45 - 2014-02-27 17:45 - 01244192 _____ () C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-02-27 17:39 - 2014-02-27 17:39 - 735782940 _____ () C:\Windows\MEMORY.DMP
2014-02-27 17:39 - 2014-02-27 17:39 - 00298704 _____ () C:\Windows\Minidump\022714-22812-01.dmp
2014-02-27 02:24 - 2014-02-27 02:24 - 00452946 _____ () C:\Users\Cathy\Desktop\ark.txt
2014-02-27 02:17 - 2014-02-27 02:17 - 00380416 _____ () C:\Users\Cathy\Desktop\b0xrsxq1.exe
2014-02-27 02:07 - 2014-02-27 02:07 - 00008208 _____ () C:\Users\Cathy\Desktop\attach.txt
2014-02-27 02:07 - 2014-02-27 02:06 - 00022440 _____ () C:\Users\Cathy\Desktop\dds.txt
2014-02-27 02:05 - 2014-02-27 02:05 - 00688992 ____R (Swearware) C:\Users\Cathy\Desktop\dds.scr
2014-02-27 02:03 - 2014-02-27 02:03 - 00013736 _____ () C:\Users\Cathy\Desktop\hijackthis.log
2014-02-27 01:58 - 2014-02-27 01:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Cathy\Desktop\HijackThis.exe
2014-02-27 01:49 - 2014-02-27 17:39 - 00003624 _____ () C:\Windows\PFRO.log
2014-02-27 01:47 - 2014-02-27 17:32 - 00000211 _____ () C:\Users\Cathy\Desktop\Posting Info.txt
2014-02-27 00:34 - 2014-02-27 03:06 - 00059219 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 00:34 - 2014-02-27 00:34 - 00001883 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-02-27 00:34 - 2014-02-27 00:34 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-25 01:06 - 2014-02-25 01:06 - 00039405 _____ () C:\Users\Cathy\Documents\prefs-dot-js file from FF that I was thinking might be infected.txt
2014-02-23 23:36 - 2014-02-23 23:36 - 00000521 _____ () C:\Users\Cathy\Documents\Empowerment.txt
2014-02-22 01:36 - 2014-02-22 01:36 - 00001223 _____ () C:\Users\Cathy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-02-22 01:36 - 2014-02-22 01:36 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-02-21 00:01 - 2014-02-21 00:01 - 00000124 _____ () C:\Users\Cathy\Desktop\Hosts Anti-PUP-Adware.txt
2014-02-20 01:50 - 2014-02-27 17:55 - 00000000 ____D () C:\AdwCleaner
2014-02-19 04:06 - 2014-02-19 04:06 - 00000329 _____ () C:\Users\Cathy\Desktop\AT&T service.txt
2014-02-19 02:21 - 2014-02-19 03:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-19 02:18 - 2014-02-19 03:00 - 00000000 ____D () C:\Users\Cathy\Desktop\mbar
2014-02-19 02:18 - 2014-02-19 02:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-19 02:13 - 2014-02-19 02:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-02-19 02:13 - 2014-02-19 02:13 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-19 02:12 - 2014-02-19 02:12 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-17 00:21 - 2014-02-17 00:21 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\AVAST Software
2014-02-17 00:20 - 2014-02-19 10:05 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-17 00:20 - 2014-02-17 00:20 - 00002004 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-17 00:20 - 2014-02-17 00:19 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 00:20 - 2014-02-17 00:19 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 00:20 - 2014-02-17 00:19 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-17 00:19 - 2014-02-17 00:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 00:19 - 2014-02-17 00:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-17 00:16 - 2014-02-17 00:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-15 23:25 - 2014-02-15 23:25 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-02-15 23:25 - 2014-02-15 23:25 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Leadertech
2014-02-12 10:08 - 2014-02-16 06:01 - 25457346 _____ () C:\Users\Cathy\AppData\Local\census.cache
2014-02-12 09:50 - 2014-02-16 03:16 - 00000000 _____ () C:\Users\Cathy\AppData\Local\ars.cache
2014-02-11 23:41 - 2014-02-15 13:37 - 00000010 _____ () C:\Users\Cathy\AppData\Local\sponge.last.runtime.cache
2014-02-11 23:36 - 2014-02-11 23:36 - 00000036 _____ () C:\Users\Cathy\AppData\Local\housecall.guid.cache
2014-02-11 23:36 - 2013-09-02 01:58 - 00175528 _____ (Trend Micro Inc.) C:\Windows\system32\Drivers\tmcomm.sys
2014-02-11 16:13 - 2014-02-01 03:20 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-11 16:13 - 2014-02-01 03:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-11 16:13 - 2014-02-01 03:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-11 16:13 - 2014-02-01 03:19 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-11 16:13 - 2014-02-01 03:19 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-11 16:13 - 2014-02-01 03:18 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-11 16:13 - 2014-02-01 01:58 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-11 16:13 - 2014-02-01 01:58 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-11 16:13 - 2014-02-01 01:58 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-11 16:13 - 2014-02-01 01:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-11 16:13 - 2014-02-01 01:40 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-11 16:13 - 2014-02-01 01:34 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-11 16:13 - 2014-01-31 23:08 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-02-11 16:12 - 2014-02-01 03:18 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-11 16:12 - 2014-02-01 03:18 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-11 16:12 - 2014-02-01 01:57 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-11 16:12 - 2014-02-01 01:57 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-11 16:12 - 2014-02-01 01:57 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-11 16:12 - 2014-02-01 01:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-11 16:11 - 2013-12-04 17:43 - 01845248 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-11 16:11 - 2013-12-04 17:37 - 01419264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-11 16:11 - 2013-10-31 23:53 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-02-11 16:10 - 2014-01-12 17:30 - 02238976 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-11 16:10 - 2014-01-12 17:30 - 02032640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-11 16:10 - 2013-12-08 18:45 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-11 16:10 - 2013-12-08 17:59 - 00600064 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-11 16:10 - 2013-12-04 17:43 - 00583680 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-11 16:10 - 2013-12-04 17:37 - 00451072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-11 16:10 - 2013-11-26 18:19 - 00385614 _____ () C:\Windows\system32\ApnDatabase.xml
2014-02-11 16:10 - 2013-11-25 17:17 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-02-11 16:10 - 2013-11-19 18:15 - 03842560 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-11 16:10 - 2013-11-19 17:57 - 03288576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-11 15:55 - 2014-02-11 15:55 - 00000089 _____ () C:\Users\Cathy\Desktop\IE tab that won't restore.txt
2014-02-11 15:40 - 2014-02-15 11:23 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-11 15:40 - 2014-02-11 15:40 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-11 15:40 - 2014-02-11 15:40 - 00000860 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 01:38 - 2014-02-11 01:38 - 00000040 _____ () C:\Users\Cathy\Documents\Don Davids Address.txt
2014-02-11 01:07 - 2014-02-11 01:07 - 00003086 _____ () C:\Windows\System32\Tasks\{54C8A83C-43D6-405A-A37F-F012340AFC6F}
2014-02-11 01:05 - 2014-02-11 01:05 - 00000000 ____D () C:\Windows\system32\log
2014-02-11 00:03 - 2014-02-11 00:03 - 00000000 ____D () C:\Program Files (x86)\Bin
2014-02-08 02:36 - 2014-02-08 02:37 - 00000122 _____ () C:\Users\Cathy\Desktop\2.txt
2014-02-08 02:36 - 2014-02-08 02:36 - 00000026 _____ () C:\Users\Cathy\Desktop\1.txt
2014-02-08 02:35 - 2014-02-08 02:35 - 00001098 _____ () C:\Users\Cathy\Documents\Payrates.txt
2014-02-07 23:33 - 2014-02-07 23:33 - 00037468 _____ () C:\Users\Cathy\Downloads\Happy Sans.ttf
2014-02-07 23:13 - 2014-02-07 23:13 - 00000029 _____ () C:\Users\Cathy\Documents\Zip code.txt
2014-02-01 00:52 - 2014-02-04 01:41 - 00000000 ____D () C:\Users\Cathy\Documents\Samsung Refrigerator RF266ABPN XAA

==================== One Month Modified Files and Folders =======

2014-02-27 18:28 - 2014-02-27 18:28 - 00017720 _____ () C:\Users\Cathy\Desktop\FRST.txt
2014-02-27 18:28 - 2014-02-27 18:28 - 00000000 ____D () C:\FRST
2014-02-27 18:27 - 2014-02-27 17:48 - 00000161 _____ () C:\Users\Cathy\Desktop\Windows Smart Screen.txt
2014-02-27 18:23 - 2014-02-27 18:23 - 02155520 _____ (Farbar) C:\Users\Cathy\Desktop\FRST64.exe
2014-02-27 18:13 - 2014-02-27 18:13 - 00001022 _____ () C:\Users\Cathy\Desktop\JRT.txt
2014-02-27 18:08 - 2014-02-27 18:08 - 00000000 ____D () C:\Windows\ERUNT
2014-02-27 18:01 - 2014-02-27 18:01 - 01037734 _____ (Thisisu) C:\Users\Cathy\Desktop\JRT.exe
2014-02-27 18:00 - 2014-02-27 18:00 - 00001557 _____ () C:\Users\Cathy\Desktop\AdwCleaner[S5].txt
2014-02-27 18:00 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\sru
2014-02-27 17:58 - 2013-01-05 17:36 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Skype
2014-02-27 17:56 - 2012-07-26 01:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-27 17:55 - 2014-02-20 01:50 - 00000000 ____D () C:\AdwCleaner
2014-02-27 17:45 - 2014-02-27 17:45 - 01244192 _____ () C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-02-27 17:39 - 2014-02-27 17:39 - 735782940 _____ () C:\Windows\MEMORY.DMP
2014-02-27 17:39 - 2014-02-27 17:39 - 00298704 _____ () C:\Windows\Minidump\022714-22812-01.dmp
2014-02-27 17:39 - 2014-02-27 01:49 - 00003624 _____ () C:\Windows\PFRO.log
2014-02-27 17:39 - 2013-10-13 15:55 - 00000354 _____ () C:\Windows\Tasks\HPCeeScheduleForCathy.job
2014-02-27 17:39 - 2013-05-07 22:47 - 00000000 ____D () C:\Windows\Minidump
2014-02-27 17:32 - 2014-02-27 01:47 - 00000211 _____ () C:\Users\Cathy\Desktop\Posting Info.txt
2014-02-27 17:12 - 2013-10-13 15:55 - 00003168 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCathy
2014-02-27 17:12 - 2012-11-30 05:53 - 00000000 ____D () C:\Users\Cathy
2014-02-27 03:33 - 2012-11-30 05:56 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{66F890BB-D280-4861-90DC-D9EC068C20FC}
2014-02-27 03:06 - 2014-02-27 00:34 - 00059219 _____ () C:\Windows\WindowsUpdate.log
2014-02-27 02:24 - 2014-02-27 02:24 - 00452946 _____ () C:\Users\Cathy\Desktop\ark.txt
2014-02-27 02:17 - 2014-02-27 02:17 - 00380416 _____ () C:\Users\Cathy\Desktop\b0xrsxq1.exe
2014-02-27 02:11 - 2012-11-30 06:03 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4122548210-2413772287-1355096437-1001
2014-02-27 02:07 - 2014-02-27 02:07 - 00008208 _____ () C:\Users\Cathy\Desktop\attach.txt
2014-02-27 02:06 - 2014-02-27 02:07 - 00022440 _____ () C:\Users\Cathy\Desktop\dds.txt
2014-02-27 02:05 - 2014-02-27 02:05 - 00688992 ____R (Swearware) C:\Users\Cathy\Desktop\dds.scr
2014-02-27 02:03 - 2014-02-27 02:03 - 00013736 _____ () C:\Users\Cathy\Desktop\hijackthis.log
2014-02-27 02:03 - 2013-01-25 20:30 - 00168448 ___SH () C:\Users\Cathy\Desktop\Thumbs.db
2014-02-27 01:58 - 2014-02-27 01:58 - 00388608 _____ (Trend Micro Inc.) C:\Users\Cathy\Desktop\HijackThis.exe
2014-02-27 01:49 - 2012-12-09 11:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-27 00:49 - 2012-11-30 08:04 - 00000000 ____D () C:\Users\Cathy\Downloads\Setups and Installations
2014-02-27 00:34 - 2014-02-27 00:34 - 00001883 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-02-27 00:34 - 2014-02-27 00:34 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-02-26 22:38 - 2012-11-30 01:41 - 00000000 ____D () C:\Users\Cathy\AppData\Local\Mozilla
2014-02-26 22:38 - 2012-11-30 01:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-26 22:20 - 2012-12-31 00:10 - 00000000 ____D () C:\Users\Cathy\AppData\Local\CrashDumps
2014-02-25 22:17 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-02-25 01:15 - 2012-07-25 23:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-02-25 01:06 - 2014-02-25 01:06 - 00039405 _____ () C:\Users\Cathy\Documents\prefs-dot-js file from FF that I was thinking might be infected.txt
2014-02-24 03:08 - 2012-07-26 01:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 03:05 - 2013-02-05 22:09 - 00000000 ____D () C:\Users\Cathy\Documents\Receipts
2014-02-23 23:36 - 2014-02-23 23:36 - 00000521 _____ () C:\Users\Cathy\Documents\Empowerment.txt
2014-02-23 17:12 - 2012-12-24 02:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-02-23 17:12 - 2012-12-16 17:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-02-22 23:03 - 2014-01-07 01:00 - 00000000 ____D () C:\Users\Cathy\Documents\Operating Systems Security ITSY 2400 53400
2014-02-22 01:36 - 2014-02-22 01:36 - 00001223 _____ () C:\Users\Cathy\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk
2014-02-22 01:36 - 2014-02-22 01:36 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-02-21 00:01 - 2014-02-21 00:01 - 00000124 _____ () C:\Users\Cathy\Desktop\Hosts Anti-PUP-Adware.txt
2014-02-19 12:14 - 2013-01-05 17:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-02-19 12:14 - 2013-01-05 17:36 - 00000000 ____D () C:\ProgramData\Skype
2014-02-19 10:05 - 2014-02-17 00:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-19 04:06 - 2014-02-19 04:06 - 00000329 _____ () C:\Users\Cathy\Desktop\AT&T service.txt
2014-02-19 03:00 - 2014-02-19 02:21 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-19 03:00 - 2014-02-19 02:18 - 00000000 ____D () C:\Users\Cathy\Desktop\mbar
2014-02-19 02:18 - 2014-02-19 02:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-19 02:13 - 2014-02-19 02:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-02-19 02:13 - 2014-02-19 02:13 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-02-19 02:12 - 2014-02-19 02:12 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-19 01:24 - 2012-11-30 05:54 - 00000000 ____D () C:\Users\Cathy\AppData\Local\VirtualStore
2014-02-17 16:03 - 2013-11-27 23:49 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 16:03 - 2013-11-27 23:49 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 00:21 - 2014-02-17 00:21 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\AVAST Software
2014-02-17 00:20 - 2014-02-17 00:20 - 00002004 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-17 00:19 - 2014-02-17 00:20 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-17 00:19 - 2014-02-17 00:20 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-17 00:19 - 2014-02-17 00:20 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-17 00:19 - 2014-02-17 00:19 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-17 00:19 - 2014-02-17 00:19 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-17 00:16 - 2014-02-17 00:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-16 06:01 - 2014-02-12 10:08 - 25457346 _____ () C:\Users\Cathy\AppData\Local\census.cache
2014-02-16 03:16 - 2014-02-12 09:50 - 00000000 _____ () C:\Users\Cathy\AppData\Local\ars.cache
2014-02-15 23:25 - 2014-02-15 23:25 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-02-15 23:25 - 2014-02-15 23:25 - 00000000 ____D () C:\Users\Cathy\AppData\Roaming\Leadertech
2014-02-15 13:37 - 2014-02-11 23:41 - 00000010 _____ () C:\Users\Cathy\AppData\Local\sponge.last.runtime.cache
2014-02-15 11:24 - 2012-07-26 02:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-15 11:23 - 2014-02-11 15:40 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-15 11:21 - 2012-11-30 05:57 - 00000000 ___RD () C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-15 11:20 - 2013-08-16 02:29 - 00000000 ____D () C:\Users\Cathy\Documents\Youcam
2014-02-15 11:20 - 2013-04-08 21:37 - 00000000 ____D () C:\Users\Cathy\Documents\Router Settings Backup
2014-02-15 11:20 - 2013-01-23 00:40 - 00000000 ____D () C:\Users\Cathy\Documents\Fundamentals of Information Security ITSY 1400
2014-02-15 11:20 - 2012-07-26 02:12 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-15 11:19 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\SysWOW64\MSDRM
2014-02-15 11:19 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\system32\MSDRM
2014-02-15 11:19 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\rescache
2014-02-15 11:19 - 2012-07-25 23:38 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-02-15 11:18 - 2012-07-26 02:12 - 00000000 ____D () C:\Windows\registration
2014-02-11 23:36 - 2014-02-11 23:36 - 00000036 _____ () C:\Users\Cathy\AppData\Local\housecall.guid.cache
2014-02-11 16:23 - 2012-12-05 04:04 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-11 16:17 - 2012-07-25 23:26 - 00000167 _____ () C:\Windows\win.ini
2014-02-11 16:16 - 2013-07-16 14:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-11 15:55 - 2014-02-11 15:55 - 00000089 _____ () C:\Users\Cathy\Desktop\IE tab that won't restore.txt
2014-02-11 15:43 - 2012-08-03 17:21 - 00000000 ____D () C:\Windows\Panther
2014-02-11 15:40 - 2014-02-11 15:40 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-02-11 15:40 - 2014-02-11 15:40 - 00000860 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-02-11 01:39 - 2013-01-08 17:17 - 00000000 ____D () C:\Users\Cathy\Documents\GOT stuff
2014-02-11 01:38 - 2014-02-11 01:38 - 00000040 _____ () C:\Users\Cathy\Documents\Don Davids Address.txt
2014-02-11 01:07 - 2014-02-11 01:07 - 00003086 _____ () C:\Windows\System32\Tasks\{54C8A83C-43D6-405A-A37F-F012340AFC6F}
2014-02-11 01:05 - 2014-02-11 01:05 - 00000000 ____D () C:\Windows\system32\log
2014-02-11 00:03 - 2014-02-11 00:03 - 00000000 ____D () C:\Program Files (x86)\Bin
2014-02-08 02:37 - 2014-02-08 02:36 - 00000122 _____ () C:\Users\Cathy\Desktop\2.txt
2014-02-08 02:36 - 2014-02-08 02:36 - 00000026 _____ () C:\Users\Cathy\Desktop\1.txt
2014-02-08 02:35 - 2014-02-08 02:35 - 00001098 _____ () C:\Users\Cathy\Documents\Payrates.txt
2014-02-07 23:33 - 2014-02-07 23:33 - 00037468 _____ () C:\Users\Cathy\Downloads\Happy Sans.ttf
2014-02-07 23:17 - 2013-05-13 12:44 - 00000000 ____D () C:\Users\Cathy\Documents\House
2014-02-07 23:13 - 2014-02-07 23:13 - 00000029 _____ () C:\Users\Cathy\Documents\Zip code.txt
2014-02-07 22:10 - 2014-01-17 22:32 - 00000000 ____D () C:\Users\Cathy\Documents\Messages
2014-02-06 16:38 - 2013-05-13 10:53 - 00536064 ___SH () C:\Users\Cathy\Documents\Thumbs.db
2014-02-04 19:09 - 2012-12-27 16:06 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-04 01:41 - 2014-02-01 00:52 - 00000000 ____D () C:\Users\Cathy\Documents\Samsung Refrigerator RF266ABPN XAA
2014-02-03 01:43 - 2013-05-13 18:38 - 00000000 ____D () C:\Users\Cathy\Documents\Realtors
2014-02-01 03:20 - 2014-02-11 16:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-01 03:19 - 2014-02-11 16:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-01 03:19 - 2014-02-11 16:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-01 03:19 - 2014-02-11 16:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-01 03:19 - 2014-02-11 16:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 19274240 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 15403520 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-01 03:18 - 2014-02-11 16:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-01 03:18 - 2014-02-11 16:12 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-01 03:18 - 2014-02-11 16:12 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-01 01:58 - 2014-02-11 16:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-01 01:58 - 2014-02-11 16:13 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-01 01:58 - 2014-02-11 16:13 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-01 01:57 - 2014-02-11 16:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-01 01:57 - 2014-02-11 16:12 - 14359040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-01 01:57 - 2014-02-11 16:12 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-01 01:57 - 2014-02-11 16:12 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-01 01:57 - 2014-02-11 16:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-01 01:40 - 2014-02-11 16:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-01 01:34 - 2014-02-11 16:13 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-01-31 23:59 - 2012-12-05 03:30 - 00000000 ____D () C:\Users\Cathy\AppData\Local\Adobe
2014-01-31 23:42 - 2014-01-07 00:05 - 00614696 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-31 23:08 - 2014-02-11 16:13 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-01-28 02:30 - 2013-06-12 00:24 - 00000000 ____D () C:\Users\Cathy\Documents\DTFR Backups from 2013

Some content of TEMP:
====================
C:\Users\Cathy\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-26 21:50

==================== End Of Log ============================


----------



## Squeedlejinks (Feb 27, 2014)

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-02-2014 02
Ran by Cathy at 2014-02-27 18:28:55
Running from C:\Users\Cathy\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AIM 7 (HKLM-x32\...\AIM_7) (Version: - )
Amaya (HKLM-x32\...\Amaya) (Version: 11.4.4 - )
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.86 - AuthenTec, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bullzip PDF Printer 9.3.0.1516 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.3.0.1516 - Bullzip)
Canon MP210 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CrypTool 1.4.30 (HKLM-x32\...\CrypTool) (Version: 1.4.30 - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.1.1916 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1916 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version: - Microsoft)
Ekahau HeatMapper (HKLM\...\Heatmapper-1.1.4.39795) (Version: 1.1.4.39795 - Ekahau Inc.)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Backup (HKLM-x32\...\{6BA5F6E7-6CC1-4117-816D-A549A06CE44E}) (Version: 8.7.0.0 - Autonomy)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.244 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{B8019B54-F9BE-490A-9619-6D06F18F129F}) (Version: 7.0.32.44 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.5.1 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
iExplorer 3.2.0.2 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Instant Eyedropper 1.75 (HKLM-x32\...\Instant Eyedropper_is1) (Version: - )
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NETGEAR USB Control Center (HKLM-x32\...\{4528B812-FF2C-4E3A-A9EA-1ECB483BF03A}) (Version: 1.32 - NETGEAR)
NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version: - )
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.27025 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SeaMonkey 2.21 (x86 en-US) (HKLM-x32\...\SeaMonkey 2.21 (x86 en-US)) (Version: 2.21 - Mozilla)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - )
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

11-02-2014 22:13:26 Windows Update
15-02-2014 17:00:51 Restore Operation
17-02-2014 06:19:07 avast! antivirus system restore point
25-02-2014 09:04:21 Scheduled Checkpoint
27-02-2014 06:33:48 Installed QuickTime 7

==================== Hosts content: ==========================

2012-07-25 23:26 - 2014-02-22 01:38 - 00040114 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.egdating.net # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups

There are 641 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {31C2EF19-1C69-497E-A50F-ADCFA89E3A3A} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {35B05557-F421-48F1-9663-CEA8CEA94379} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {5ED0D22D-A9B4-4852-A748-30F6CA9CC9C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {6F21E28C-E068-430C-912B-784778ECED13} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-17] (AVAST Software)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AD1909F5-C24C-4F11-8C7E-D6D85B1BE445} - System32\Tasks\Core Temp Autostart Cathy => C:\Program Files\Core Temp\Core Temp.exe [2012-10-14] ()
Task: {AFF701E2-D41F-4019-AAE2-43E506BA9B98} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B18A35E3-9610-4238-B235-05F4397C598A} - System32\Tasks\Leader Technologies\PowerRegister\Seagate NA47RM8Y Product Registration (Cathy) => C:\Users\Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe [2009-01-16] (Leader Technologies/Seagate)
Task: {B9CDD599-93F6-4801-BDCF-164B010205CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-07-28] (Synaptics Incorporated)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CF5063F6-4755-4855-B8A2-8A8A16BEB701} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {D4F1CBC4-076C-4D87-90CA-E281F0975D4A} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {E3AB7784-2C5B-4C75-87C9-0842ADECEA6A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E6A02425-4E1D-4786-9B97-7653AB4E1B6F} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E9739563-7BA9-47CC-8E57-BDA861D9D3C3} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {FB345542-FBB5-4B1D-A86D-215D7ED32871} - System32\Tasks\HPCeeScheduleForCathy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: C:\Windows\Tasks\HPCeeScheduleForCathy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-01-15 00:39 - 2008-07-19 16:26 - 00087040 _____ () C:\Windows\System32\custmon64.dll
2012-12-04 01:56 - 2012-10-14 21:21 - 00854480 _____ () C:\Program Files\Core Temp\Core Temp.exe
2012-09-06 03:47 - 2012-09-06 03:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
2012-08-10 03:36 - 2012-08-10 03:36 - 04073320 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
2012-07-28 09:31 - 2012-07-28 09:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-02-22 01:36 - 2014-02-22 01:36 - 00302961 _____ () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
2012-08-10 03:36 - 2012-08-10 03:36 - 00255336 _____ () C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
2014-02-27 17:41 - 2014-02-27 14:19 - 02186240 _____ () C:\Program Files\AVAST Software\Avast\defs\14022701\algo.dll
2012-08-10 03:36 - 2012-08-10 03:36 - 00018792 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
2014-02-19 02:12 - 2010-08-24 19:06 - 00085840 _____ () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll
2012-11-05 16:59 - 2012-06-07 21:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 01242472 _____ () C:\Program Files (x86)\Safari\Apple Application Support\libxml2.dll
2012-04-24 20:18 - 2012-04-24 20:18 - 00087912 _____ () C:\Program Files (x86)\Safari\Apple Application Support\zlib1.dll
2012-11-05 16:41 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-17 00:19 - 2014-02-17 00:19 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:51824F07
AlternateDataStreams: C:\ProgramData\Temp:56E2E879

==================== Safe Mode (whitelisted) ===================

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 22%
Total physical RAM: 8074.77 MB
Available physical RAM: 6270.51 MB
Total Pagefile: 16266.77 MB
Available Pagefile: 14415.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:671.53 GB) (Free:570.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:26.33 GB) (Free:3.11 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 04463ED8)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I believe that's all the logs you requested. Please let me know if I missed anything or anything else I can do. I greatly appreciate your help with this!

Cathy


----------



## kevinf80 (Mar 21, 2006)

Can you navigate to the minidump folder and zip up and attach the most recent dump file, is here:

*C:\Windows\Minidump\022714-22812-01.dmp*


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I've attached the file. Thank you very much for your help.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Nothing conclusive.....

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.


 Turn off the real time scanner of any existing antivirus program while performing the online scan
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish

*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found

*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish

*close program*

*copy and paste the report in next reply*


----------



## Squeedlejinks (Feb 27, 2014)

Ok, one more set of results.

C:\Users\Cathy\Downloads\Setups and Installations\AIM\AIM_Install.exe Win32/OpenCandy potentially unsafe application
C:\Users\Cathy\Downloads\Setups and Installations\CCleaner\ccsetup410.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Cathy\Downloads\Setups and Installations\Core Temp\coretemp_1236.exe a variant of Win32/InstallIQ.A potentially unwanted application

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hiya Cathy,

ESET log shows no obvious malware or infection, only potentially unwanted apps in your d/l folder...

What is the current status of your system, any remaining issues or concerns?

Kevin


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Both Software Version Updater and Search Protect by Conduit are back in my Programs and Features list. They both show install dates of today. All I did today was open my web browser and check this page, the library, and tvguide.com .

This has happened twice before - all my scans come out clean but then after a couple days the malware comes back. Ordinarily I would start running scans again, but maybe I should wait to see if you have a different approach. Mine obviously isn't working.

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Yep we have a hidden entry that the scans we have used do not show, run the following:

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word Zip

Double click zip file and extract to your Desktop:










you will now have 3 versions of the tool on the Desktop:










Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:










Copy and paste the following script from the code box and paste into the field.


```
standardsearch;
autoruns;
autoclean;
emptyclsid;
emptyalltemp;
installedprogs;
```
Select the "Run Script" tab. The following window will open:










Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do










Post the produced log in your next reply, also tell me which browser you use the most.

Thanks,

Kevin


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I am attaching the log. It looks as though I missed turning off RUBotted, Hosts Anti PUPs, Kaspersky Rootkit Killer, and Avast!? I thought I had gotten them off. Let me know if I need to try the scan again.

Usually I use Firefox for most of my tabs, but I use Safari for one Yahoo! page and sometimes use IE to open things that don't display right in Firefox. I have been using IE since I had this problem with malware because when I open Firefox I am asked for the master password to my password vault and I don't want to enter it when I know there is malware on the computer.

Thank you,

Cathy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Cathy on Sun 03/02/2014 at 12:38:33.63.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cathy\Desktop\zoek.scr [Scan all users] [Script inserted] 
==== System Restore Info ======================
3/2/2014 12:40:00 PM Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================
4 Elements II 
Adobe Flash Player 12 Plugin 
Adobe Reader XI (11.0.06) 
Adobe Shockwave Player 11.6 
AIM 7 
Amaya 
Apple Application Support 
Apple Software Update 
AuthenTec TrueAPI 64-bit 
avast Free Antivirus 
Bejeweled 3 
Bonjour 
Build-a-lot 4 - Power Source 
Bullzip PDF Printer 9.3.0.1516 
Canon MP210 series 
CCleaner 
Chuzzle Deluxe 
Classic Shell 
Core Temp 1.0 RC4 
Cradle Of Egypt Collector's Edition 
Cradle of Rome 2 
CrypTool 1.4.30 
CyberLink LabelPrint 
CyberLink Media Suite 10 
CyberLink PhotoDirector 
CyberLink Power2Go 8 
CyberLink PowerDirector 10 
CyberLink PowerDVD 
CyberLink YouCam 
D3DX10 
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition 
Ekahau HeatMapper 
Energy Star 
Farm Frenzy 
FATE: The Cursed King 
Final Drive Fury 
FlatOut 2 
Governor of Poker 2 Premium Edition 
Hewlett-Packard ACLM.NET v1.2.0.0 
Hoyle Card Games 
HP 3D DriveGuard 
HP Connected Backup 
HP Connected Music (Meridian - installer) 
HP CoolSense 
HP Customer Experience Enhancements 
HP Documentation 
HP Games 
HP MyRoom 
HP Officejet Pro 8600 Basic Device Software 
HP Officejet Pro 8600 Help 
HP Postscript Converter 
HP Quick Launch 
HP Recovery Manager 
HP Registration Service 
HP SimplePass 
HP Software Framework 
HP Support Assistant 
HP Update 
HP Utility Center 
HP Wireless Button Driver 
I.R.I.S. OCR 
IDT Audio 
iExplorer 3.2.0.2 
Instant Eyedropper 1.75 
Intel(R) Control Center 
Intel(R) Management Engine Components 
Intel(R) Processor Graphics 
Intel(R) SDK for OpenCL - CPU Only Runtime Package 
Intelr Trusted Connect Service Client 
Jewel Match 3 
John Deere Drive Green 
Luxor Evolved 
Mahjongg Dimensions Deluxe: Tiles in Time 
Malwarebytes Anti-Malware version 1.75.0.1300 
Microsoft Application Error Reporting 
Microsoft Office 
Microsoft Office Access MUI (English) 2010 
Microsoft Office Access Setup Metadata MUI (English) 2010 
Microsoft Office Excel MUI (English) 2010 
Microsoft Office Home and Student 2010 
Microsoft Office Office 64-bit Components 2010 
Microsoft Office OneNote MUI (English) 2010 
Microsoft Office Outlook MUI (English) 2010 
Microsoft Office PowerPoint MUI (English) 2010 
Microsoft Office Proof (English) 2010 
Microsoft Office Proof (French) 2010 
Microsoft Office Proof (Spanish) 2010 
Microsoft Office Proofing (English) 2010 
Microsoft Office Publisher MUI (English) 2010 
Microsoft Office Shared 64-bit MUI (English) 2010 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 
Microsoft Office Shared MUI (English) 2010 
Microsoft Office Shared Setup Metadata MUI (English) 2010 
Microsoft Office Single Image 2010 
Microsoft Office Word MUI (English) 2010 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 
More Games from WildTangent Games 
Mortimer Beckett and the Crimson Thief Premium Edition 
Mozilla Firefox 27.0.1 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
Mystery P.I. - Curious Case of Counterfeit Cove 
NETGEAR USB Control Center 
NirSoft Wireless Network Watcher 
Peggle Nights 
Penguins 
Polar Bowler 
Polar Golfer 
QuickTime 7 
Ralink RT5390R 802.11bgn Wi-Fi Adapter 
Realtek Ethernet Controller Driver 
Realtek PCIE Card Reader 
Roads of Rome 3 
Safari 
SeaMonkey 2.21 (x86 en-US) 
Search Protect 
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition 
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition 
SkypeT 6.11 
Software Version Updater 
swMSM 
Synaptics Pointing Device Driver 
Tales of Lagoona 
Trend Micro RUBotted 2.0 Beta 
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition 
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition 
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition 
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition 
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition 
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition 
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition 
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition 
Update Installer for WildTangent Games App 
Vacation QuestT - Australia 
Validity WBF DDK 
WinDirStat 1.1.2 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
WinPcap 4.1.3 
Zuma's Revenge 
==== Running Processes ======================
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Windows\TEMP\tmp393A.exe
C:\Windows\TEMP\is-KIAS8.tmp\tmp393A.tmp
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Solitaire.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\SearchProtect deleted
C:\Program Files\Common Files\SpeedBit deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\iSafe deleted
C:\PROGRA~3\SpeedBit deleted
C:\Users\Cathy\AppData\Local\SearchProtect deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\SwvUpdater deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Conduit deleted
C:\Windows\tasks\AmiUpdXp.job deleted
C:\windows\SysNative\tasks\AmiUpdXp deleted
C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\extensions\staged deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not deleted
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8075 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2494.5 MHz
Sound Card: Speakers and Headphones (IDT Hi | 
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp DVD RAM UJ8C2
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 671.5GB | D: 26.3GB
Hard Disks - Free: C: 574.5GB | D: 3.1GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1
Time Zone: Central Standard Time
Motherboard *: Hewlett-Packard 18A4
Country: United States 
Language: ENU 
==== System Specs (Software) ======================
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 10.0.9200.16798 
Mozilla Firefox version: 27.0.1 (x86 en-US)
Adobe Reader version: 11.0.06.70
Flash Player version: 12.0.0.70
Shockwave Player version: 11.6.5r635
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-02-27 23:39:33 769D109A5B8B3EB3EA09212B9CC0C941 735782940 ----a-w- C:\Windows\MEMORY.DMP
2014-02-17 06:19:54 0245D0889C3443F5DC9194558583FE59 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Cathy\AppData\Local\Temp ====
2014-02-28 00:07:54 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-02-17 06:20:02 28192A2A37F52EB97EBE14DEE0F2513B 334136 ----a-w- C:\Windows\Sysnative\aswBoot.exe
====== C:\Windows\Sysnative\drivers =====
2014-02-19 08:18:57 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-02-17 06:20:03 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-02-17 06:20:03 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-02-17 06:20:02 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-02-17 06:20:02 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-02-17 06:20:02 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-02-17 06:20:02 43599E630DFC30AD4E6A2B4B269EB1C0 1038072 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-02-17 06:20:02 0ACC3F49015E628590CA4372322EB46B 78648 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-02-12 05:36:47 A7CF9B841956293F20E25E08D53718D6 175528 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2014-02-11 22:11:26 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-02-11 22:10:42 961A45CC15514178E511BBF1384CE0B8 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys
====== C:\Windows\Tasks ======
2014-03-02 18:38:42 E6CB61802128D183262E1348E5B014E1 3112 ----a-w- C:\Windows\Sysnative\Tasks\{32D6EFE7-4564-4853-932B-
A65CF09A74C1}
2014-02-17 06:20:29 F90218862B82BDDFBC9C3CA0129B6260 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-02-11 07:07:19 AAA90B8704D6C79D98A0EA50C8ABA712 3086 ----a-w- C:\Windows\Sysnative\Tasks\{54C8A83C-43D6-405A-A37F-
F012340AFC6F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-03-02 01:45:24 -------- d-----w- C:\PROGRA~2\TempInstaller
2014-02-27 06:34:42 -------- d-----w- C:\PROGRA~2\QuickTime
2014-02-27 06:33:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple
2014-02-22 07:36:45 -------- d-----w- C:\PROGRA~2\Hosts_Anti_Adwares_PUPs
2014-02-19 08:13:46 -------- d-----w- C:\PROGRA~2\WinPcap
2014-02-19 08:12:37 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-02-11 06:03:20 -------- d-----w- C:\PROGRA~2\Bin
======= C: =====
====== C:\Users\Cathy\AppData\Roaming ======
2014-02-16 05:25:04 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Leadertech
2014-02-12 16:08:13 221DF1316CD5602CA2927376F0A76652 25457346 ----a-w- C:\Users\Cathy\AppData\Local\census.cache
2014-02-12 15:50:07 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Cathy\AppData\Local\ars.cache
2014-02-12 05:41:42 8EA2A504207556C0BF3EABE681F1308F 10 ----a-w- C:\Users\Cathy\AppData\Local\sponge.last.runtime.cache
2014-02-12 05:36:29 59FD46929FC05E22617AA95440C5B983 36 ----a-w- C:\Users\Cathy\AppData\Local\housecall.guid.cache
2014-02-11 07:04:41 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla
2014-02-11 07:04:41 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla
====== C:\Users\Cathy ======
2014-02-28 00:23:25 830CF56A6AFCA75C11FA66F80D6ABDC2 2155520 ----a-w- C:\Users\Cathy\Desktop\FRST64.exe
2014-02-28 00:01:05 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Cathy\Desktop\JRT.exe
2014-02-27 23:45:46 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-02-27 08:17:56 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Cathy\Desktop\b0xrsxq1.exe
2014-02-27 06:34:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-02-19 08:15:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-02-19 08:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-02-19 08:13:37 -------- d-----w- C:\ProgramData\Trend Micro
2014-02-17 06:20:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
====== C: exe-files ==
2014-03-02 02:45:29 F508A0CE9AC895B7E69E0BF1022E41AD 71720 ----a-w- C:\Windows\Temp\is-SH2E9.tmp\Bundle.exe
2014-03-02 02:45:29 CFCC707E97608A44B97E0D480A6BC156 471705 ----a-w- C:\Windows\Temp\tmp393A.exe
2014-03-02 01:45:16 E24734F2C4D122B4B0796444F59ECDD4 331264 ----a-w- C:\Windows\Temp\setup__4793.exe
2014-03-02 01:44:08 54A127C33ED258E922A22143A24942A0 6169040 ----a-w- C:\Windows\Temp\nscFDB\SpSetup.exe
2014-03-02 01:43:51 E24734F2C4D122B4B0796444F59ECDD4 331264 ----a-w- C:\Windows\Temp\setup__4615.exe
2014-03-02 01:43:47 CFCC707E97608A44B97E0D480A6BC156 471705 ----a-w- C:\Windows\Temp\tmpBD73.exe
2014-02-28 00:28:11 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary 
Internet Files\Content.IE5\2F3DU5M4\FRST64[1].exe
2014-02-28 00:23:25 830CF56A6AFCA75C11FA66F80D6ABDC2 2155520 ----a-w- C:\Users\Cathy\Desktop\FRST64.exe
2014-02-28 00:07:54 2E0323A94915FAAB10A25F3BABF82584 157696 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-02-28 00:01:05 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Cathy\Desktop\JRT.exe
2014-02-27 23:45:46 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-02-27 08:50:27 E6C9116F45CE070FAE2C0A4DB28E9A3E 470464 ----a-w- C:\Windows\Temp\tmp5D04.exe
2014-02-27 08:17:56 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Cathy\Desktop\b0xrsxq1.exe
2014-02-27 06:49:48 A94E2F637B9D3755B8FE3BA5ADBD7B8B 509440 ----a-w- C:\Users\Cathy\Downloads\Setups and Installations\System 
Information Utility\SysInfo.exe
2014-02-27 06:30:30 D0C5FF1B39AB6DC43DE2B5E35A2D8E4A 41945432 ----a-w- C:\Users\Cathy\AppData\Local\Microsoft\Windows
\Temporary Internet Files\Content.IE5\W2LOLNDU\QuickTimeInstaller.exe
2014-02-27 06:18:22 178A34E5554DCE485E1262DDF027960C 2237968 ----a-w- C:\Users\Cathy\Downloads\Setups and Installations\Kaspersky 
TDSSKiller Antirootkit Utility\tdsskiller.exe
2014-02-27 05:09:18 E6C9116F45CE070FAE2C0A4DB28E9A3E 470464 ----a-w- C:\Windows\Temp\tmpCC38.exe
2014-02-27 03:24:17 E6C9116F45CE070FAE2C0A4DB28E9A3E 470464 ----a-w- C:\Windows\Temp\tmp35A2.exe
2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Windows\Temp\nsy5EF7.exe
2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Windows\Temp\nsy5D22.exe
2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Windows\Temp\nsgA4FD.exe
2014-02-24 15:29:46 C67BCF6441E378371F0D6EEFB7EF0861 167812 ----a-w- C:\Windows\Temp\nsbA3A5.exe
=== C: other files ==
2014-03-01 05:28:44 9EF111158E179A80580FB8B10BD3AA8C 59675 ----a-w- C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary 
Internet Files\Content.IE5\2F3DU5M4\billy[1].zip
2014-02-28 03:08:09 CF5607139DFF6238B07D7BD5DC66EB49 29492 ----a-w- C:\Windows\Minidump\022714-22812-01.zip
2014-02-28 00:07:54 F7A2BEBE778DC26187C675948B2CEBAB 16063 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\get.bat
2014-02-28 00:07:54 CC6C23C02BE66014AD87F2678BBB3A1D 8117 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\modules.bat
2014-02-28 00:07:54 C9494C05F5248940AEE0D0A8C4EA89D9 152746 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\firefox.bat
2014-02-28 00:07:54 C4A5476A9D54B400F1623A2EE7DDA5C5 13955 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\chrome.bat
2014-02-28 00:07:54 B964B792D3692699CD7D4FDB63EE470E 1239 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\FWPolicy.bat
2014-02-28 00:07:54 B45931E5313CB14CAA0F2BC3DA30E6FC 29648 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\ask.bat
2014-02-28 00:07:54 B13567DECD03F424239DE6D1ED408C08 10261 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\JRT.bat
2014-02-28 00:07:54 80D02380F1AC33E459324B088392A1EC 732 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\ev_clear.bat
2014-02-28 00:07:54 75C9C20DD9839BF287B43B0E179822DC 31414 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\iexplore.bat
2014-02-28 00:07:54 7178963AEE641F3E47E1CE22416F8A3A 9295 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\runvalues.bat
2014-02-28 00:07:54 654E9FE74B930A454EE5BDE165794B65 85 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\delorphans.bat
2014-02-28 00:07:54 58605DA3492FB918D3D40B1FB88046AE 39471 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\prelim.bat
2014-02-28 00:07:54 3ECC13A08D5F7771A8C8ED15C2B2B6D5 154576 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\misc.bat
2014-02-28 00:07:54 372EA6F783198102CF5779072EE78C79 24751 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\searchlnk.bat
2014-02-28 00:07:54 1FBF882AA934A741530741FC134872A3 1243 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\TDL4.bat
2014-02-28 00:07:54 14D6EE8B672684E2232FB430D8C4A928 18668 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\medfos.bat
2014-02-28 00:07:54 0768E560CCD86C18F35FAD29DCEA7B80 1820 ----a-w- C:\Users\Cathy\AppData\Local\Temp\jrt\delfolders.bat
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-4122548210-2413772287-1355096437-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3AGEKGG005KD:NW -scfn HP Officejet 
Pro 8600 (NET) -AutoStart 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NETGEAR USB Control Center"="C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"UpdateTool"="C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe"
"Trend Micro RUBotted V2.0 Beta"="C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
"HOSTS Anti-Adware_PUPs"="C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3AGEKGG005KD:NW -scfn HP Officejet 
Pro 8600 (NET) -AutoStart 1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"
==== Startup Folders ======================
2013-12-31 05:42:10 1930 ----a-w- C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP 
Officejet Pro 8600 (Network).lnk
2014-03-02 06:25:33 1340 ----a-w- C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA47RM8Y Product 
Registration.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\HPCeeScheduleForCathy.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\Core Temp Autostart Cathy" ["C:\Program Files\Core Temp\Core Temp.exe"]
"C:\Windows\SysNative\tasks\HPCeeScheduleForCathy" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{66F890BB-D280-4861-90DC-D9EC068C20FC}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending" [C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework
\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources
\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Leader Technologies\PowerRegister\Seagate NA47RM8Y Product Registration (Cathy)" [C:\Users\Cathy\AppData\Roaming
\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Cathy\AppData\Roaming\KompoZer\Profiles\xix2vf8b.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
- ModPlugin - %ProfilePath%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
- NO Google Analytics - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\xxjyst12.default
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fegekclkdhbnfdcmomlpegkkndgnmfmo - C:\Program Files (x86)\HP SimplePass\tschrome.crx[07/12/2012 07:35 AM]
palpbfjgianahgbbeodmcohjdmaelbeo - C:\Program Files\Common Files\SpeedBit\SBUpdate\SpeedbitNewTab.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{34FA5360-6333-4EC6-95CD-F6E509A5E894}"
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{34FA5360-6333-4EC6-95CD-F6E509A5E894} Startpage HTTPS Url="https://startpage.com/do/metasearch.pl?query={searchTerms}
&cat=web&pl=ie&language=english"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe=
{outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4122548210-2413772287-1355096437-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} 
deleted successfully
==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\palpbfjgianahgbbeodmcohjdmaelbeo deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources
\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NETGEAR USB Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [UpdateTool] C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID 
"CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Startup: Seagate NA47RM8Y Product Registration.lnk = Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:
\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-
D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 
2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 
2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-
5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - 
{25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office
\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office
\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office
\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM
\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem29.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 
32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) 
Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel
(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service
\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel
(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateSoftware (UpdateServiceTool) - VIS without Co - C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe 
(file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player
\wmpnetwk.exe (file missing)
==== Sysinternals Autoruns Log ======================
HKLM\System\CurrentControlSet\Services
AdobeARMservice
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Adobe Acrobat Updater keeps your Adobe software up to date.
Adobe Systems Incorporated
1.701.3.3014
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
11/21/2013 10:55 AM
avast! Antivirus
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\avastsvc.exe
1/21/2014 11:13 AM
Bonjour Service
"C:\Program Files\Bonjour\mDNSResponder.exe"
Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsresponder.exe
8/30/2011 11:52 PM
ClassicShellService
"C:\Program Files\Classic Shell\ClassicShellService.exe"
Launches the start button after logon
IvoSoft
3.6.5.0
c:\program files\classic shell\classicshellservice.exe
12/29/2012 11:55 AM
cphs
%SystemRoot%\SysWow64\IntelCpHeciSvc.exe
Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW
Intel Corporation
1.0.1.14
c:\windows\syswow64\intelcphecisvc.exe
12/22/2011 12:45 AM
FPLService
"C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe"
Provides convenient and secure fingerprint authentication and identity management.
HP
6.0.100.244
c:\program files (x86)\hp simplepass\truesuiteservice.exe
8/9/2012 11:28 PM
GamesAppService
"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
WT Games App Services
WildTangent, Inc.
4.0.4918.0
c:\program files (x86)\wildtangent games\app\gamesappservice.exe
10/4/2010 4:15 PM
HOSTS Anti-PUPs
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update
File not found: C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update

HP Support Assistant Service
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
HP Support Assistant Service
Hewlett-Packard Company
7.0.32.38
c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
8/10/2012 11:53 AM
hpqwmiex
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
HP Software Framework WMI Service
Hewlett-Packard Company
4.6.8.1
c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
8/10/2012 2:34 PM
hpsrv
%SystemRoot%\system32\Hpservice.exe
HpService
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\hpservice.exe
9/24/2012 9:32 AM
HPWMISVC
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
HP Quick Launch WMI Service
Hewlett-Packard Development Company, L.P.
3.0.1.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
7/8/2012 10:56 PM
IDriverT
"C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Provides support for the Running Object Table for InstallShield Drivers
Macrovision Corporation
10.50.0.125
c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe
10/22/2004 2:24 AM
Intel(R) Capability Licensing Service Interface
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
Version: 1.24.388.1
Intel(R) Corporation
1.24.388.1
c:\program files\intel\icls client\heciserver.exe
4/20/2012 6:16 AM
jhi_service
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
6/25/2012 11:43 AM
LMS
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
6/25/2012 11:36 AM
MozillaMaintenance
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up 
to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
Mozilla Foundation
27.0.1.5156
c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
2/12/2014 4:23 PM
rpcapd
"%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini"
Allows to capture traffic on this machine from a remote machine.
Riverbed Technology, Inc.
4.1.0.2980
c:\program files (x86)\winpcap\rpcapd.exe
2/28/2013 7:28 PM
RUBotSrv
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
Trend Micro service for RUBotted tool
Trend Micro Inc.
2.0.0.1034
c:\program files (x86)\trend micro\rubotted\rubotsrv.exe
7/25/2013 4:09 AM
SkypeUpdate
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
Enables the detection, download and installation of updates for Skype.
Skype Technologies
6.8.1.61523
c:\program files (x86)\skype\updater\updater.exe
10/23/2013 2:12 AM
STacSV
C:\Program Files\IDT\WDM\STacSV64.exe
Manages audio jack configurations.
IDT, Inc.
1.0.6417.0
c:\program files\idt\wdm\stacsv64.exe
7/21/2012 7:48 AM
TrueService
"C:\Program Files\Common Files\AuthenTec\TrueService.exe"
TrueAPI Server
AuthenTec, Inc.
1.6.0.86
c:\program files\common files\authentec\trueservice.exe
7/16/2012 4:57 AM
UNS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events 
received from the local Intel(R) Management and Security Application Device.
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
6/25/2012 11:38 AM
UpdateServiceTool
"C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe"
Downloader.Service
VIS without Co
1.0.0.0
c:\program files (x86)\bin\updatetool\updatertoolservice.exe
12/1/2013 1:17 PM
valWBFPolicyService
C:\Windows\system32\valWBFPolicyService.exe
Validity WBF Policy Service
c:\windows\system32\valwbfpolicyservice.exe
9/6/2012 2:47 AM
HKLM\System\CurrentControlSet\Services
3ware
System32\drivers\3ware.sys
LSI 3ware SCSI Storport Driver
LSI
5.1.0.47
c:\windows\system32\drivers\3ware.sys
3/8/2012 2:33 PM
Accelerometer
\SystemRoot\system32\DRIVERS\Accelerometer.sys
HP Accelerometer
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\drivers\accelerometer.sys
9/24/2012 9:31 AM
adp94xx
System32\drivers\adp94xx.sys
Adaptec Windows SAS/SATA Storport Driver
Adaptec, Inc.
1.6.6.4
c:\windows\system32\drivers\adp94xx.sys
12/5/2008 5:54 PM
adpahci
System32\drivers\adpahci.sys
Adaptec Windows SATA Storport Driver
Adaptec, Inc.
1.6.6.1
c:\windows\system32\drivers\adpahci.sys
5/1/2007 11:30 AM
adpu320
System32\drivers\adpu320.sys
Adaptec StorPort Ultra320 SCSI Driver (X64)
Adaptec, Inc.
7.2.0.0
c:\windows\system32\drivers\adpu320.sys
2/27/2007 6:04 PM
ALSysIO
\??\C:\Users\Cathy\AppData\Local\Temp\ALSysIO64.sys
File not found: C:\Users\Cathy\AppData\Local\Temp\ALSysIO64.sys

amdkmdag
\SystemRoot\system32\DRIVERS\atikmdag.sys
ATI Radeon Kernel Mode Driver
Advanced Micro Devices, Inc.
8.1.1.1248
c:\windows\system32\drivers\atikmdag.sys
6/18/2012 3:21 PM
amdkmdap
\SystemRoot\system32\DRIVERS\atikmpag.sys
AMD multi-vendor Miniport Driver
Advanced Micro Devices, Inc.
8.14.1.6264
c:\windows\system32\drivers\atikmpag.sys
6/18/2012 2:41 PM
amdsata
System32\drivers\amdsata.sys
AHCI 1.2 Device Driver
Advanced Micro Devices
1.1.4.6
c:\windows\system32\drivers\amdsata.sys
6/11/2012 4:19 PM
amdsbs
System32\drivers\amdsbs.sys
AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
AMD Technologies Inc.
3.7.1540.30
c:\windows\system32\drivers\amdsbs.sys
2/21/2012 12:15 PM
amdxata
System32\drivers\amdxata.sys
Storage Filter Driver
Advanced Micro Devices
1.1.4.6
c:\windows\system32\drivers\amdxata.sys
6/11/2012 4:36 PM
arc
System32\drivers\arc.sys
Adaptec RAID Storport Driver
PMC-Sierra, Inc.
5.2.0.18702
c:\windows\system32\drivers\arc.sys
3/19/2012 11:49 AM
arcsas
System32\drivers\arcsas.sys
Adaptec SAS RAID WS03 Driver
PMC-Sierra, Inc.
5.2.0.18702
c:\windows\system32\drivers\arcsas.sys
3/19/2012 11:51 AM
aswMonFlt
\??\C:\Windows\system32\drivers\aswMonFlt.sys
avast! mini-filter driver (aswMonFlt)
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswmonflt.sys
1/21/2014 11:11 AM
aswRdr
\??\C:\Windows\system32\drivers\aswRdr2.sys
avast! WFP Redirect driver
AVAST Software
9.0.2006.149
c:\windows\system32\drivers\aswrdr2.sys
10/11/2013 5:11 AM
aswRvrt
aswRvrt
9.0.2004.130
c:\windows\system32\drivers\aswrvrt.sys
10/4/2013 1:48 AM
aswSnx
\??\C:\Windows\system32\drivers\aswSnx.sys
avast! virtualization driver (aswSnx)
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswsnx.sys
1/21/2014 11:11 AM
aswSP
\??\C:\Windows\system32\drivers\aswSP.sys
avast! Self Protection
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswsp.sys
1/21/2014 11:17 AM
aswStm
\??\C:\Windows\system32\drivers\aswStm.sys
avast! StreamFilter Callout Driver
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswstm.sys
1/21/2014 11:18 AM
aswVmm
aswVmm
avast! VM Monitor
9.0.2010.245
c:\windows\system32\drivers\aswvmm.sys
12/9/2013 1:04 AM
b06bdrv
System32\drivers\bxvbda.sys
Broadcom NetXtreme II GigE VBD
Broadcom Corporation
7.0.1.36
c:\windows\system32\drivers\bxvbda.sys
7/23/2012 5:30 PM
cbfs3
\SystemRoot\System32\drivers\cbfs3.sys
Callback File System Driver
EldoS Corporation
3.2.107.271
c:\windows\system32\drivers\cbfs3.sys
4/9/2012 7:21 AM
CLVirtualDrive
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
CyberLink CLVirtualDrive Driver
CyberLink
1.0.0.621
c:\windows\system32\drivers\clvirtualdrive.sys
12/26/2011 7:26 AM
ebdrv
System32\drivers\evbda.sys
Broadcom NetXtreme II 10 GigE VBD
Broadcom Corporation
7.0.35.95
c:\windows\system32\drivers\evbda.sys
7/24/2012 6:22 AM
EkaProt6
\SystemRoot\system32\DRIVERS\ekaprot6.sys
@oem24.inf,%EKAHAU_Desc%;Ekahau User Protocol Driver for NDIS 6
Ekahau Inc.
6.1.0.268
c:\windows\system32\drivers\ekaprot6.sys
12/19/2011 8:39 AM
hpdskflt
system32\DRIVERS\hpdskflt.sys
HP Disk Filter - SATA/RAID
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\drivers\hpdskflt.sys
9/24/2012 9:31 AM
HpSAMD
System32\drivers\HpSAMD.sys
Smart Array SAS/SATA Controller Media Driver
Hewlett-Packard Company
7.0.12.0
c:\windows\system32\drivers\hpsamd.sys
5/30/2012 4:24 PM
iaStorA
System32\drivers\iaStorA.sys
Intel Rapid Storage Technology driver - x64
Intel Corporation
11.5.2.1001
c:\windows\system32\drivers\iastora.sys
7/31/2012 12:21 PM
iaStorV
System32\drivers\iaStorV.sys
Intel Matrix Storage Manager driver - x64
Intel Corporation
8.6.2.1019
c:\windows\system32\drivers\iastorv.sys
4/11/2011 12:48 PM
igfx
\SystemRoot\system32\DRIVERS\igdkmd64.sys
Intel Graphics Kernel Mode Driver
Intel Corporation
9.17.10.2817
c:\windows\system32\drivers\igdkmd64.sys
7/20/2012 3:47 PM
iirsp
System32\drivers\iirsp.sys
Intel/ICP Raid Storport Driver
Intel Corp./ICP vortex GmbH
5.4.22.0
c:\windows\system32\drivers\iirsp.sys
12/13/2005 3:47 PM
IntcDAud
\SystemRoot\system32\DRIVERS\IntcDAud.sys
Intel(R) Display Audio Driver
Intel(R) Corporation
6.14.0.3097
c:\windows\system32\drivers\intcdaud.sys
6/19/2012 8:40 AM
LSI_SAS
System32\drivers\lsi_sas.sys
LSI Fusion-MPT SAS Driver (StorPort)
LSI Corporation
1.34.2.6
c:\windows\system32\drivers\lsi_sas.sys
5/11/2012 1:40 PM
LSI_SAS2
System32\drivers\lsi_sas2.sys
LSI SAS Gen2 Driver (StorPort)
LSI Corporation
2.0.55.84
c:\windows\system32\drivers\lsi_sas2.sys
3/12/2012 2:28 PM
LSI_SCSI
System32\drivers\lsi_scsi.sys
LSI Fusion-MPT SCSI Driver (StorPort)
LSI Corporation
1.34.2.5
c:\windows\system32\drivers\lsi_scsi.sys
2/21/2012 5:59 PM
LSI_SSS
System32\drivers\lsi_sss.sys
LSI SSS PCIe/Flash Driver (StorPort)
LSI Corporation
2.10.55.81
c:\windows\system32\drivers\lsi_sss.sys
2/21/2012 6:00 PM
megasas
System32\drivers\megasas.sys
MEGASAS RAID Controller Driver for Windows
LSI Corporation
6.2.8313.0
c:\windows\system32\drivers\megasas.sys
4/3/2012 1:45 PM
MegaSR
System32\drivers\MegaSR.sys
LSI MegaRAID Software RAID Driver
LSI Corporation, Inc.
14.6.1007.2012
c:\windows\system32\drivers\megasr.sys
2/24/2012 12:22 PM
MEIx64
\SystemRoot\System32\drivers\HECIx64.sys
Intel(R) Management Engine Interface
Intel Corporation
9.0.0.1287
c:\windows\system32\drivers\hecix64.sys
12/17/2012 1:32 PM
mvumis
System32\drivers\mvumis.sys
Marvell Flash Controller Driver
Marvell Semiconductor, Inc.
1.0.5.7
c:\windows\system32\drivers\mvumis.sys
3/20/2012 1:43 AM
NetgearUDSMBus
\SystemRoot\system32\drivers\NetgearUDSMBus.sys
Master Bus of USB Software Bus By TCP
Windows (R) Codename Longhorn DDK provider
6.0.6000.16386
c:\windows\system32\drivers\netgearudsmbus.sys
8/13/2012 1:03 AM
NetgearUDSTcpBus
system32\drivers\NetgearUDSTcpBus.sys
Kernel USB Software Bus by TCP
Windows (R) Codename Longhorn DDK provider
6.0.6000.16386
c:\windows\system32\drivers\netgearudstcpbus.sys
8/13/2012 1:05 AM
netr28x
\SystemRoot\system32\DRIVERS\netr28x.sys
Ralink 802.11 Wireless Adapter Driver
Ralink Technology, Corp.
5.0.25.0
c:\windows\system32\drivers\netr28x.sys
4/12/2013 8:22 PM
nfrd960
System32\drivers\nfrd960.sys
IBM ServeRAID Controller Driver
IBM Corporation
7.10.0.0
c:\windows\system32\drivers\nfrd960.sys
6/6/2006 3:11 PM
NPF
system32\drivers\npf.sys
npf.sys (NT5/6 AMD64) Kernel Driver
Riverbed Technology, Inc.
4.1.0.2980
c:\windows\system32\drivers\npf.sys
2/28/2013 7:31 PM
nvraid
System32\drivers\nvraid.sys
NVIDIAr nForce(TM) RAID Driver
NVIDIA Corporation
10.6.0.22
c:\windows\system32\drivers\nvraid.sys
9/12/2011 6:01 PM
nvstor
System32\drivers\nvstor.sys
NVIDIAr nForce(TM) Sata Performance Driver
NVIDIA Corporation
10.6.0.22
c:\windows\system32\drivers\nvstor.sys
9/12/2011 5:53 PM
RSBASTOR
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8
Realtek Semiconductor Corp.
6.2.8400.27025
c:\windows\system32\drivers\rtsbastor.sys
7/30/2012 12:08 AM
RTL8168
\SystemRoot\system32\DRIVERS\Rt630x64.sys
Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver 
Realtek 
8.3.730.2012
c:\windows\system32\drivers\rt630x64.sys
7/30/2012 10:03 AM
secdrv
secdrv
Macrovision SECURITY Driver
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
4.3.86.0
c:\windows\system32\drivers\secdrv.sys
9/13/2006 7:18 AM
SiSRaid2
System32\drivers\SiSRaid2.sys
SiS RAID Stor Miniport Driver
Silicon Integrated Systems Corp.
5.1.1039.2600
c:\windows\system32\drivers\sisraid2.sys
9/24/2008 12:28 PM
SiSRaid4
System32\drivers\sisraid4.sys
SiS AHCI Stor-Miniport Driver
Silicon Integrated Systems
5.1.1039.3600
c:\windows\system32\drivers\sisraid4.sys
10/1/2008 3:56 PM
SmbDrv
\SystemRoot\System32\drivers\Smb_driver_AMDASF.sys
Synaptics SMBus Driver
Synaptics Incorporated
16.2.10.12
c:\windows\system32\drivers\smb_driver_amdasf.sys
8/24/2012 5:21 PM
SmbDrvI
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
Synaptics SMBus Driver
Synaptics Incorporated
16.5.3.3
c:\windows\system32\drivers\smb_driver_intel.sys
4/23/2013 6:36 PM
stexstor
System32\drivers\stexstor.sys
Promise SuperTrak EX Series Driver for Windows x64
Promise Technology, Inc.
5.1.0.9
c:\windows\system32\drivers\stexstor.sys
11/18/2011 6:27 PM
STHDA
\SystemRoot\system32\DRIVERS\stwrt64.sys
IDT PC Audio
IDT, Inc.
6.10.6417.0
c:\windows\system32\drivers\stwrt64.sys
7/21/2012 7:36 AM
SynTP
\SystemRoot\system32\DRIVERS\SynTP.sys
Synaptics Touchpad Driver
Synaptics Incorporated
16.5.3.3
c:\windows\system32\drivers\syntp.sys
4/23/2013 6:34 PM
viaide
System32\drivers\viaide.sys
VIA Generic PCI IDE Bus Driver
VIA Technologies, Inc.
6.0.6000.170
c:\windows\system32\drivers\viaide.sys
7/25/2012 8:29 PM
vsmraid
System32\drivers\vsmraid.sys
VIA RAID DRIVER FOR AMD-X86-64
VIA Technologies Inc.,Ltd
7.0.8140.6290
c:\windows\system32\drivers\vsmraid.sys
1/31/2012 1:55 PM
VSTXRAID
System32\drivers\vstxraid.sys
VIA StorX RAID Controller Driver
VIA Corporation
8.0.8220.8080
c:\windows\system32\drivers\vstxraid.sys
3/26/2012 11:42 AM
WirelessButtonDriver
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
HP Wireless Button Driver
Hewlett-Packard Development Company, L.P.
1.0.2.1
c:\windows\system32\drivers\wirelessbuttondriver64.sys
7/27/2012 2:22 PM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
igfxdev.dll
igfxdev Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxdev.dll
7/20/2012 3:19 PM
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Bullzip PDF Print Monitor
bzpdf.dll
Bullzip PDF Writer
Bullzip
3.0.0.52
c:\windows\system32\bzpdf.dll
12/5/2012 12:13 AM
Canon BJ Language Monitor MP210 series
CNMLM8S.DLL
IJ Language Monitor
CANON INC.
0.3.0.1
c:\windows\system32\cnmlm8s.dll
2/8/2008 1:24 AM
CUSTPDF Writer Monitor x86
custmon64.dll
c:\windows\system32\custmon64.dll
7/19/2008 3:26 PM
Epson Inbox Language Monitor01
EP0SLM01.DLL
Epson Printer Driver
SEIKO EPSON CORPORATION
1.0.0.0
c:\windows\system32\ep0slm01.dll
7/13/2009 7:29 PM
HP 5912 Status Monitor
hpinksts5912LM.dll
Print Status Language Monitor
Hewlett-Packard Co.
28.0.1180.0
c:\windows\system32\hpinksts5912lm.dll
6/18/2012 5:44 PM
HP Discovery Port Monitor (HP Officejet Pro 8600)
HPDiscoPM5912.dll
HP Discovery Port Monitor
Hewlett-Packard Co.
28.0.1315.0
c:\windows\system32\hpdiscopm5912.dll
10/17/2012 5:31 AM
HP Universal Port Monitor
hpbprtmon.dll
Port Monitor Server DLL
Hewlett-Packard
0.3.1282.3554
c:\windows\system32\hpbprtmon.dll
7/24/2012 12:54 PM
PDF Printer 8 Monitor
PDFVC64.DLL
PDF Printer Monitor
Vivid Document Imaging Technologies
1.0.1.350
c:\windows\system32\pdfvc64.dll
7/20/2009 6:00 AM
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
CbFs3
system32\CbFsNetRdr3.dll
Virtual Network Shares CallbackFS v3
EldoS Corporation
3.2.107.174
c:\windows\system32\cbfsnetrdr3.dll
4/9/2012 7:27 AM
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
mdnsNSP
C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files (x86)\bonjour\mdnsnsp.dll
8/30/2011 11:44 PM
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
mdnsNSP
C:\Program Files\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsnsp.dll
8/30/2011 11:53 PM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
File not found: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
File not found: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
_Wow64cpu
Wow64cpu.dll
File not found: C:\Windows\syswow64\Wow64cpu.dll

_Wow64win
Wow64win.dll
File not found: C:\Windows\syswow64\Wow64win.dll

_Wow64
Wow64.dll
File not found: C:\Windows\syswow64\Wow64.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\Windows\system32\igfxtray.exe
igfxTray Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxtray.exe
7/20/2012 3:20 PM
HotKeysCmds
C:\Windows\system32\hkcmd.exe
hkcmd Module
Intel Corporation
8.15.10.2817
c:\windows\system32\hkcmd.exe
7/20/2012 3:20 PM
Persistence
C:\Windows\system32\igfxpers.exe
persistence Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxpers.exe
7/20/2012 3:20 PM
SysTrayApp
C:\Program Files\IDT\WDM\sttray64.exe
IDT PC Audio
IDT, Inc.
1.0.6417.0
c:\program files\idt\wdm\sttray64.exe
7/21/2012 7:49 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
CLVirtualDrive
"C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
CyberLink Virtual Drive
CyberLink Corp.
8.0.1.1926
c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe
7/23/2012 6:52 AM
RemoteControl10
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
PowerDVD RC Service
CyberLink Corp.
7.0.2314.0
c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
3/28/2012 4:22 AM
HP Quick Launch
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HP Message Service
Hewlett-Packard Development Company, L.P.
3.0.3.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
7/9/2012 1:44 AM
HP CoolSense
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
HP CoolSense
Hewlett-Packard Development Company, L.P.
2.1.0.51
c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe
11/5/2012 2:13 AM
Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Adobe Reader and Acrobat Manager
Adobe Systems Incorporated
1.701.3.3014
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
11/21/2013 10:56 AM
NETGEAR USB Control Center
C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
Control Center
3.0.54.0
c:\program files (x86)\netgear\usb control center\control center.exe
9/20/2012 3:56 AM
HP Software Update
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
hpwuSchd Application
Hewlett-Packard
80.1.1.0
c:\program files (x86)\hp\hp software update\hpwuschd2.exe
4/27/2010 2:58 AM
UpdateTool
C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe
File not found: C:\Program Files (x86)\Bin\UpdateTool\YTBUpdater.exe

Trend Micro RUBotted V2.0 Beta
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
Trend Micro RUBotted tool
Trend Micro Inc.
2.0.0.1034
c:\program files (x86)\trend micro\rubotted\rubottedgui.exe
7/25/2013 4:10 AM
HOSTS Anti-Adware_PUPs
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe
File not found: C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe

APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Apple Push
Apple Inc.
2.2.9.2
c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
4/16/2013 9:13 PM
QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
QuickTime Task
Apple Inc.
7.7.5.0
c:\program files (x86)\quicktime\qttask.exe
1/13/2014 7:15 PM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
NCPluginUpdater
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
NCPluginUpdater
Hewlett-Packard
1.0.0.0
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe
10/21/2013 8:52 PM
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
Print Driver Status Business Logic
Hewlett-Packard Co.
28.0.1315.0
c:\program files\hp\hp officejet pro 8600\bin\hpstatusbl.dll
10/17/2012 5:37 AM
Seagate NA47RM8Y Product Registration.lnk
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA47RM8Y Product Registration.lnk
Product Registration
Leader Technologies/Seagate
1.0.3.0
c:\users\cathy\appdata\roaming\leadertech\powerregister\seagate na47rm8y product registration.exe
1/14/2009 5:09 PM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
Adobe Reader User Settings
"C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
Acrobat Install On Demand
Adobe Systems, Inc.
11.0.4.63
c:\program files (x86)\adobe\reader 11.0\esl\aiodlite.dll
9/5/2013 6:29 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
EldosMountNotificator
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
EldosMountNotificator
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Skype 
Skype Technologies S.A.
6.11.0.102
c:\program files (x86)\skype\phone\skype.exe
11/14/2013 10:33 AM
HP Officejet Pro 8600 (NET)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -
AutoStart 1
ScanToPCActivationApp
Hewlett-Packard Co.
28.0.1315.0
c:\program files\hp\hp officejet pro 8600\bin\scantopcactivationapp.exe
10/17/2012 5:29 AM
Task Scheduler
\avast! Emergency Update
"C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe" 
avast! Emergency Update
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\avastemupdate.exe
1/21/2014 11:09 AM
\CCleanerSkipUAC
"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
CCleaner
Piriform Ltd
4.10.0.4570
c:\program files\ccleaner\ccleaner.exe
1/21/2014 9:43 AM
\CLMLSvc_P2G8
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" 
CyberLink MediaLibray Service
CyberLink
8.0.0.608
c:\program files (x86)\cyberlink\power2go8\clmlsvc_p2g8.exe
6/7/2012 9:20 PM
\Core Temp Autostart Cathy
"C:\Program Files\Core Temp\Core Temp.exe" 
CPU temperature and system information utility
1.0.0.0
c:\program files\core temp\core temp.exe
10/14/2012 1:21 PM
\HPCeeScheduleForCathy
"C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForCathy (null)
HP Ceement
Hewlett-Packard
6.0.1.7
c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
9/13/2010 11:11 PM
\MirageAgent
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" 
YouCam Mirage
CyberLink
1.0.0.526
c:\program files (x86)\cyberlink\youcam\ycmmirage.exe
5/25/2010 8:59 PM
\Synaptics TouchPad Enhancements
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
Synaptics TouchPad Enhancements
Synaptics Incorporated
16.5.3.3
c:\program files\synaptics\syntp\syntpenh.exe
4/23/2013 7:20 PM
\Hewlett-Packard\HP Support Assistant\Critical Actions Pending
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /actionsPending
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\PC Health Analysis
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\Update Check
"C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1
HPSFUpdater
Hewlett-Packard Company
7.3.0.10
c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe
12/12/2013 4:17 PM
\Leader Technologies\PowerRegister\Seagate NA47RM8Y Product Registration (Cathy)
"C:\Users\Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe" /remind /language=ENU /loadsrnm="NA47RM8Y" 
/SRNM="NA47RM8Y" /BRND="Seagate" /BDSR="Seagate NA47RM8Y"
Product Registration
Leader Technologies/Seagate
1.0.3.0
c:\users\cathy\appdata\roaming\leadertech\powerregister\seagate na47rm8y product registration.exe
1/14/2009 5:09 PM
\Microsoft\Windows\NetTrace\GatherNetworkInfo
"%windir%\system32\gatherNetworkInfo.vbs" 
c:\windows\system32\gathernetworkinfo.vbs
6/2/2012 8:31 AM
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ExplorerBHO Class
HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
7/9/2012 4:45 PM
ClassicIE9BHO Class
HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
Customizations for the title bar and status bar of IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9dll_32.dll
12/29/2012 11:55 AM
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ExplorerBHO Class
HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
7/9/2012 4:45 PM
ClassicIE9BHO Class
HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
Customizations for the title bar and status bar of IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9dll_32.dll
12/29/2012 11:55 AM
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
CLVDShellExt
HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Cyberlink Shell Extension dynamic link library
Cyberlink
8.0.0.1926
c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
7/26/2012 1:51 AM
HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
CLVDShellExt
HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Cyberlink Shell Extension dynamic link library
Cyberlink
8.0.0.1926
c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
7/26/2012 1:51 AM
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
MBAMShlExt
HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Malwarebytes Anti-Malware
Malwarebytes Corporation
1.70.0.0
c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
12/14/2012 2:52 PM
HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
igfxcui
HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
igfxpph Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxpph.dll
7/20/2012 3:20 PM
HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
PDF Shell Extension
HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
PDF Shell Extension
Adobe Systems, Inc.
11.0.3.37
c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
5/11/2013 3:34 AM
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
MBAMShlExt
HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Malwarebytes Anti-Malware
Malwarebytes Corporation
1.70.0.0
c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
12/14/2012 2:52 PM
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
EldosIconOverlay
HKCR\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
ShareOverlay
HKCR\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
EldosIconOverlay
HKCR\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
ShareOverlay
HKCR\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}
 Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Classic Explorer Bar
HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
Classic Explorer Bar
HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Internet Explorer\Extensions
Classic IE9 Settings
C:\Program Files\Classic Shell\ClassicIE9_32.exe
Classic IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9_32.exe
12/29/2012 11:55 AM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
HP Smart Print
C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
HP Smart Print Setup
Hewlett-Packard
1.1.5.0
c:\program files (x86)\hewlett-packard\smart print 2.0\smartprintsetup.exe
7/27/2012 12:07 AM
HP Network Check
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
NCLauncherFromIE
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
7/9/2012 4:46 PM
Classic IE9 Settings
C:\Program Files\Classic Shell\ClassicIE9_32.exe
Classic IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9_32.exe
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\System32\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\system32\l3codeca.acm
7/25/2012 8:13 PM
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\SysWOW64\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\syswow64\l3codeca.acm
7/25/2012 8:19 PM
vidc.cvid
iccvid.dll
Cinepakr Codec
Radius Inc.
1.10.0.12
c:\windows\syswow64\iccvid.dll
7/25/2012 8:19 PM
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
CyberLink Audio Wizard
HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321}
CyberLink Audio Wizard Filter
CyberLink Corp.
1.0.0.4414
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax
8/14/2009 7:26 AM
CyberLink Line21 Decoder (PDVD10)
HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}
CyberLink Line21 Decoder Filter
CyberLink Corp.
4.0.0.10324
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax
7/23/2009 8:21 PM
CyberLink DVD Navigator (PDVD10)
HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11}
CyberLink DVD Navigation Filter
CyberLink Corp.
8.1.4208.0
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax
6/8/2012 2:59 AM
CyberLink AudioCD Filter (PDVD10)
HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}
CyberLink AudioCD Filter
CyberLink Corp.
5.0.0.7823
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax
6/23/2009 8:00 AM
CyberLink Matroska Splitter(PDVD10)
HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}
CyberLink Matroska Splitter
CyberLink Corp.
1.0.0.1902
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax
7/2/2010 3:20 AM
CyberLink TimeStretch Filter (PDVD10)
HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E}
CLAuTS.ax
CyberLink Corp.
2.0.0.3404
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax
10/3/2010 9:39 PM
CyberLink RealMedia Splitter(PDVD10)
HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}
CyberLink RealMedia Splitter
CyberLink Corp.
1.0.0.1706
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax
5/6/2010 3:42 AM
CyberLink MPEG Splitter
HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}
CyberLink MPEG Splitter
CyberLink Corp.
3.4.0.3408
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax
10/8/2010 2:23 AM
CyberLink Audio Decoder (PDVD10)
HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C}
CyberLink Audio Decoder Filter
CyberLink Corp.
9.0.0.1722
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax
5/22/2012 2:03 AM
CyberLink Video/SP Decoder (PDVD10)
HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB}
CyberLink Video/SP Filter
CyberLink Corp.
8.4.0.2505
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax
1/5/2011 5:11 AM
CyberLink HD/BD Mixer (PDVD10)
HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}
CLHBMixer

2.0.0.5211
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax
4/11/2012 4:03 AM
CyberLink Audio Effect (PDVD10)
HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}
CyberLink Audio Effect Filter
CyberLink Corporation
6.0.0.7225
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax
12/25/2009 2:54 AM
CyberLink Digest Filter (PDVD10)
HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}
DigestFilter Dynamic Link Library
1.0.0.4028
c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll
4/28/2010 6:54 AM
Cyberlink SubTitle Importor (PDVD10)
HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91}
CLSubTitle.ax
CyberLink Corp.
2.0.0.1823
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
6/23/2011 1:22 AM
CyberLink HAM Decoder
HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}
CyberLink Video Decoder Filter
CyberLink Corp.
1.0.8390.4214
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
6/14/2012 1:37 AM
CyberLink Tzan Filter (PDVD10)
HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}
CyberLink Tzan Filter
CyberLink Corp.
3.5.0.4515
c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax
9/15/2011 12:04 AM
CyberLink RealVideo Decoder(PDVD10)
HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682}
CyberLink RealMedia Video Decoder
CyberLink Corp.
1.0.0.1225
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax
12/24/2009 9:42 PM
Cyberlink SubTitle Importor 2.0 (PDVD10)
HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C}
CLSubTitle.ax
CyberLink Corp.
2.0.0.1823
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
6/23/2011 1:22 AM
CyberLink Video Decoder (PDVD10)
HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}
CyberLink Video Decoder Filter
CyberLink Corp.
1.0.8390.4214
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
6/14/2012 1:37 AM
CyberLink MPEG-4 Splitter (PDVD10)
HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}
CyberLink MPEG-4 Splitter
CyberLink Corp.
1.1.0.2906
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax
5/6/2010 4:39 AM
CyberLink RealAudio Decoder(PDVD10)
HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}
CyberLink RealMedia Audio Decoder
CyberLink Corp.
1.0.0.1225
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax
12/24/2009 9:44 PM
CyberLink FLV Splitter(PDVD10)
HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580}
CyberLink FLV Splitter
CyberLink Corp.
1.0.0.3327
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax
9/27/2011 1:30 AM
CyberLink Audio Watermark Detector
HKCR\CLSID\{F0219FAD-541A-4FCD-9E8E-22E4C14CA8BA}
Audio Watermark Detector
CyberLink
1.0.0.516
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax
5/15/2012 8:01 PM
Cyberlink Demuxer 2.0
HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38}
CLDemuxer2
Cyberlink
2.0.6.2518
c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax
1/18/2011 6:29 AM
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Cathy\AppData\Local\Mozilla\Firefox\Profiles\h2vlw8be.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=90 folders=38 34643895 bytes)
==== Empty Temp Folders ======================
C:\Users\Cathy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Cathy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not found
"C:\PROGRA~2\Hosts_Anti_Adwares_PUPs" not found
==== EOF on Sun 03/02/2014 at 17:46:35.96 ======================


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Just for the heck of it, I ran a MalwareBytes scan and an AdwCleaner scan while I waited. MalwareBytes came out clean, but after it, AdwCleaner found more malware. It seems the malware is getting installed faster than it can be cleaned out. Here's the report.

Thank you,

Cathy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.020 - Report created 02/03/2014 at 20:11:33
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Cathy - SPRINGTIME
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\Software\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16798

-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\prefs.js ]

*************************
AdwCleaner[R0].txt - [3952 octets] - [20/02/2014 01:51:07]
AdwCleaner[R1].txt - [938 octets] - [20/02/2014 23:58:11]
AdwCleaner[R2].txt - [1056 octets] - [22/02/2014 01:38:25]
AdwCleaner[R3].txt - [1181 octets] - [24/02/2014 23:58:35]
AdwCleaner[R4].txt - [1297 octets] - [26/02/2014 22:05:53]
AdwCleaner[R5].txt - [1490 octets] - [27/02/2014 17:49:04]
AdwCleaner[R6].txt - [1467 octets] - [01/03/2014 08:58:19]
AdwCleaner[R7].txt - [2067 octets] - [02/03/2014 20:09:15]
AdwCleaner[S0].txt - [3806 octets] - [20/02/2014 02:05:59]
AdwCleaner[S1].txt - [998 octets] - [20/02/2014 23:59:19]
AdwCleaner[S2].txt - [1118 octets] - [22/02/2014 01:39:43]
AdwCleaner[S3].txt - [1243 octets] - [25/02/2014 00:01:23]
AdwCleaner[S4].txt - [1359 octets] - [26/02/2014 22:06:37]
AdwCleaner[S5].txt - [1557 octets] - [27/02/2014 17:55:43]
AdwCleaner[S6].txt - [1529 octets] - [01/03/2014 08:59:08]
AdwCleaner[S7].txt - [1998 octets] - [02/03/2014 20:11:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [2058 octets] ##########


----------



## Squeedlejinks (Feb 27, 2014)

Oh, lovely. I just checked my Programs and Features and Search Protect by Conduit is back. I am sure Zoek had shown it as deleted and it wasn't in Programs and Features earlier today. This is really frustrating.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Re-run Zoek (accept UAC) The following window will open:










Copy and paste the following script from the code box and paste into the field.


```
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run];r
"UpdateTool"=;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"=;r64
autoclean;
```
Select the "Run Script" tab. The following window will open:










Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do










Post the produced log in your next reply..

Next,

Re-run AdwCleaner and use the clean function, post that log

Next,

Re-run JRT, post that log.

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for *PUP* > Select: Show in Results List and Check for removal.

Please *Update* and run a *Quick* scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post that log...

Let me see those logs from above scans, give update on remaining issues/concern..

Kevin


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Here are the logs. Thanks for your help.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Cathy on Mon 03/03/2014 at 19:47:24.61.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cathy\Desktop\zoek.exe [Scan all users] [Script inserted] 
==== Older Logs ======================
C:\zoek-results2014-03-02-234635.log 95443 bytes
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"UpdateTool"= 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"= 
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"= 
==== Deleting Files \ Folders ======================
C:\PROGRA~2\SearchProtect deleted
C:\Users\Cathy\AppData\Local\SearchProtect deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Cathy\AppData\Roaming\KompoZer\Profiles\xix2vf8b.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
- ModPlugin - %ProfilePath%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
- NO Google Analytics - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\xxjyst12.default
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fegekclkdhbnfdcmomlpegkkndgnmfmo - C:\Program Files (x86)\HP SimplePass\tschrome.crx[07/12/2012 07:35 AM]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{34FA5360-6333-4EC6-95CD-F6E509A5E894}"
{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{34FA5360-6333-4EC6-95CD-F6E509A5E894} Startpage HTTPS Url="https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-4122548210-2413772287-1355096437-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} deleted successfully
==== Deleting CLSID Registry Values ======================

==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Cathy\AppData\Local\Mozilla\Firefox\Profiles\h2vlw8be.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=92 folders=38 34650324 bytes)
==== Empty Temp Folders ======================
C:\Users\Cathy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Cathy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Mon 03/03/2014 at 20:02:57.70 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.020 - Report created 03/03/2014 at 20:14:51
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Cathy - SPRINGTIME
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****
Key Found : HKLM\Software\SearchProtect
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16798

-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\prefs.js ]

*************************
AdwCleaner[R0].txt - [3952 octets] - [20/02/2014 01:51:07]
AdwCleaner[R1].txt - [938 octets] - [20/02/2014 23:58:11]
AdwCleaner[R2].txt - [1056 octets] - [22/02/2014 01:38:25]
AdwCleaner[R3].txt - [1181 octets] - [24/02/2014 23:58:35]
AdwCleaner[R4].txt - [1297 octets] - [26/02/2014 22:05:53]
AdwCleaner[R5].txt - [1490 octets] - [27/02/2014 17:49:04]
AdwCleaner[R6].txt - [1467 octets] - [01/03/2014 08:58:19]
AdwCleaner[R7].txt - [2067 octets] - [02/03/2014 20:09:15]
AdwCleaner[R8].txt - [1708 octets] - [02/03/2014 20:14:41]
AdwCleaner[R9].txt - [1190 octets] - [03/03/2014 20:14:51]
AdwCleaner[S0].txt - [3806 octets] - [20/02/2014 02:05:59]
AdwCleaner[S1].txt - [998 octets] - [20/02/2014 23:59:19]
AdwCleaner[S2].txt - [1118 octets] - [22/02/2014 01:39:43]
AdwCleaner[S3].txt - [1243 octets] - [25/02/2014 00:01:23]
AdwCleaner[S4].txt - [1359 octets] - [26/02/2014 22:06:37]
AdwCleaner[S5].txt - [1557 octets] - [27/02/2014 17:55:43]
AdwCleaner[S6].txt - [1529 octets] - [01/03/2014 08:59:08]
AdwCleaner[S7].txt - [2142 octets] - [02/03/2014 20:11:33]
########## EOF - C:\AdwCleaner\AdwCleaner[R9].txt - [1729 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Cathy on Mon 03/03/2014 at 20:27:36.64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/03/2014 at 20:33:13.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.03.08
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16798
Cathy :: SPRINGTIME [administrator]
3/3/2014 9:07:25 PM
mbam-log-2014-03-03 (21-07-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 218759
Time elapsed: 3 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## Squeedlejinks (Feb 27, 2014)

Hi, Kevin,

You asked about issues or concerns. That's hard to say. Everything looks good right now, but that's how it has been several times before and then the malware returns. Give me a couple days and then I'll start to be cautiously optimistic.

Thank you!

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hello Cathy,

This time we find and removed the files that were re-generating the conduit nuisance, maybe is gone for good now. Use your system for a day or so, if no return of nuisance we clean up and remove tools etc..

Kevin..:up:


----------



## Squeedlejinks (Feb 27, 2014)

You really think it's gone this time? I sure hope you're right.

If you don't mind me trying to learn a little bit, do you have time to point out which files are responsible for reinstalling it? I try to gain something from whatever comes my way. If you're not able to, I understand, as I see this forum has a lot of people in need of your help.

Thank you so much for your help.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Search Protect was causing the issue you experience...

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"

Read this link:

http://www.bleepingcomputer.com/startups/SPVC32Loader.dll-27773.html

Let me know if all is well, also if clean up is needed

Kevin....


----------



## Squeedlejinks (Feb 27, 2014)

Thanks, Kevin,

So far, so good. I'll check in for a few days and let you know how things are going. I think the malware usually reappeared about 2 days later, so we should know soon.

I really appreciate your help.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Ok Cathy, post back when you`re ready... Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry2316629

Kevin..


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

SearchProtect is back. I ran a MalwareBytes Antirootkit scan (which found nothing) and when I finished I went to Yahoo mail to sign in. Before I did, I checked my tray and it was there. It was not there 15 minutes ago because I've been checking obsessively.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Please download *SystemLook* from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:folderfind
SearchProtect
:regfind
SearchProtect
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Kevin...


----------



## Squeedlejinks (Feb 27, 2014)

Thank you, Kevin. I'm sorry this is dragging on so long. 

Cathy

Here's the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:15 on 06/03/2014 by Cathy
Administrator - Elevation successful
========== folderfind ==========
Searching for "SearchProtect"
C:\Program Files (x86)\SearchProtect d------ [04:14 06/03/2014]
C:\Program Files (x86)\SearchProtect\SearchProtect d------ [04:14 06/03/2014]
C:\Program Files (x86)\SearchProtect\SearchProtect\SearchProtect d------ [04:14 06/03/2014]
C:\Users\Cathy\AppData\Local\SearchProtect d------ [04:14 06/03/2014]
C:\Users\Cathy\AppData\Local\SearchProtect\SearchProtect d------ [04:14 06/03/2014]
C:\zoek_backup\C_PROGRA~2_SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_PROGRA~2_SearchProtect\SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_Users_Cathy_AppData_Local_SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
========== regfind ==========
Searching for "SearchProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP]
"3"="Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall SearchProtect "C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP]
"4"="Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall SearchProtect "C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
"DisplayIcon"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
"UninstallString"=""C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchProtect]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\SearchProtect]
"InstallDir"="C:\PROGRA~2\SearchProtect"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CltMngSvc]
"ImagePath"="C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc]
"ImagePath"="C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe"
-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on *SearcProtect* to highlight that entry.

Select *Action* from the Menu bar, then *Uninstall* from there follow the prompts.

If *Uninstall* fails open the "Action" menu one more time and use "Force Removal" option

When the uninstall completes re-run "System Look" with the same text field entries.....

Kevin...


----------



## Squeedlejinks (Feb 27, 2014)

Thank you, here are the new results.

Cathy

SystemLook 30.07.11 by jpshortstuff
Log created at 03:06 on 06/03/2014 by Cathy
Administrator - Elevation successful
========== folderfind ==========
Searching for "SearchProtect"
C:\zoek_backup\C_PROGRA~2_SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_PROGRA~2_SearchProtect\SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_Users_Cathy_AppData_Local_SearchProtect\SearchProtect d-a---- [18:47 02/03/2014]
========== regfind ==========
Searching for "SearchProtect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\UFH\ARP]
"4"="Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall SearchProtect "C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe" /S"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallCleanUp"="REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f"
-= EOF =-


----------



## kevinf80 (Mar 21, 2006)

Download and install CCleaner from here:

http://www.piriform.com/ccleaner/builds

Ensure to select Slim version. (No Toolbar)

Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied

Next,

Select > Registry > "Scan for Issues" > with all found entries checked select > "Fix Selected Issues" follow prompts to make back up and remove all entries...

Re-boot your system when CCleaner completes, hopefully that should be the end of your nemesis...

Kevin


----------



## Squeedlejinks (Feb 27, 2014)

OK, Kevin, it's done. I'm sure you're as tired of this as I am and hope it will be gone forever as much as I do!

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Yep sometimes this type of nuisance is hard to shift, I guess we all learn something along the way.... I have to wait for your thumbs up, if that comes we clean up and set you free....

I have to go out very shortly so will catch up later.....

Regards,

Kevin....


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Bet you will wish you has stayed out when you read this. Search Protect is back in the tray and in the Programs and Features list.

Thanks,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hiya Cathy,

Lets run Zoek again, if you still have it on your Desktop no need to d/l again, just run it... Use the script in these instructions...

One point, there is a SearchProtection related to Yahoo, not sure how that may tie in but i`m sure we`ll find out..

Download Zoek.zip from here http://www.hijackthis.nl/smeenk/220813/zoek.zip and save that zip file to your Desktop. Make sure to select direct on the word Zip

Double click zip file and extract to your Desktop:










you will now have 3 versions of the tool on the Desktop:










Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Double click on each in turn until one version of Zoek will run (accept UAC) The following window will open:










Copy and paste the following script from the code box and paste into the field.


```
standardsearch;
autoruns;
autoclean;
emptyclsid;
emptyalltemp;
installedprogs;
```
Select the "Run Script" tab. The following window will open:










Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do










Post the produced log in your next reply..

Kevin...


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Here's the newest results.

Thanks so much,

Cathy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.0 Updated 02-March-2014
Tool run by Cathy on Thu 03/06/2014 at 18:17:44.51.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cathy\Desktop\zoek.exe [Scan all users] [Script inserted] 
==== Older Logs ======================
C:\zoek-results2014-03-02-234635.log 95443 bytes
C:\zoek-results2014-03-04-020257.log 6718 bytes
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Installed Programs ======================
4 Elements II 
Adobe Flash Player 12 Plugin 
Adobe Reader XI (11.0.06) 
Adobe Shockwave Player 11.6 
AIM 7 
Amaya 
Apple Application Support 
Apple Software Update 
AuthenTec TrueAPI 64-bit 
avast Free Antivirus 
Bejeweled 3 
Bonjour 
Build-a-lot 4 - Power Source 
Bullzip PDF Printer 9.3.0.1516 
Canon MP210 series 
CCleaner 
Chuzzle Deluxe 
Classic Shell 
Core Temp 1.0 RC4 
Cradle Of Egypt Collector's Edition 
Cradle of Rome 2 
CrypTool 1.4.30 
CyberLink LabelPrint 
CyberLink Media Suite 10 
CyberLink PhotoDirector 
CyberLink Power2Go 8 
CyberLink PowerDirector 10 
CyberLink PowerDVD 
CyberLink YouCam 
D3DX10 
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition 
Ekahau HeatMapper 
Energy Star 
Farm Frenzy 
FATE: The Cursed King 
Final Drive Fury 
FlatOut 2 
Governor of Poker 2 Premium Edition 
Hewlett-Packard ACLM.NET v1.2.0.0 
Hoyle Card Games 
HP 3D DriveGuard 
HP Connected Backup 
HP Connected Music (Meridian - installer) 
HP CoolSense 
HP Customer Experience Enhancements 
HP Documentation 
HP Games 
HP MyRoom 
HP Officejet Pro 8600 Basic Device Software 
HP Officejet Pro 8600 Help 
HP Postscript Converter 
HP Quick Launch 
HP Recovery Manager 
HP Registration Service 
HP SimplePass 
HP Software Framework 
HP Support Assistant 
HP Update 
HP Utility Center 
HP Wireless Button Driver 
I.R.I.S. OCR 
IDT Audio 
iExplorer 3.2.0.2 
Instant Eyedropper 1.75 
Intel(R) Control Center 
Intel(R) Management Engine Components 
Intel(R) Processor Graphics 
Intel(R) SDK for OpenCL - CPU Only Runtime Package 
Intelr Trusted Connect Service Client 
Jewel Match 3 
John Deere Drive Green 
Luxor Evolved 
Mahjongg Dimensions Deluxe: Tiles in Time 
Malwarebytes Anti-Malware version 1.75.0.1300 
Microsoft Application Error Reporting 
Microsoft Office 
Microsoft Office Access MUI (English) 2010 
Microsoft Office Access Setup Metadata MUI (English) 2010 
Microsoft Office Excel MUI (English) 2010 
Microsoft Office Home and Student 2010 
Microsoft Office Office 64-bit Components 2010 
Microsoft Office OneNote MUI (English) 2010 
Microsoft Office Outlook MUI (English) 2010 
Microsoft Office PowerPoint MUI (English) 2010 
Microsoft Office Proof (English) 2010 
Microsoft Office Proof (French) 2010 
Microsoft Office Proof (Spanish) 2010 
Microsoft Office Proofing (English) 2010 
Microsoft Office Publisher MUI (English) 2010 
Microsoft Office Shared 64-bit MUI (English) 2010 
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 
Microsoft Office Shared MUI (English) 2010 
Microsoft Office Shared Setup Metadata MUI (English) 2010 
Microsoft Office Single Image 2010 
Microsoft Office Word MUI (English) 2010 
Microsoft Silverlight 
Microsoft SQL Server 2005 Compact Edition [ENU] 
Microsoft Visual C++ 2005 Redistributable 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 
More Games from WildTangent Games 
Mortimer Beckett and the Crimson Thief Premium Edition 
Mozilla Firefox 27.0.1 (x86 en-US) 
Mozilla Maintenance Service 
MSVCRT 
Mystery P.I. - Curious Case of Counterfeit Cove 
NETGEAR USB Control Center 
NirSoft Wireless Network Watcher 
Peggle Nights 
Penguins 
Polar Bowler 
Polar Golfer 
QuickTime 7 
Ralink RT5390R 802.11bgn Wi-Fi Adapter 
Realtek Ethernet Controller Driver 
Realtek PCIE Card Reader 
Roads of Rome 3 
Safari 
SeaMonkey 2.21 (x86 en-US) 
Search Protect 
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition 
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition 
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition 
SkypeT 6.11 
swMSM 
Synaptics Pointing Device Driver 
Tales of Lagoona 
Trend Micro RUBotted 2.0 Beta 
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition 
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition 
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition 
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition 
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition 
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition 
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition 
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition 
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition 
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition 
Update Installer for WildTangent Games App 
Vacation QuestT - Australia 
Validity WBF DDK 
WinDirStat 1.1.2 
Windows Live Communications Platform 
Windows Live Essentials 
Windows Live Installer 
Windows Live Language Selector 
Windows Live Movie Maker 
Windows Live Photo Common 
Windows Live Photo Gallery 
Windows Live PIMT Platform 
Windows Live SOXE 
Windows Live SOXE Definitions 
Windows Live UX Platform 
Windows Live UX Platform Language Pack 
Windows Live Writer 
Windows Live Writer Resources 
WinPcap 4.1.3 
Zuma's Revenge 
==== Running Processes ======================
C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
C:\Program Files\Classic Shell\ClassicShellService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Windows\TEMP\tmp18C7.exe
C:\Windows\TEMP\is-854UQ.tmp\tmp18C7.tmp
C:\Program Files (x86)\HP SimplePass\TouchControl.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Cathy\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully
==== Deleting Files \ Folders ======================
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\PROGRA~2\SearchProtect deleted
C:\Users\Cathy\AppData\Local\SearchProtect deleted
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8075 MB
CPU Info: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
CPU Speed: 2557.5 MHz
Sound Card: Speakers and Headphones (IDT Hi | 
Display Adapters: Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000 | Intel(R) HD Graphics 4000
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp DVD RAM UJ8C2
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 671.5GB | D: 26.3GB
Hard Disks - Free: C: 576.4GB | D: 3.1GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE | | HPQOEM - 1
Time Zone: Central Standard Time
Motherboard *: Hewlett-Packard 18A4
Country: United States 
Language: ENU 
==== System Specs (Software) ======================
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: avast! Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: avast! Antivirus disabled (Outdated)
Default Browser: Firefox 27.0.1
Internet Explorer Version: 10.0.9200.16798 
Mozilla Firefox version: 27.0.1 (x86 en-US)
Adobe Reader version: 11.0.06.70
Flash Player version: 12.0.0.70
Shockwave Player version: 11.6.5r635
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-02-17 06:19:54 0245D0889C3443F5DC9194558583FE59 43152 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Cathy\AppData\Local\Temp ====
2014-03-06 09:04:06 9B1CACFACEE6EF4DD33FE9FBC2362F15 3527168 ----a-w- C:\Users\Cathy\AppData\Local\Temp\geek_x64.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Users\Cathy\AppData\Local\Temp\nsz8F9.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2014-02-19 08:18:57 CD51E1D0D638F1E07A6EDC98CD7F5DDA 91352 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-02-17 06:20:03 FD3EA14ADF6216BDF4030DB2EFD43D96 80184 ----a-w- C:\Windows\Sysnative\drivers\aswStm.sys
2014-02-17 06:20:03 90399625F341AB76BA4B85A5E860EB1F 207904 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys
2014-02-17 06:20:02 F22DE5F5BA8ADA0A861441B624B51EB5 421704 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2014-02-17 06:20:02 C04F7B373881009D7994D9BF55D24AB4 65776 ----a-w- C:\Windows\Sysnative\drivers\aswRvrt.sys
2014-02-17 06:20:02 679712B7A353EE665B9301592164A172 92544 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2014-02-17 06:20:02 43599E630DFC30AD4E6A2B4B269EB1C0 1038072 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2014-02-17 06:20:02 0ACC3F49015E628590CA4372322EB46B 78648 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2014-02-12 05:36:47 A7CF9B841956293F20E25E08D53718D6 175528 ----a-w- C:\Windows\Sysnative\drivers\tmcomm.sys
2014-02-11 22:11:26 DD4249F03598043DED6FA540EB14898A 2232664 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-02-11 22:10:42 961A45CC15514178E511BBF1384CE0B8 83968 ----a-w- C:\Windows\Sysnative\drivers\hidclass.sys
====== C:\Windows\Tasks ======
2014-03-02 18:38:42 E6CB61802128D183262E1348E5B014E1 3112 ----a-w- C:\Windows\Sysnative\Tasks\{32D6EFE7-4564-4853-932B-A65CF09A74C1}
2014-02-17 06:20:29 F90218862B82BDDFBC9C3CA0129B6260 4182 ----a-w- C:\Windows\Sysnative\Tasks\avast! Emergency Update
2014-02-11 07:07:19 AAA90B8704D6C79D98A0EA50C8ABA712 3086 ----a-w- C:\Windows\Sysnative\Tasks\{54C8A83C-43D6-405A-A37F-F012340AFC6F}
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-03-02 01:45:24 -------- d-----w- C:\PROGRA~2\TempInstaller
2014-02-27 06:34:42 -------- d-----w- C:\PROGRA~2\QuickTime
2014-02-27 06:33:35 -------- d-----w- C:\PROGRA~2\COMMON~1\Apple
2014-02-19 08:13:46 -------- d-----w- C:\PROGRA~2\WinPcap
2014-02-19 08:12:37 -------- d-----w- C:\PROGRA~2\Trend Micro
2014-02-11 06:03:20 -------- d-----w- C:\PROGRA~2\Bin
======= C: =====
====== C:\Users\Cathy\AppData\Roaming ======
2014-03-06 09:04:06 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Geek Uninstaller
2014-03-04 01:59:45 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-03-04 01:59:45 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-03-04 01:59:45 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-03-04 01:59:45 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
2014-03-04 01:59:45 -------- d-----w- C:\Users\Cathy\AppData\Local\Temp
2014-02-16 05:25:04 -------- d-----w- C:\Users\Cathy\AppData\Roaming\Leadertech
2014-02-12 16:08:13 221DF1316CD5602CA2927376F0A76652 25457346 ----a-w- C:\Users\Cathy\AppData\Local\census.cache
2014-02-12 15:50:07 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Cathy\AppData\Local\ars.cache
2014-02-12 05:41:42 8EA2A504207556C0BF3EABE681F1308F 10 ----a-w- C:\Users\Cathy\AppData\Local\sponge.last.runtime.cache
2014-02-12 05:36:29 59FD46929FC05E22617AA95440C5B983 36 ----a-w- C:\Users\Cathy\AppData\Local\housecall.guid.cache
2014-02-11 07:04:41 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Mozilla
2014-02-11 07:04:41 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Mozilla
====== C:\Users\Cathy ======
2014-03-06 09:51:45 2A5989EBFF9D3DCE16EE9CAD2C478AB1 3690256 ----a-w- C:\Users\Cathy\Desktop\ccsetup411_slim.exe
2014-03-06 08:14:28 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Cathy\Desktop\SystemLook_x64.exe
2014-03-04 02:14:18 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-03-01 20:39:58 452D4ECD57921D22CDF1254E482D5A68 2146816 ----a-w- C:\Users\Cathy\Desktop\geek.exe
2014-02-28 00:23:25 830CF56A6AFCA75C11FA66F80D6ABDC2 2155520 ----a-w- C:\Users\Cathy\Desktop\FRST64.exe
2014-02-28 00:01:05 2075EBB7954277A05193412881EC8FDE 1037734 ----a-w- C:\Users\Cathy\Desktop\JRT.exe
2014-02-27 08:17:56 9A8336796A7C71E9F33DE848B8320ED3 380416 ----a-w- C:\Users\Cathy\Desktop\b0xrsxq1.exe
2014-02-27 06:34:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-02-19 08:15:08 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2014-02-19 08:13:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2014-02-19 08:13:37 -------- d-----w- C:\ProgramData\Trend Micro
2014-02-17 06:20:52 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
====== C: exe-files ==
2014-03-06 11:57:54 0059B000E747B4423306584475E16F3E 471444 ----a-w- C:\Windows\Temp\tmp18C7.exe
2014-03-06 10:56:44 488AB9E11C6D560EC43141366AADFC4C 6296752 ----a-w- C:\Windows\Temp\nsb1976\SpSetup.exe
2014-03-06 10:56:30 0059B000E747B4423306584475E16F3E 471444 ----a-w- C:\Windows\Temp\tmpE1E8.exe
2014-03-06 09:51:45 2A5989EBFF9D3DCE16EE9CAD2C478AB1 3690256 ----a-w- C:\Users\Cathy\Desktop\ccsetup411_slim.exe
2014-03-06 09:04:06 9B1CACFACEE6EF4DD33FE9FBC2362F15 3527168 ----a-w- C:\Users\Cathy\AppData\Local\Temp\geek_x64.exe
2014-03-06 08:14:28 F783EC309D42813F74319EB776153B2B 165376 ----a-w- C:\Users\Cathy\Desktop\SystemLook_x64.exe
2014-03-06 05:15:23 0059B000E747B4423306584475E16F3E 471444 ----a-w- C:\Windows\Temp\tmp3F5A.exe
2014-03-06 04:14:16 488AB9E11C6D560EC43141366AADFC4C 6296752 ----a-w- C:\Windows\Temp\nsw4C1F\SpSetup.exe
2014-03-06 04:13:59 0059B000E747B4423306584475E16F3E 471444 ----a-w- C:\Windows\Temp\tmpA40.exe
2014-03-04 02:14:18 A845789676F7D2A542E708EB5CAC12C9 1244192 ----a-w- C:\Users\Cathy\Desktop\AdwCleaner.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsx902D.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nss5C5D.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsr599D.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nspE017.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsj92DE.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nshE5F4.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsgA541.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Windows\Temp\nsfA2CF.exe
2014-03-03 13:32:38 096E0D55823FDEB3916584071E9B7ACA 156063 ----a-w- C:\Users\Cathy\AppData\Local\Temp\nsz8F9.exe
2014-03-01 20:39:58 452D4ECD57921D22CDF1254E482D5A68 2146816 ----a-w- C:\Users\Cathy\Desktop\geek.exe
=== C: other files ==
2014-03-06 08:44:57 2AD60FD39C51E01AD6E912C74B47984E 2037562 ----a-w- C:\Users\Cathy\Desktop\geek.zip
2014-02-28 03:08:09 CF5607139DFF6238B07D7BD5DC66EB49 29492 ----a-w- C:\Windows\Minidump\022714-22812-01.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-4122548210-2413772287-1355096437-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3AGEKGG005KD:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLVirtualDrive"="C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe /R"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"NETGEAR USB Control Center"="C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"Trend Micro RUBotted V2.0 Beta"="C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"HP Officejet Pro 8600 (NET)"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe -deviceID CN3AGEKGG005KD:NW -scfn HP Officejet Pro 8600 (NET) -AutoStart 1"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC32Loader.dll"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll"
==== Startup Folders ======================
2013-12-31 05:42:10 1930 ----a-w- C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
2014-03-02 06:25:33 1340 ----a-w- C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA47RM8Y Product Registration.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\HPCeeScheduleForCathy.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [09/13/2010 11:15 PM]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\CLMLSvc_P2G8" [C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe]
"C:\Windows\SysNative\tasks\Core Temp Autostart Cathy" ["C:\Program Files\Core Temp\Core Temp.exe"]
"C:\Windows\SysNative\tasks\HPCeeScheduleForCathy" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{66F890BB-D280-4861-90DC-D9EC068C20FC}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Leader Technologies\PowerRegister\Seagate NA47RM8Y Product Registration (Cathy)" [C:\Users\Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Cathy\AppData\Roaming\KompoZer\Profiles\xix2vf8b.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
- ModPlugin - %ProfilePath%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
- NO Google Analytics - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\xxjyst12.default
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fegekclkdhbnfdcmomlpegkkndgnmfmo - C:\Program Files (x86)\HP SimplePass\tschrome.crx[07/12/2012 07:35 AM]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{34FA5360-6333-4EC6-95CD-F6E509A5E894}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{34FA5360-6333-4EC6-95CD-F6E509A5E894} Startpage HTTPS Url="https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2 - BHO: ClassicIE9BHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NETGEAR USB Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Startup: Seagate NA47RM8Y Product Registration.lnk = Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra 'Tools' menuitem: Classic IE9 Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE9_32.exe
O9 - Extra button: (no name) - {64964764-1101-4bbd-8891-B56B1A53B9B3} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWow64\CbFsMntNtf3.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Classic Shell Service (ClassicShellService) - IvoSoft - C:\Program Files\Classic Shell\ClassicShellService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HOSTS Anti-PUPs - Unknown owner - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (file missing)
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem29.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: TrueAPI Service component (TrueService) - AuthenTec, Inc. - C:\Program Files\Common Files\AuthenTec\TrueService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: UpdateSoftware (UpdateServiceTool) - VIS without Co - C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe
O23 - Service: Validity WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Sysinternals Autoruns Log ======================
HKLM\System\CurrentControlSet\Services
AdobeARMservice
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
Adobe Acrobat Updater keeps your Adobe software up to date.
Adobe Systems Incorporated
1.701.3.3014
c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
11/21/2013 10:55 AM
avast! Antivirus
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Manages and implements avast! antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\avastsvc.exe
1/21/2014 11:13 AM
Bonjour Service
"C:\Program Files\Bonjour\mDNSResponder.exe"
Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsresponder.exe
8/30/2011 11:52 PM
ClassicShellService
"C:\Program Files\Classic Shell\ClassicShellService.exe"
Launches the start button after logon
IvoSoft
3.6.5.0
c:\program files\classic shell\classicshellservice.exe
12/29/2012 11:55 AM
cphs
%SystemRoot%\SysWow64\IntelCpHeciSvc.exe
Intel(R) Content Protection HECI Service - enables communication with the Content Protection FW
Intel Corporation
1.0.1.14
c:\windows\syswow64\intelcphecisvc.exe
12/22/2011 12:45 AM
FPLService
"C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe"
Provides convenient and secure fingerprint authentication and identity management.
HP
6.0.100.244
c:\program files (x86)\hp simplepass\truesuiteservice.exe
8/9/2012 11:28 PM
GamesAppService
"C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
WT Games App Services
WildTangent, Inc.
4.0.4918.0
c:\program files (x86)\wildtangent games\app\gamesappservice.exe
10/4/2010 4:15 PM
HOSTS Anti-PUPs
C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update
File not found: C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -update

HP Support Assistant Service
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
HP Support Assistant Service
Hewlett-Packard Company
7.0.32.38
c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
8/10/2012 11:53 AM
hpqwmiex
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
HP Software Framework WMI Service
Hewlett-Packard Company
4.6.8.1
c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
8/10/2012 2:34 PM
hpsrv
%SystemRoot%\system32\Hpservice.exe
HpService
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\hpservice.exe
9/24/2012 9:32 AM
HPWMISVC
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
HP Quick Launch WMI Service
Hewlett-Packard Development Company, L.P.
3.0.1.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
7/8/2012 10:56 PM
IDriverT
"C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
Provides support for the Running Object Table for InstallShield Drivers
Macrovision Corporation
10.50.0.125
c:\program files (x86)\common files\installshield\driver\1050\intel 32\idrivert.exe
10/22/2004 2:24 AM
Intel(R) Capability Licensing Service Interface
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
Version: 1.24.388.1
Intel(R) Corporation
1.24.388.1
c:\program files\intel\icls client\heciserver.exe
4/20/2012 6:16 AM
jhi_service
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
Intel(R) Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel (R) DAL
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\dal\jhi_service.exe
6/25/2012 11:43 AM
LMS
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe
6/25/2012 11:36 AM
MozillaMaintenance
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
Mozilla Foundation
27.0.1.5156
c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
2/12/2014 4:23 PM
rpcapd
"%ProgramFiles(x86)%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles(x86)%\WinPcap\rpcapd.ini"
Allows to capture traffic on this machine from a remote machine.
Riverbed Technology, Inc.
4.1.0.2980
c:\program files (x86)\winpcap\rpcapd.exe
2/28/2013 7:28 PM
RUBotSrv
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
Trend Micro service for RUBotted tool
Trend Micro Inc.
2.0.0.1034
c:\program files (x86)\trend micro\rubotted\rubotsrv.exe
7/25/2013 4:09 AM
SkypeUpdate
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
Enables the detection, download and installation of updates for Skype.
Skype Technologies
6.8.1.61523
c:\program files (x86)\skype\updater\updater.exe
10/23/2013 2:12 AM
STacSV
C:\Program Files\IDT\WDM\STacSV64.exe
Manages audio jack configurations.
IDT, Inc.
1.0.6417.0
c:\program files\idt\wdm\stacsv64.exe
7/21/2012 7:48 AM
TrueService
"C:\Program Files\Common Files\AuthenTec\TrueService.exe"
TrueAPI Server
AuthenTec, Inc.
1.6.0.86
c:\program files\common files\authentec\trueservice.exe
7/16/2012 4:57 AM
UNS
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.
Intel Corporation
8.1.0.1252
c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe
6/25/2012 11:38 AM
UpdateServiceTool
"C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe"
Downloader.Service
VIS without Co
1.0.0.0
c:\program files (x86)\bin\updatetool\updatertoolservice.exe
12/1/2013 1:17 PM
valWBFPolicyService
C:\Windows\system32\valWBFPolicyService.exe
Validity WBF Policy Service
c:\windows\system32\valwbfpolicyservice.exe
9/6/2012 2:47 AM
HKLM\System\CurrentControlSet\Services
3ware
System32\drivers\3ware.sys
LSI 3ware SCSI Storport Driver
LSI
5.1.0.47
c:\windows\system32\drivers\3ware.sys
3/8/2012 2:33 PM
Accelerometer
\SystemRoot\system32\DRIVERS\Accelerometer.sys
HP Accelerometer
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\drivers\accelerometer.sys
9/24/2012 9:31 AM
adp94xx
System32\drivers\adp94xx.sys
Adaptec Windows SAS/SATA Storport Driver
Adaptec, Inc.
1.6.6.4
c:\windows\system32\drivers\adp94xx.sys
12/5/2008 5:54 PM
adpahci
System32\drivers\adpahci.sys
Adaptec Windows SATA Storport Driver
Adaptec, Inc.
1.6.6.1
c:\windows\system32\drivers\adpahci.sys
5/1/2007 11:30 AM
adpu320
System32\drivers\adpu320.sys
Adaptec StorPort Ultra320 SCSI Driver (X64)
Adaptec, Inc.
7.2.0.0
c:\windows\system32\drivers\adpu320.sys
2/27/2007 6:04 PM
ALSysIO
\??\C:\Users\Cathy\AppData\Local\Temp\ALSysIO64.sys
File not found: C:\Users\Cathy\AppData\Local\Temp\ALSysIO64.sys

amdkmdag
\SystemRoot\system32\DRIVERS\atikmdag.sys
ATI Radeon Kernel Mode Driver
Advanced Micro Devices, Inc.
8.1.1.1248
c:\windows\system32\drivers\atikmdag.sys
6/18/2012 3:21 PM
amdkmdap
\SystemRoot\system32\DRIVERS\atikmpag.sys
AMD multi-vendor Miniport Driver
Advanced Micro Devices, Inc.
8.14.1.6264
c:\windows\system32\drivers\atikmpag.sys
6/18/2012 2:41 PM
amdsata
System32\drivers\amdsata.sys
AHCI 1.2 Device Driver
Advanced Micro Devices
1.1.4.6
c:\windows\system32\drivers\amdsata.sys
6/11/2012 4:19 PM
amdsbs
System32\drivers\amdsbs.sys
AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
AMD Technologies Inc.
3.7.1540.30
c:\windows\system32\drivers\amdsbs.sys
2/21/2012 12:15 PM
amdxata
System32\drivers\amdxata.sys
Storage Filter Driver
Advanced Micro Devices
1.1.4.6
c:\windows\system32\drivers\amdxata.sys
6/11/2012 4:36 PM
arc
System32\drivers\arc.sys
Adaptec RAID Storport Driver
PMC-Sierra, Inc.
5.2.0.18702
c:\windows\system32\drivers\arc.sys
3/19/2012 11:49 AM
arcsas
System32\drivers\arcsas.sys
 Adaptec SAS RAID WS03 Driver
PMC-Sierra, Inc.
5.2.0.18702
c:\windows\system32\drivers\arcsas.sys
3/19/2012 11:51 AM
aswMonFlt
\??\C:\Windows\system32\drivers\aswMonFlt.sys
avast! mini-filter driver (aswMonFlt)
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswmonflt.sys
1/21/2014 11:11 AM
aswRdr
\??\C:\Windows\system32\drivers\aswRdr2.sys
avast! WFP Redirect driver
AVAST Software
9.0.2006.149
c:\windows\system32\drivers\aswrdr2.sys
10/11/2013 5:11 AM
aswRvrt
aswRvrt
9.0.2004.130
c:\windows\system32\drivers\aswrvrt.sys
10/4/2013 1:48 AM
aswSnx
\??\C:\Windows\system32\drivers\aswSnx.sys
avast! virtualization driver (aswSnx)
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswsnx.sys
1/21/2014 11:11 AM
aswSP
\??\C:\Windows\system32\drivers\aswSP.sys
avast! Self Protection
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswsp.sys
1/21/2014 11:17 AM
aswStm
\??\C:\Windows\system32\drivers\aswStm.sys
avast! StreamFilter Callout Driver
AVAST Software
9.0.2013.292
c:\windows\system32\drivers\aswstm.sys
1/21/2014 11:18 AM
aswVmm
aswVmm
avast! VM Monitor
9.0.2010.245
c:\windows\system32\drivers\aswvmm.sys
12/9/2013 1:04 AM
b06bdrv
System32\drivers\bxvbda.sys
Broadcom NetXtreme II GigE VBD
Broadcom Corporation
7.0.1.36
c:\windows\system32\drivers\bxvbda.sys
7/23/2012 5:30 PM
cbfs3
\SystemRoot\System32\drivers\cbfs3.sys
Callback File System Driver
EldoS Corporation
3.2.107.271
c:\windows\system32\drivers\cbfs3.sys
4/9/2012 7:21 AM
CLVirtualDrive
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
CyberLink CLVirtualDrive Driver
CyberLink
1.0.0.621
c:\windows\system32\drivers\clvirtualdrive.sys
12/26/2011 7:26 AM
ebdrv
System32\drivers\evbda.sys
Broadcom NetXtreme II 10 GigE VBD
Broadcom Corporation
7.0.35.95
c:\windows\system32\drivers\evbda.sys
7/24/2012 6:22 AM
EkaProt6
\SystemRoot\system32\DRIVERS\ekaprot6.sys
@oem24.inf,%EKAHAU_Desc%;Ekahau User Protocol Driver for NDIS 6
Ekahau Inc.
6.1.0.268
c:\windows\system32\drivers\ekaprot6.sys
12/19/2011 8:39 AM
hpdskflt
system32\DRIVERS\hpdskflt.sys
HP Disk Filter - SATA/RAID
Hewlett-Packard Company
4.2.9.1
c:\windows\system32\drivers\hpdskflt.sys
9/24/2012 9:31 AM
HpSAMD
System32\drivers\HpSAMD.sys
Smart Array SAS/SATA Controller Media Driver
Hewlett-Packard Company
7.0.12.0
c:\windows\system32\drivers\hpsamd.sys
5/30/2012 4:24 PM
iaStorA
System32\drivers\iaStorA.sys
Intel Rapid Storage Technology driver - x64
Intel Corporation
11.5.2.1001
c:\windows\system32\drivers\iastora.sys
7/31/2012 12:21 PM
iaStorV
System32\drivers\iaStorV.sys
Intel Matrix Storage Manager driver - x64
Intel Corporation
8.6.2.1019
c:\windows\system32\drivers\iastorv.sys
4/11/2011 12:48 PM
igfx
\SystemRoot\system32\DRIVERS\igdkmd64.sys
Intel Graphics Kernel Mode Driver
Intel Corporation
9.17.10.2817
c:\windows\system32\drivers\igdkmd64.sys
7/20/2012 3:47 PM
iirsp
System32\drivers\iirsp.sys
Intel/ICP Raid Storport Driver
Intel Corp./ICP vortex GmbH
5.4.22.0
c:\windows\system32\drivers\iirsp.sys
12/13/2005 3:47 PM
IntcDAud
\SystemRoot\system32\DRIVERS\IntcDAud.sys
Intel(R) Display Audio Driver
Intel(R) Corporation
6.14.0.3097
c:\windows\system32\drivers\intcdaud.sys
6/19/2012 8:40 AM
LSI_SAS
System32\drivers\lsi_sas.sys
LSI Fusion-MPT SAS Driver (StorPort)
LSI Corporation
1.34.2.6
c:\windows\system32\drivers\lsi_sas.sys
5/11/2012 1:40 PM
LSI_SAS2
System32\drivers\lsi_sas2.sys
LSI SAS Gen2 Driver (StorPort)
LSI Corporation
2.0.55.84
c:\windows\system32\drivers\lsi_sas2.sys
3/12/2012 2:28 PM
LSI_SCSI
System32\drivers\lsi_scsi.sys
LSI Fusion-MPT SCSI Driver (StorPort)
LSI Corporation
1.34.2.5
c:\windows\system32\drivers\lsi_scsi.sys
2/21/2012 5:59 PM
LSI_SSS
System32\drivers\lsi_sss.sys
LSI SSS PCIe/Flash Driver (StorPort)
LSI Corporation
2.10.55.81
c:\windows\system32\drivers\lsi_sss.sys
2/21/2012 6:00 PM
megasas
System32\drivers\megasas.sys
MEGASAS RAID Controller Driver for Windows
LSI Corporation
6.2.8313.0
c:\windows\system32\drivers\megasas.sys
4/3/2012 1:45 PM
MegaSR
System32\drivers\MegaSR.sys
LSI MegaRAID Software RAID Driver
LSI Corporation, Inc.
14.6.1007.2012
c:\windows\system32\drivers\megasr.sys
2/24/2012 12:22 PM
MEIx64
\SystemRoot\System32\drivers\HECIx64.sys
Intel(R) Management Engine Interface
Intel Corporation
9.0.0.1287
c:\windows\system32\drivers\hecix64.sys
12/17/2012 1:32 PM
mvumis
System32\drivers\mvumis.sys
Marvell Flash Controller Driver
Marvell Semiconductor, Inc.
1.0.5.7
c:\windows\system32\drivers\mvumis.sys
3/20/2012 1:43 AM
NetgearUDSMBus
\SystemRoot\system32\drivers\NetgearUDSMBus.sys
Master Bus of USB Software Bus By TCP
Windows (R) Codename Longhorn DDK provider
6.0.6000.16386
c:\windows\system32\drivers\netgearudsmbus.sys
8/13/2012 1:03 AM
NetgearUDSTcpBus
system32\drivers\NetgearUDSTcpBus.sys
Kernel USB Software Bus by TCP
Windows (R) Codename Longhorn DDK provider
6.0.6000.16386
c:\windows\system32\drivers\netgearudstcpbus.sys
8/13/2012 1:05 AM
netr28x
\SystemRoot\system32\DRIVERS\netr28x.sys
Ralink 802.11 Wireless Adapter Driver
Ralink Technology, Corp.
5.0.25.0
c:\windows\system32\drivers\netr28x.sys
4/12/2013 8:22 PM
nfrd960
System32\drivers\nfrd960.sys
IBM ServeRAID Controller Driver
IBM Corporation
7.10.0.0
c:\windows\system32\drivers\nfrd960.sys
6/6/2006 3:11 PM
NPF
system32\drivers\npf.sys
npf.sys (NT5/6 AMD64) Kernel Driver
Riverbed Technology, Inc.
4.1.0.2980
c:\windows\system32\drivers\npf.sys
2/28/2013 7:31 PM
nvraid
System32\drivers\nvraid.sys
NVIDIAr nForce(TM) RAID Driver
NVIDIA Corporation
10.6.0.22
c:\windows\system32\drivers\nvraid.sys
9/12/2011 6:01 PM
nvstor
System32\drivers\nvstor.sys
NVIDIAr nForce(TM) Sata Performance Driver
NVIDIA Corporation
10.6.0.22
c:\windows\system32\drivers\nvstor.sys
9/12/2011 5:53 PM
RSBASTOR
\SystemRoot\system32\DRIVERS\RtsBaStor.sys
Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8
Realtek Semiconductor Corp.
6.2.8400.27025
c:\windows\system32\drivers\rtsbastor.sys
7/30/2012 12:08 AM
RTL8168
\SystemRoot\system32\DRIVERS\Rt630x64.sys
Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver 
Realtek 
8.3.730.2012
c:\windows\system32\drivers\rt630x64.sys
7/30/2012 10:03 AM
secdrv
secdrv
Macrovision SECURITY Driver
Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
4.3.86.0
c:\windows\system32\drivers\secdrv.sys
9/13/2006 7:18 AM
SiSRaid2
System32\drivers\SiSRaid2.sys
SiS RAID Stor Miniport Driver
Silicon Integrated Systems Corp.
5.1.1039.2600
c:\windows\system32\drivers\sisraid2.sys
9/24/2008 12:28 PM
SiSRaid4
System32\drivers\sisraid4.sys
SiS AHCI Stor-Miniport Driver
Silicon Integrated Systems
5.1.1039.3600
c:\windows\system32\drivers\sisraid4.sys
10/1/2008 3:56 PM
SmbDrv
\SystemRoot\System32\drivers\Smb_driver_AMDASF.sys
Synaptics SMBus Driver
Synaptics Incorporated
16.2.10.12
c:\windows\system32\drivers\smb_driver_amdasf.sys
8/24/2012 5:21 PM
SmbDrvI
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
Synaptics SMBus Driver
Synaptics Incorporated
16.5.3.3
c:\windows\system32\drivers\smb_driver_intel.sys
4/23/2013 6:36 PM
stexstor
System32\drivers\stexstor.sys
Promise SuperTrak EX Series Driver for Windows x64
Promise Technology, Inc.
5.1.0.9
c:\windows\system32\drivers\stexstor.sys
11/18/2011 6:27 PM
STHDA
\SystemRoot\system32\DRIVERS\stwrt64.sys
IDT PC Audio
IDT, Inc.
6.10.6417.0
c:\windows\system32\drivers\stwrt64.sys
7/21/2012 7:36 AM
SynTP
\SystemRoot\system32\DRIVERS\SynTP.sys
Synaptics Touchpad Driver
Synaptics Incorporated
16.5.3.3
c:\windows\system32\drivers\syntp.sys
4/23/2013 6:34 PM
viaide
System32\drivers\viaide.sys
VIA Generic PCI IDE Bus Driver
VIA Technologies, Inc.
6.0.6000.170
c:\windows\system32\drivers\viaide.sys
7/25/2012 8:29 PM
vsmraid
System32\drivers\vsmraid.sys
VIA RAID DRIVER FOR AMD-X86-64
VIA Technologies Inc.,Ltd
7.0.8140.6290
c:\windows\system32\drivers\vsmraid.sys
1/31/2012 1:55 PM
VSTXRAID
System32\drivers\vstxraid.sys
VIA StorX RAID Controller Driver
VIA Corporation
8.0.8220.8080
c:\windows\system32\drivers\vstxraid.sys
3/26/2012 11:42 AM
WirelessButtonDriver
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
HP Wireless Button Driver
Hewlett-Packard Development Company, L.P.
1.0.2.1
c:\windows\system32\drivers\wirelessbuttondriver64.sys
7/27/2012 2:22 PM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
igfxcui
igfxdev.dll
igfxdev Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxdev.dll
7/20/2012 3:19 PM
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
Bullzip PDF Print Monitor
bzpdf.dll
Bullzip PDF Writer
Bullzip
3.0.0.52
c:\windows\system32\bzpdf.dll
12/5/2012 12:13 AM
Canon BJ Language Monitor MP210 series
CNMLM8S.DLL
IJ Language Monitor
CANON INC.
0.3.0.1
c:\windows\system32\cnmlm8s.dll
2/8/2008 1:24 AM
CUSTPDF Writer Monitor x86
custmon64.dll
c:\windows\system32\custmon64.dll
7/19/2008 3:26 PM
Epson Inbox Language Monitor01
EP0SLM01.DLL
Epson Printer Driver
SEIKO EPSON CORPORATION
1.0.0.0
c:\windows\system32\ep0slm01.dll
7/13/2009 7:29 PM
HP 5912 Status Monitor
hpinksts5912LM.dll
 Print Status Language Monitor
Hewlett-Packard Co.
28.0.1180.0
c:\windows\system32\hpinksts5912lm.dll
6/18/2012 5:44 PM
HP Discovery Port Monitor (HP Officejet Pro 8600)
HPDiscoPM5912.dll
HP Discovery Port Monitor
Hewlett-Packard Co.
28.0.1315.0
c:\windows\system32\hpdiscopm5912.dll
10/17/2012 5:31 AM
HP Universal Port Monitor
hpbprtmon.dll
Port Monitor Server DLL
Hewlett-Packard
0.3.1282.3554
c:\windows\system32\hpbprtmon.dll
7/24/2012 12:54 PM
PDF Printer 8 Monitor
PDFVC64.DLL
PDF Printer Monitor
Vivid Document Imaging Technologies
1.0.1.350
c:\windows\system32\pdfvc64.dll
7/20/2009 6:00 AM
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
CbFs3
system32\CbFsNetRdr3.dll
Virtual Network Shares CallbackFS v3
EldoS Corporation
3.2.107.174
c:\windows\system32\cbfsnetrdr3.dll
4/9/2012 7:27 AM
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
mdnsNSP
C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files (x86)\bonjour\mdnsnsp.dll
8/30/2011 11:44 PM
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
mdnsNSP
C:\Program Files\Bonjour\mdnsNSP.dll
Bonjour Namespace Provider
Apple Inc.
3.0.0.10
c:\program files\bonjour\mdnsnsp.dll
8/30/2011 11:53 PM
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
File not found: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\Appinit_Dlls
C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
File not found: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
_Wow64cpu
Wow64cpu.dll
File not found: C:\Windows\syswow64\Wow64cpu.dll

_Wow64win
Wow64win.dll
File not found: C:\Windows\syswow64\Wow64win.dll

_Wow64
Wow64.dll
File not found: C:\Windows\syswow64\Wow64.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
IgfxTray
C:\Windows\system32\igfxtray.exe
igfxTray Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxtray.exe
7/20/2012 3:20 PM
HotKeysCmds
C:\Windows\system32\hkcmd.exe
hkcmd Module
Intel Corporation
8.15.10.2817
c:\windows\system32\hkcmd.exe
7/20/2012 3:20 PM
Persistence
C:\Windows\system32\igfxpers.exe
persistence Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxpers.exe
7/20/2012 3:20 PM
SysTrayApp
C:\Program Files\IDT\WDM\sttray64.exe
IDT PC Audio
IDT, Inc.
1.0.6417.0
c:\program files\idt\wdm\sttray64.exe
7/21/2012 7:49 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
CLVirtualDrive
"C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
CyberLink Virtual Drive
CyberLink Corp.
8.0.1.1926
c:\program files (x86)\cyberlink\power2go8\virtualdrive.exe
7/23/2012 6:52 AM
RemoteControl10
"C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
PowerDVD RC Service
CyberLink Corp.
7.0.2314.0
c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
3/28/2012 4:22 AM
HP Quick Launch
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
HP Message Service
Hewlett-Packard Development Company, L.P.
3.0.3.0
c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
7/9/2012 1:44 AM
HP CoolSense
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
HP CoolSense
Hewlett-Packard Development Company, L.P.
2.1.0.51
c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe
11/5/2012 2:13 AM
Adobe ARM
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Adobe Reader and Acrobat Manager
Adobe Systems Incorporated
1.701.3.3014
c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
11/21/2013 10:56 AM
NETGEAR USB Control Center
C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini
Control Center
3.0.54.0
c:\program files (x86)\netgear\usb control center\control center.exe
9/20/2012 3:56 AM
HP Software Update
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
hpwuSchd Application
Hewlett-Packard
80.1.1.0
c:\program files (x86)\hp\hp software update\hpwuschd2.exe
4/27/2010 2:58 AM
Trend Micro RUBotted V2.0 Beta
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
Trend Micro RUBotted tool
Trend Micro Inc.
2.0.0.1034
c:\program files (x86)\trend micro\rubotted\rubottedgui.exe
7/25/2013 4:10 AM
APSDaemon
"C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Apple Push
Apple Inc.
2.2.9.2
c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe
4/16/2013 9:13 PM
QuickTime Task
"C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
QuickTime Task
Apple Inc.
7.7.5.0
c:\program files (x86)\quicktime\qttask.exe
1/13/2014 7:15 PM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
NCPluginUpdater
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
NCPluginUpdater
Hewlett-Packard
1.0.0.0
c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe
10/21/2013 8:52 PM
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
Print Driver Status Business Logic
Hewlett-Packard Co.
28.0.1315.0
c:\program files\hp\hp officejet pro 8600\bin\hpstatusbl.dll
10/17/2012 5:37 AM
Seagate NA47RM8Y Product Registration.lnk
C:\Users\Cathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Seagate NA47RM8Y Product Registration.lnk
Product Registration
Leader Technologies/Seagate
1.0.3.0
c:\users\cathy\appdata\roaming\leadertech\powerregister\seagate na47rm8y product registration.exe
1/14/2009 5:09 PM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
Adobe Reader User Settings
"C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
Acrobat Install On Demand
 Adobe Systems, Inc.
11.0.4.63
c:\program files (x86)\adobe\reader 11.0\esl\aiodlite.dll
9/5/2013 6:29 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects
Virtual Storage Mount Notification
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
EldosMountNotificator
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
EldosMountNotificator
HKCR\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Skype
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Skype 
Skype Technologies S.A.
6.11.0.102
c:\program files (x86)\skype\phone\skype.exe
11/14/2013 10:33 AM
HP Officejet Pro 8600 (NET)
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
ScanToPCActivationApp
Hewlett-Packard Co.
28.0.1315.0
c:\program files\hp\hp officejet pro 8600\bin\scantopcactivationapp.exe
10/17/2012 5:29 AM
Task Scheduler
\avast! Emergency Update
"C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe" 
avast! Emergency Update
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\avastemupdate.exe
1/21/2014 11:09 AM
\CCleanerSkipUAC
"C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
CCleaner
Piriform Ltd
4.11.0.4619
c:\program files\ccleaner\ccleaner.exe
2/19/2014 8:42 AM
\CLMLSvc_P2G8
"C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe" 
CyberLink MediaLibray Service
CyberLink
8.0.0.608
c:\program files (x86)\cyberlink\power2go8\clmlsvc_p2g8.exe
6/7/2012 9:20 PM
\Core Temp Autostart Cathy
"C:\Program Files\Core Temp\Core Temp.exe" 
CPU temperature and system information utility
1.0.0.0
c:\program files\core temp\core temp.exe
10/14/2012 1:21 PM
\HPCeeScheduleForCathy
"C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForCathy (null)
HP Ceement
Hewlett-Packard
6.0.1.7
c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
9/13/2010 11:11 PM
\MirageAgent
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" 
YouCam Mirage
CyberLink
1.0.0.526
c:\program files (x86)\cyberlink\youcam\ycmmirage.exe
5/25/2010 8:59 PM
\Synaptics TouchPad Enhancements
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 
Synaptics TouchPad Enhancements
Synaptics Incorporated
16.5.3.3
c:\program files\synaptics\syntp\syntpenh.exe
4/23/2013 7:20 PM
\Hewlett-Packard\HP Support Assistant\Critical Actions Pending
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /actionsPending
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\PC Health Analysis
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis
HP Support Assistant
Hewlett-Packard Company
7.0.32.44
c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
8/10/2012 12:01 PM
\Hewlett-Packard\HP Support Assistant\Update Check
"C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1
HPSFUpdater
Hewlett-Packard Company
7.3.0.10
c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe
12/12/2013 4:17 PM
\Leader Technologies\PowerRegister\Seagate NA47RM8Y Product Registration (Cathy)
"C:\Users\Cathy\AppData\Roaming\Leadertech\PowerRegister\Seagate NA47RM8Y Product Registration.exe" /remind /language=ENU /loadsrnm="NA47RM8Y" /SRNM="NA47RM8Y" /BRND="Seagate" /BDSR="Seagate NA47RM8Y"
Product Registration
Leader Technologies/Seagate
1.0.3.0
c:\users\cathy\appdata\roaming\leadertech\powerregister\seagate na47rm8y product registration.exe
1/14/2009 5:09 PM
\Microsoft\Windows\NetTrace\GatherNetworkInfo
"%windir%\system32\gatherNetworkInfo.vbs" 
c:\windows\system32\gathernetworkinfo.vbs
6/2/2012 8:31 AM
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ExplorerBHO Class
HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
7/9/2012 4:45 PM
ClassicIE9BHO Class
HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
Customizations for the title bar and status bar of IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9dll_32.dll
12/29/2012 11:55 AM
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
ExplorerBHO Class
HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HP Network Check Helper
HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
HP Network Check IE Plug-in
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
7/9/2012 4:45 PM
ClassicIE9BHO Class
HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}
Customizations for the title bar and status bar of IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9dll_32.dll
12/29/2012 11:55 AM
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
CLVDShellExt
HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Cyberlink Shell Extension dynamic link library
Cyberlink
8.0.0.1926
c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
7/26/2012 1:51 AM
HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHandlers
CLVDShellExt
HKCR\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Cyberlink Shell Extension dynamic link library
Cyberlink
8.0.0.1926
c:\program files (x86)\common files\cyberlink\shellextcomponent\clvdshellext.dll
7/26/2012 1:51 AM
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
MBAMShlExt
HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Malwarebytes Anti-Malware
Malwarebytes Corporation
1.70.0.0
c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
12/14/2012 2:52 PM
HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Classes\Directory\Shellex\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
igfxcui
HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
 igfxpph Module
Intel Corporation
8.15.10.2817
c:\windows\system32\igfxpph.dll
7/20/2012 3:20 PM
HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
PDF Shell Extension
HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
PDF Shell Extension
Adobe Systems, Inc.
11.0.3.37
c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
5/11/2013 3:34 AM
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
MBAMShlExt
HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
Malwarebytes Anti-Malware
Malwarebytes Corporation
1.70.0.0
c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
12/14/2012 2:52 PM
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashshell.dll
1/21/2014 11:09 AM
HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers
ClassicCopyExt
HKCR\CLSID\{8C83ACB1-75C3-45D2-882C-EFA32333491C}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
00avast
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}
avast! Shell Extension
AVAST Software
9.0.2013.292
c:\program files\avast software\avast\ashsha64.dll
1/21/2014 11:18 AM
EldosIconOverlay
HKCR\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\system32\cbfsmntntf3.dll
4/9/2012 7:26 AM
ShareOverlay
HKCR\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
EldosIconOverlay
HKCR\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}
CbFs Mount Notifier
EldoS Corporation
3.2.107.97
c:\windows\syswow64\cbfsmntntf3.dll
4/9/2012 7:26 AM
ShareOverlay
HKCR\CLSID\{594D4122-1F87-41E2-96C7-825FB4796516}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Internet Explorer\Toolbar
Classic Explorer Bar
HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer64.dll
12/29/2012 11:56 AM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
Classic Explorer Bar
HKCR\CLSID\{553891B7-A0D5-4526-BE18-D3CE461D6310}
Adds classic Windows Explorer features
IvoSoft
3.6.5.0
c:\program files\classic shell\classicexplorer32.dll
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Internet Explorer\Extensions
Classic IE9 Settings
C:\Program Files\Classic Shell\ClassicIE9_32.exe
Classic IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9_32.exe
12/29/2012 11:55 AM
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
HP Smart Print
C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
HP Smart Print Setup
Hewlett-Packard
1.1.5.0
c:\program files (x86)\hewlett-packard\smart print 2.0\smartprintsetup.exe
7/27/2012 12:07 AM
HP Network Check
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
NCLauncherFromIE
Hewlett-Packard
7.0.0.0
c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
7/9/2012 4:46 PM
Classic IE9 Settings
C:\Program Files\Classic Shell\ClassicIE9_32.exe
Classic IE9
IvoSoft
3.6.5.0
c:\program files\classic shell\classicie9_32.exe
12/29/2012 11:55 AM
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\System32\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\system32\l3codeca.acm
7/25/2012 8:13 PM
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
msacm.l3acm
C:\Windows\SysWOW64\l3codeca.acm
MPEG Layer-3 Audio Codec for MSACM
Fraunhofer Institut Integrierte Schaltungen IIS
1.9.0.401
c:\windows\syswow64\l3codeca.acm
7/25/2012 8:19 PM
vidc.cvid
iccvid.dll
Cinepakr Codec
Radius Inc.
1.10.0.12
c:\windows\syswow64\iccvid.dll
7/25/2012 8:19 PM
HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
CyberLink Audio Wizard
HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321}
CyberLink Audio Wizard Filter
CyberLink Corp.
1.0.0.4414
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax
8/14/2009 7:26 AM
CyberLink Line21 Decoder (PDVD10)
HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}
CyberLink Line21 Decoder Filter
CyberLink Corp.
4.0.0.10324
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax
7/23/2009 8:21 PM
CyberLink DVD Navigator (PDVD10)
HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11}
CyberLink DVD Navigation Filter
CyberLink Corp.
8.1.4208.0
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax
6/8/2012 2:59 AM
CyberLink AudioCD Filter (PDVD10)
HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}
CyberLink AudioCD Filter
CyberLink Corp.
5.0.0.7823
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax
6/23/2009 8:00 AM
CyberLink Matroska Splitter(PDVD10)
HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}
CyberLink Matroska Splitter
CyberLink Corp.
1.0.0.1902
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax
7/2/2010 3:20 AM
CyberLink TimeStretch Filter (PDVD10)
HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E}
CLAuTS.ax
CyberLink Corp.
2.0.0.3404
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax
10/3/2010 9:39 PM
CyberLink RealMedia Splitter(PDVD10)
HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}
CyberLink RealMedia Splitter
CyberLink Corp.
1.0.0.1706
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax
5/6/2010 3:42 AM
CyberLink MPEG Splitter
HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}
CyberLink MPEG Splitter
CyberLink Corp.
3.4.0.3408
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax
10/8/2010 2:23 AM
CyberLink Audio Decoder (PDVD10)
HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C}
CyberLink Audio Decoder Filter
CyberLink Corp.
9.0.0.1722
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax
5/22/2012 2:03 AM
CyberLink Video/SP Decoder (PDVD10)
HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB}
CyberLink Video/SP Filter
CyberLink Corp.
8.4.0.2505
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax
1/5/2011 5:11 AM
CyberLink HD/BD Mixer (PDVD10)
HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}
CLHBMixer

2.0.0.5211
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax
4/11/2012 4:03 AM
CyberLink Audio Effect (PDVD10)
HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}
CyberLink Audio Effect Filter
CyberLink Corporation
6.0.0.7225
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax
12/25/2009 2:54 AM
CyberLink Digest Filter (PDVD10)
HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}
DigestFilter Dynamic Link Library
1.0.0.4028
c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll
4/28/2010 6:54 AM
Cyberlink SubTitle Importor (PDVD10)
HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91}
CLSubTitle.ax
CyberLink Corp.
2.0.0.1823
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
6/23/2011 1:22 AM
CyberLink HAM Decoder
HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}
CyberLink Video Decoder Filter
CyberLink Corp.
1.0.8390.4214
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
6/14/2012 1:37 AM
CyberLink Tzan Filter (PDVD10)
HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}
CyberLink Tzan Filter
CyberLink Corp.
3.5.0.4515
c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax
9/15/2011 12:04 AM
CyberLink RealVideo Decoder(PDVD10)
HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682}
CyberLink RealMedia Video Decoder
CyberLink Corp.
1.0.0.1225
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax
12/24/2009 9:42 PM
Cyberlink SubTitle Importor 2.0 (PDVD10)
HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C}
CLSubTitle.ax
CyberLink Corp.
2.0.0.1823
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
6/23/2011 1:22 AM
CyberLink Video Decoder (PDVD10)
HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}
CyberLink Video Decoder Filter
CyberLink Corp.
1.0.8390.4214
c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
6/14/2012 1:37 AM
CyberLink MPEG-4 Splitter (PDVD10)
HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}
CyberLink MPEG-4 Splitter
CyberLink Corp.
1.1.0.2906
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax
5/6/2010 4:39 AM
CyberLink RealAudio Decoder(PDVD10)
HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}
CyberLink RealMedia Audio Decoder
CyberLink Corp.
1.0.0.1225
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax
12/24/2009 9:44 PM
CyberLink FLV Splitter(PDVD10)
HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580}
CyberLink FLV Splitter
CyberLink Corp.
1.0.0.3327
c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax
9/27/2011 1:30 AM
CyberLink Audio Watermark Detector
HKCR\CLSID\{F0219FAD-541A-4FCD-9E8E-22E4C14CA8BA}
Audio Watermark Detector
CyberLink
1.0.0.516
c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax
5/15/2012 8:01 PM
Cyberlink Demuxer 2.0
HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38}
CLDemuxer2
Cyberlink
2.0.6.2518
c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax
1/18/2011 6:29 AM
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=94 folders=38 35476649 bytes)
==== Empty Temp Folders ======================
C:\Users\Cathy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Cathy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Thu 03/06/2014 at 18:53:56.60 ======================


----------



## kevinf80 (Mar 21, 2006)

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Re-run Zoek (accept UAC) The following window will open:










Copy and paste the following script from the code box and paste into the field.


```
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=;r
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows];r64
"AppInit_DLLs"=;r64
```
Select the "Run Script" tab. The following window will open:










Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do










Post the produced log in your next reply..

Next,








Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Next,

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.


 Double click on AdwCleaner.exe to run the tool.
 Vista/Windows 7/8 users right-click and select Run As Administrator
 Click on the Scan button.
 AdwCleaner will begin...be patient as the scan may take some time to complete.
 When it's done you'll see: Pending: Uncheck any elements you don't want removed.
 Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
 Look over the log especially under Files/Folders for any program you want to save.
 If there's a program you want to save, just uncheck it from AdwCleaner.
 If you're not sure, post the log for review.
 If you're ready to clean it all up.....click the Clean button.
 After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
 Copy and paste the contents of that logfile in your next reply.
 A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
 To restore an item that has been deleted (if necessary):
 Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

See what those logs show....


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Here are the log files.

Thanks,

Cathy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Cathy on Fri 03/07/2014 at 19:38:25.49.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cathy\Desktop\zoek.scr [Scan all users] [Script inserted] 
==== Older Logs ======================
C:\zoek-results2014-03-02-234635.log 95443 bytes
C:\zoek-results2014-03-04-020257.log 6718 bytes
C:\zoek-results2014-03-07-005356.log 90802 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"= 
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] 
"AppInit_DLLs"= 
==== C:\zoek_backup content ======================
C:\zoek_backup (files=94 folders=38 35476649 bytes)
==== EOF on Fri 03/07/2014 at 19:41:38.92 ======================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8 x64
Ran by Cathy on Fri 03/07/2014 at 19:51:59.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\searchprotect

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 20:00:05.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.020 - Report created 07/03/2014 at 20:10:11
# Updated 27/02/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Cathy - SPRINGTIME
# Running from : C:\Users\Cathy\Desktop\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16798

-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default\prefs.js ]

*************************
AdwCleaner[R0].txt - [3952 octets] - [20/02/2014 01:51:07]
AdwCleaner[R10].txt - [1889 octets] - [05/03/2014 21:09:26]
AdwCleaner[R11].txt - [2010 octets] - [07/03/2014 20:08:35]
AdwCleaner[R1].txt - [938 octets] - [20/02/2014 23:58:11]
AdwCleaner[R2].txt - [1056 octets] - [22/02/2014 01:38:25]
AdwCleaner[R3].txt - [1181 octets] - [24/02/2014 23:58:35]
AdwCleaner[R4].txt - [1297 octets] - [26/02/2014 22:05:53]
AdwCleaner[R5].txt - [1490 octets] - [27/02/2014 17:49:04]
AdwCleaner[R6].txt - [1467 octets] - [01/03/2014 08:58:19]
AdwCleaner[R7].txt - [2067 octets] - [02/03/2014 20:09:15]
AdwCleaner[R8].txt - [1708 octets] - [02/03/2014 20:14:41]
AdwCleaner[R9].txt - [1809 octets] - [03/03/2014 20:14:51]
AdwCleaner[S0].txt - [3806 octets] - [20/02/2014 02:05:59]
AdwCleaner[S10].txt - [1392 octets] - [07/03/2014 20:10:11]
AdwCleaner[S1].txt - [998 octets] - [20/02/2014 23:59:19]
AdwCleaner[S2].txt - [1118 octets] - [22/02/2014 01:39:43]
AdwCleaner[S3].txt - [1243 octets] - [25/02/2014 00:01:23]
AdwCleaner[S4].txt - [1359 octets] - [26/02/2014 22:06:37]
AdwCleaner[S5].txt - [1557 octets] - [27/02/2014 17:55:43]
AdwCleaner[S6].txt - [1529 octets] - [01/03/2014 08:59:08]
AdwCleaner[S7].txt - [2142 octets] - [02/03/2014 20:11:33]
AdwCleaner[S8].txt - [1872 octets] - [03/03/2014 20:15:56]
AdwCleaner[S9].txt - [1950 octets] - [05/03/2014 21:10:39]
########## EOF - C:\AdwCleaner\AdwCleaner[S10].txt - [1992 octets] ##########


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I am concerned about a process in my task manager. I'm not sure if it's malware or not, but it's an updater tool and that makes me nervous. I'm uploading screen snips.

Thank you.

Cathy


----------



## kevinf80 (Mar 21, 2006)

I already see that in your logs but could find no bad information using search tools, it is maybe bad. Upload the executable to VirusTotal for anaysis.. See what comes back...

Maybe worthwhile uninstalling from Programs list if you did not install it yourself..

Use the following Uninstall tool if required:

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on *Program name* to highlight that entry.

Select *Action* from the Menu bar, then *Uninstall* from there follow the prompts.

If *Uninstall* fails open the "Action" menu one more time and use "Force Removal" option

Kevin,


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

This file is not in Programs and Features and it does not show up in the GeekUninstaller list.

According to VirusTotal, the .exe file reads as clean, but the Downloader.Core.dll that is in the same folder was tagged by three antivirus programs as adware, and two more labeled it as a Trojan. Can I just delete the files? I hope so because I have a sneaking suspicion that this is responsible for at least some of my problems.

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hiya Cathy,

I fully understand your concern, maybe we use system look and see what is required to remove all related entries...

Please download *SystemLook* from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe <<- 64 bit.

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe <<- 32 bit


Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:filefind
UpdaterToolService.exe
:folderfind
Bin
:regfind
Bin
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Kevin...


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I've tried to paste in the log file, and every time I do, the page crashes. I've tried 5 times now. I'll try sending it in smaller sections.

Thank you,

Cathy


----------



## Squeedlejinks (Feb 27, 2014)

It's a very long log. Perhaps that's why it keeps crashing.

~~~~~~~~~~~~~~~~~~

SystemLook 30.07.11 by jpshortstuff
Log created at 05:46 on 09/03/2014 by Cathy
Administrator - Elevation successful
========== filefind ==========
Searching for "UpdaterToolService.exe"
C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe --a---- 6656 bytes [06:03 11/02/2014] [20:21 02/12/2013] 073D76B64EE698BE3EB938FE1243DE3F
========== folderfind ==========
Searching for "Bin"
C:\HP\BIN d------ [02:17 13/09/2012]
C:\Program Files\Ekahau\Ekahau HeatMapper\bin d------ [04:59 25/02/2013]
C:\Program Files\Ekahau\Ekahau HeatMapper\vendor\jre1.6.0_20\bin d------ [04:59 25/02/2013]
C:\Program Files\HP\HP Officejet Pro 8600\Bin d------ [05:24 31/12/2013]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.0.0.2_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine\Rendering\Shaders\Builtin\Bin d------ [23:00 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.0.0.2_x86__8wekyb3d8bbwe\Content\Bin d------ [23:00 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.0.0.2_x86__8wekyb3d8bbwe\Shaders\bin d------ [23:00 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.8.0.40211_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.Win8\Rendering\Shaders\Builtin\Bin d------ [02:23 26/02/2014]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.8.0.40211_x86__8wekyb3d8bbwe\Content\Bin d------ [02:23 26/02/2014]
C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.8.0.40211_x86__8wekyb3d8bbwe\Shaders\bin d------ [02:23 26/02/2014]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine\Rendering\Shaders\Builtin\Bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Content\bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Content\Themes\aquarium\Bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Content\Themes\classic\Bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Content\Themes\metro\Bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.0.0.0_x86__8wekyb3d8bbwe\Content\Themes\western\Bin d------ [22:49 05/11/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Arkadium.SharpDXEngine.Win8\Rendering\Shaders\Builtin\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Gui\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\aquarium\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\autumn\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\beach\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\classic\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\dailychallenge\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\metro\Bin d------ [01:58 27/12/2012]
C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\Content\Themes\western\Bin d------ [01:58 27/12/2012]
C:\Program Files (x86)\Bin d------ [06:03 11/02/2014]
C:\Program Files (x86)\Common Files\Microsoft Shared\Web Server Extensions\14\BIN d------ [10:04 05/12/2012]
C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin d------ [05:25 31/12/2013]
C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin d------ [22:40 05/11/2012]
C:\Users\Cathy\Downloads\Setups and Installations\Alice\Alice\Alice\Required\jre1.3.1_10_win32\bin d------ [02:16 26/01/2013]
C:\zoek_backup\C_PROGRA~2_SearchProtect\Main\bin d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_PROGRA~2_SearchProtect\SearchProtect\bin d-a---- [18:47 02/03/2014]
C:\zoek_backup\C_PROGRA~2_SearchProtect\UI\bin d-a---- [18:47 02/03/2014]
========== regfind ==========
Searching for "Bin"
[HKEY_CURRENT_USER\AppEvents\EventLabels\EmptyRecycleBin]
[HKEY_CURRENT_USER\AppEvents\EventLabels\EmptyRecycleBin]
@="Empty Recycle Bin"
[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\Explorer\EmptyRecycleBin]
[HKEY_CURRENT_USER\Software\Microsoft\AuthCookies\Live\Default\DIDC]
"Data"="%3CEncryptedData%20xmlns%3D%22http://www.w3.org/2001/04/xmlenc%23%22%20Id%3D%22BinaryDAToken0%22%20Type%3D%22http://www.w3.org/2001/04/xmlenc%23Element%22%3E%3CEncryptionMethod%20Algorithm%3D%22http://www.w3.org/2001/04/xmlenc%23tripledes-cbc%22%3E%3C/EncryptionMethod%3E%3Cds:KeyInfo%20xmlns:ds%3D%22http://www.w3.org/2000/09/xmldsig%23%22%3E%3Cds:KeyName%3Ehttp://Passport.NET/STS%3C/ds:KeyName%3E%3C/ds:KeyInfo%3E%3CCipherData%3E%3CCipherValue%3ECnSTGdE/1DhukvWe6ikxdhK9rgVTSyReR%2BitSp8tN7O2u3S%2BoSfOiexgrzYsgKbfsKQxGG29jzRAUvkkdYWOdGD5seigZfXpTo4NYYyzpCMv5b1fIaId%2BOc40wKkhjU71o/l08YCVQFh8Up0qoMGLt5xXPZGx1gLaBkJ5iV23CczF229AEunRTuHrQOPrIkoecMHtzfZQT4b4MabdnA/J9Ji6saIcyJr1XMZRkZqocjU/5XyQrfO5QkRetGoMn09FnkYNKwysSkkbXIDE6yNmLnemV8mBCVw/Ea4IvuGSwZDf%2Bz2ZwG2F1R8tx2waB8yDM16pbZTiZKIIV1KalzbgPpa9fXf0D7u5LdKNF8ICIOqi33jgqRZ57HU2GVCqAZetcw08/Z3SxAtBtnd3Tb/FUNO0LZHciTA%2BSRiYRvfkG7oguofitk0jdt0otKGbS9C74YHlHXrDu3g%2BZiKGDh7m2NcbQ27Trimk0uUh
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\Online Services\Bing_icon\favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL"="http://api.bing.com/qsml.aspx?query...e:sectionHeight}&FORM=IE8SSC&market={language}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Internet\Server Cache\http://www.bing.com/siteowner/s/siteowner/]
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}]
"ProviderName"="Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}]
"QueryPath"="http://api.bing.com:80/officequery.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}]
"RegistrationPath"="http://api.bing.com:80/officeregistration.asmx"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}]
"AboutPath"="http://www.bing.com"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{01FCFEB0-6CA2-4BAF-9085-B9BC5EB2E7FC}]
"ServiceName"="Bing (Arabian countries, English)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{01FCFEB0-6CA2-4BAF-9085-B9BC5EB2E7FC}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{01FCFEB0-6CA2-4BAF-9085-B9BC5EB2E7FC}]
"AboutPath"="http://www.bing.com?mkt=en-xa"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{1B8D96F8-7DE8-4872-ABE3-B812891D0102}]
"ServiceName"="Bing (India)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{1B8D96F8-7DE8-4872-ABE3-B812891D0102}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{1B8D96F8-7DE8-4872-ABE3-B812891D0102}]
"AboutPath"="http://www.bing.com?mkt=en-in"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2431013C-7F67-40C7-A2BE-F4038BCB0731}]
"ServiceName"="Bing (Republic of the Philippines)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2431013C-7F67-40C7-A2BE-F4038BCB0731}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2431013C-7F67-40C7-A2BE-F4038BCB0731}]
"AboutPath"="http://www.bing.com?mkt=en-ph"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{28A79371-BD52-4D19-BEF9-D18DFC6A80E1}]
"ServiceName"="Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{28A79371-BD52-4D19-BEF9-D18DFC6A80E1}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{28A79371-BD52-4D19-BEF9-D18DFC6A80E1}]
"AboutPath"="http://www.bing.com?mkt=en-us"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2902410E-C0F0-4CC6-9F8B-AA9A651157A6}]
"ServiceName"="Bing (Malaysia)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2902410E-C0F0-4CC6-9F8B-AA9A651157A6}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{2902410E-C0F0-4CC6-9F8B-AA9A651157A6}]
"AboutPath"="http://www.bing.com?mkt=en-my"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{3C081B8C-007A-4B9C-83D6-893F008034C1}]
"ServiceName"="Bing (Singapore)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{3C081B8C-007A-4B9C-83D6-893F008034C1}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{3C081B8C-007A-4B9C-83D6-893F008034C1}]
"AboutPath"="http://www.bing.com?mkt=en-sg"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{46F86C1B-ACB0-4C65-B98B-A01B6218CE61}]
"ServiceName"="Bing (Ireland)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{46F86C1B-ACB0-4C65-B98B-A01B6218CE61}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{46F86C1B-ACB0-4C65-B98B-A01B6218CE61}]
"AboutPath"="http://www.bing.com?mkt=en-ie"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{964C275C-1F30-468B-B08F-ACD99E546B90}]
"ServiceName"="Bing (United States, Spanish)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{964C275C-1F30-468B-B08F-ACD99E546B90}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{964C275C-1F30-468B-B08F-ACD99E546B90}]
"AboutPath"="http://www.bing.com?mkt=es-us"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9B3F2595-AA91-4EB3-93ED-DD6937C4A226}]
"ServiceName"="Bing (Indonesia)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9B3F2595-AA91-4EB3-93ED-DD6937C4A226}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9B3F2595-AA91-4EB3-93ED-DD6937C4A226}]
"AboutPath"="http://www.bing.com?mkt=en-id"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9CFA7632-5B19-46CB-A5CC-A24E04253137}]
"ServiceName"="Bing (Australia)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9CFA7632-5B19-46CB-A5CC-A24E04253137}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{9CFA7632-5B19-46CB-A5CC-A24E04253137}]
"AboutPath"="http://www.bing.com?mkt=en-au"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{BE52F2D8-9051-4E55-942E-A4702AB5E39B}]
"ServiceName"="Bing (United Kingdom)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{BE52F2D8-9051-4E55-942E-A4702AB5E39B}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{BE52F2D8-9051-4E55-942E-A4702AB5E39B}]
"AboutPath"="http://www.bing.com?mkt=en-gb"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{C220179B-60CF-4693-98DC-EC98FEFB5F4A}]
"ServiceName"="Bing (Canada, English)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{C220179B-60CF-4693-98DC-EC98FEFB5F4A}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{C220179B-60CF-4693-98DC-EC98FEFB5F4A}]
"AboutPath"="http://www.bing.com?mkt=en-ca"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{CFFB9D78-7929-4438-9954-24A679BB98A3}]
"ServiceName"="Bing (South Africa)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{CFFB9D78-7929-4438-9954-24A679BB98A3}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{CFFB9D78-7929-4438-9954-24A679BB98A3}]
"AboutPath"="http://www.bing.com?mkt=en-za"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{EC144DC8-F2A0-4094-AF76-3B0A6646D480}]
"ServiceName"="Bing (New Zealand)"
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{EC144DC8-F2A0-4094-AF76-3B0A6646D480}]
"Description"="Use the Bing Service to search for web results relevant to your query."
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\Research\Sources\{CFAB0A76-A2D1-4C43-A41A-3867F724B3A0}\{EC144DC8-F2A0-4094-AF76-3B0A6646D480}]
"AboutPath"="http://www.bing.com?mkt=en-nz"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892\AppexSports.AppXkdpa0f8m9a8vjds1v5mqrfgyxn1fp78g.wwa]
"AppUserModelId"="Microsoft.BingSports_8wekyb3d8bbwe!AppexSports"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\App.AppX7w733cy1qbd10gsh6qvg6cfefe4v34k3.wwa]
"AppUserModelId"="Microsoft.BingWeather_8wekyb3d8bbwe!App"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330\App.AppX8w8c6p2x3vbeag622f2mzjjecz4n9rtb.wwa]
"AppUserModelId"="Microsoft.BingWeather_8wekyb3d8bbwe!App"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-2809773185-964540269-851305089-1401553790-1873019115-3187118450-3726485248\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-2809773185-964540269-851305089-1401553790-1873019115-3187118450-3726485248\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
"AppUserModelId"="Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-2870191891-2241688837-171142518-109998219-184790337-3361571429-3188846544\AppexTravel.AppXdvfyn3mvgf382k8g5z6dsznda6kvcagd.wwa]
"AppUserModelId"="Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472\AppexFinance.AppXybtsa1402ty679z1bw0864vsphzrs336.wwa]
"AppUserModelId"="Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\Notifications\BackgroundCapability\S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257\AppexNews.AppXctnv7jgfexcxjqxhnfr8weh1x4cw0e6g.wwa]
"AppUserModelId"="Microsoft.BingNews_8wekyb3d8bbwe!AppexNews"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bin]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\HP LaserJet P4515 PS Class Driver]
"PrintTicket"="<?xml version="1.0"?>
<psfrintTicket xmlnssf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlnssk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:ns0000="http://schemas.monotypeimaging.com/ptpc/2006/1"><psf:ParameterInit name="ns0000ageDevmodeSnapshot"><psf:Value xsi:type="xsd:string">SABQACAATABhAHMAZQByAEoAZQB0ACAAUAA0ADUAMQA1ACAAUABTACAAQwBsAGEAcwBzACAARAByAGkAdgAAAAEEAAbcANAEQ78BAgIAAQDqCm8IZAABAA8AWAICAAEAWAIDAAEATABlAHQAdABlAHIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAABAAAAAgAAAAABAAAAAAAAR0lTNAAAAAAAAAAAAAAAAFBSSVbiMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\HP LaserJet P4515 PS Class Driver]
"PrintCapabilites"="<?xml version="1.0"?>
<psfrintCapabilities xmlnssf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://schemas.monotypeimaging.com/ptpc/2006/1" xmlnssk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords"><psf:ParameterDef name="ns0000ageDevmodeSnapshot"><psfroperty name="psfataType"><psf:Value xsi:type="xsd:QName">xsd:string</psf:Value></psfroperty><psfroperty name="psf:UnitType"><psf:Value xsi:type="xsd:string">base64</psf:Value></psfroperty><psfroperty name="psfefaultValue"><psf:Value xsi:type="xsd:string">SABQACAATABhAHMAZQByAEoAZQB0ACAAUAA0ADUAMQA1ACAAUABTACAAQwBsAGEAcwBzACAARAByAGkAdgAAAAEEAAbcANAEQ78BAgIAAQDqCm8IZAABAA8AWAICAAEAWAIDAAEATABlAHQAdABlAHIAAAAAAAAA
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\SPEEDY\Canon MP210 series Printer]
"PrintTicket"="<?xml version="1.0"?>
<psfrintTicket xmlnssf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlnssk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000ageCartridge"><psf:Option name="ns0000:BlackAndColor"/></psf:Feature><psf:Feature name="pskageMediaType"><psf:Option name="psklain"/></psf:Feature><psf:Feature name="psk:JobInputBin"><psf:Option name="psk:AutoSheetFeeder"/></psf:Feature><psf:Feature name="pskageOutputQuality"><psf:Option name="psk:Automatic"/></psf:Feature><psfroperty name="ns0000:QualityMappingState"><psf:Value xsi:type="xsd:string
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\PhotoPrintingWizard\SPEEDY\Canon MP210 series Printer]
"PrintCapabilites"="<?xml version="1.0"?>
<psfrintCapabilities xmlnssf="http://schemas.microsoft.com/windows/2003/08/printing/printschemaframework" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" version="1" xmlns:ns0000="http://www.canon.com/ns/printschema/inkjet/v100" xmlnssk="http://schemas.microsoft.com/windows/2003/08/printing/printschemakeywords" xmlns:bpe="http://www.adobe.com/schemas/2006/01/bpeschema"><psf:Feature name="ns0000ageCartridge"><psfroperty name="psf:SelectionType"><psf:Value xsi:type="xsd:QName">pskickOne</psf:Value></psfroperty><psfroperty name="pskisplayName"><psf:Value xsi:type="xsd:string">BJ Cartridge</psf:Value></psfroperty><psf:Option name="ns0000:Color" constrained="pskrintTicketSettings"><psfroperty name="pskisplayName"><psf:Value xsi:type="xsd:string">Color</psf:Value></psfrop
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map]
"DefaultActivity"="bing.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"HomepageURL"="http://www.bing.com/maps"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"Domain"="bing.com"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"IconUrl"="http://www.bing.com/favicon.ico"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"DisplayName"="Map with Bing Maps"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"XMLUrl"="C:\Program Files (x86)\Internet Explorer\SIGNUP\\map_bing.xml"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com]
"XML"="C:\Users\Cathy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Map_bing.com.xml"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com\Action1\execute]
"Action"="http://www.bing.com/maps/default.aspx"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\Map\bing.com\Action1\preview]
"Action"="http://www.bing.com/maps/geotager.aspx"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN3AGEKGG005KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingfinance]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingmaps]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingnews]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingsearch]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingsports]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingtravel]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\bingweather]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"ExcludeProfileDirs"="AppData\Local;AppData\LocalLow;$Recycle.Bin"
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"(App)Empty Recycle Bin"="False"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXgpv6wcgxm4nbyyrjas3dcz6tyyrqy3xg"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppexFinance\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXzcvgqp5jp049nh92yy23vhb7h3xdg7qv"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppexMaps\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXk13xdk9k26nrq0adtnmsvf52q63tkczc"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppexNews\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXx76ahk0qqf6m71pvqmfv5am7h8wtx2mg"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppexSports\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXcamtejemjen08wjk8c80q4dgf9wjee89"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppexTravel\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppX0y4q4jh4ryn24yjfv1np6qd5v99r9nf2"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\App\Capabilities"
[HKEY_CURRENT_USER\Software\RegisteredApplications]
"AppXrby0gfp6xx9gedq69nw33v09mjb7mrx3"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Microsoft.Bing\Capabilities"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{01354A0E-95BA-506E-BF6C-1331AB1A55FC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0135E0EC-BB38-5227-A4ED-7F8E056AC103}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{01519B18-DE79-5B9C-AAF5-B97F6B6F957E}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{01767A6B-7AF4-5921-B547-F0B9DCADB63B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{01BC51B9-E97E-5FAA-8B52-17BE585040B6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{02864049-EF08-5043-81F6-5E5E100B8B4C}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{032D4534-1F4B-5471-8DAE-78E64BC15CC4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{033B4A96-048D-508D-A04F-0480DEEA4D21}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{036692DC-5C8C-50CF-9174-9CAB922D4132}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0399986D-774B-5D8D-88A2-05B693C79DDC}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0408605E-38BD-5B52-913F-BC5B3C609FD8}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{04597D3D-A82C-5B64-B643-A662EEBCB5BD}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{046D9D7F-D354-5366-9D91-458B0654D0C6}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{04A3BFCC-88D4-55F9-A4AE-6CE8D70546FF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{04EE1E8B-220F-560C-87AA-02519397ED68}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{05325BB9-36DF-5EFB-9920-4824430A4370}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{053E3483-9A5D-5DE0-B960-5F4ABEFAA4FB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0550F4D7-B8FA-56EF-B3CF-2F38E6CEF1F5}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0586F046-10E1-5349-8862-600AD10EACBE}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{059A0B57-593E-5B60-9C11-F6609E0BE317}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{05A17FC2-E0CF-523C-B049-E82496A0F788}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{063ECB12-6D93-5FD3-862A-2114A96C2135}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{06542CC6-C816-5B22-9B48-D49FA34DAE06}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{06843B68-858D-5705-9BFF-72DAD686A220}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{06D74C76-E78A-5CA9-83C9-A52EAE200B33}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0716898B-25E1-5897-9AB1-9608E7A1123B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0732DAA6-652E-5452-B57B-04563DC981C1}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0781F26E-275B-5A0C-8D29-DFB8B55E9FF6}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{07BB7A4D-A245-5BF2-9E76-C5F60F14B995}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{07E02FD6-9CC1-5736-879F-09D11C1A3D35}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0817F9F7-EB8E-5165-8FAE-E9A51C0E182B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{087B0349-F2C8-56C1-8F68-8DCCD853BC80}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{087D5E85-B576-5F10-8FC1-71BDA12F284B}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{08A382DB-D2AE-58E2-BFBA-70C0C2ABE165}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{08AE97ED-7655-5414-B541-E8F6A556DE72}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{09129D5A-A216-5BC1-ACBA-4DB8FFB054B5}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0962E1A0-C0D4-5380-A51C-2F5CDFFB69C8}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{09E84553-F5CC-57B3-A396-CCB6DD931C2C}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0A02DFDC-D085-5081-9AA6-359EEBA4C851}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0AA2885C-5FE0-52B0-BAEF-44F866512795}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0B484F77-956C-51EC-A99C-3CDF1D6CE9A9}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0B579316-2A91-568E-A120-EF216F121F65}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0B81B1D7-454E-53AF-8438-18A53D9E795E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0BC47117-4569-57BD-A56C-E3D7CAEAD9B1}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0C8092C1-0178-5681-ACC1-6067914E6090}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0CB196DA-94AD-5251-A3D8-981D2830DD37}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0CD2D18D-73DB-5A50-97B7-A1F5671207F5}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0CFDC4EF-23A8-58E6-B7B6-4D37318CDFF3}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D40E1ED-51EE-5A02-9C9E-CC814EA8CF41}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D415957-6CE4-5159-BDD7-0F2407DCF922}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D572905-05D5-5719-9C9F-C020E3F2F91B}]
"ActivatableClassId"="Bing.Maps.ViewChangeStartedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D572905-05D5-5719-9C9F-C020E3F2F91B}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D5E810A-ADCA-5C9B-AE51-86D557FD7DF9}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0D63376A-9D14-5EC3-97F2-5FE42F0595F3}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0E33D323-7C4D-58AA-83AE-922F42C63264}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0E3DFACC-4B96-5B95-BA24-A88A9485DBC2}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0E76865E-6F5D-570B-AFB5-07C04DB2C4D3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0ECC2FF5-3297-546B-86A8-BEE3B6B9D961}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0F63B9EB-406B-5806-8D20-951450153793}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0FDC0DD7-616D-5558-9A43-38936222EBF4}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0FFE84D1-79F4-5D6F-95BE-3C96974BFC13}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{0FFFA443-1C82-5EDF-9DB8-4629D5D6731E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1012D77B-C46D-599D-A628-1FE52C6AC93B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1089A474-1464-501A-B9A6-90375C16BC22}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{10AB7FDA-5B47-5B15-92A3-25930B98CF8B}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{10E63B8F-58F9-521A-970F-0A70C9302AE0}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{112CF728-7E09-5CE5-82AC-8AAF91B92629}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1131F3DC-B5C1-563A-AD34-BA9F7A427ACC}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1148A779-A1C9-5C32-B2BA-8C6D5043F54D}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{115D6AC1-1573-5B11-A2A3-ED53CCB696CA}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{11725FBC-CA30-5716-81D0-9A9FDF857DE5}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{11F28EFD-0E2E-5D8E-A524-2DB1A883C3F6}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{12027F79-2F4B-54DB-8979-0FACE885D9F5}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{122FD49C-CF66-51DF-8F0A-1807DD2A2D1C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1238E0C3-9FBF-5793-9AD6-089F5B521A1B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{126B44C4-486B-53A9-BF1F-CE9A487BC41C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{12C4CFC4-4CB0-5590-AA69-4FA78C97E9E3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{12C90316-0078-52C6-A67D-3C09E74EC788}]
"ActivatableClassId"="Bing.Maps.MapShapeCollection"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{12C90316-0078-52C6-A67D-3C09E74EC788}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{12EE7FDA-44E1-555C-BBFC-922B08668BF1}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{13189ACC-50FC-5CF6-AC58-787CCF1D6FE4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1358A9FB-2508-577F-8DA2-2CE0A9549D5D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{139FF44B-859A-51DE-A799-602CF15AD514}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{13A73AF3-F8CA-5396-8B84-7E72115DE643}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{13AE1E41-8231-57BB-8F3C-54F5C3CBABE0}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{142E5668-333A-5513-967D-2D3111C9E507}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{146FAFD3-8BE7-5FFB-81E7-ADC02A4EA976}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{15568838-ADC5-5847-BF06-1491A31C6B92}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1563C0AC-D1DF-5855-9251-2816195CFA41}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{15EE7B9F-202B-5B20-A344-294970C2BCA5}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{167CA4F5-A2E2-5C78-9699-C8D4B073DF78}]
"ActivatableClassId"="Bing.Maps.MapTileLayerCollection"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{167CA4F5-A2E2-5C78-9699-C8D4B073DF78}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{176D14FB-9305-5E9C-9F6F-4095107BC7CE}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{17AB9D1C-3D76-571F-B97C-EA5E35EED4B3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{17E529CF-7A78-528E-9BFA-2747172FD21A}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{18F96DD9-AE13-5403-B500-C41D18A77EE1}]
"ActivatableClassId"="Bing.Maps.LocationCollection"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{18F96DD9-AE13-5403-B500-C41D18A77EE1}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{191E2533-1274-580C-8A9B-B2A7949CDBE4}]
"ActivatableClassId"="Bing.Maps.Pushpin"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{191E2533-1274-580C-8A9B-B2A7949CDBE4}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{198B717C-D1A3-5231-A0F9-99BFFC98B69A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1A9A9BF0-53C3-55AA-B5ED-F44D47CEB542}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1ADB62D0-92D7-59F7-8FC3-646BF8DCB7E4}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1B0857DF-08F9-521E-B889-4BCE4ABFB987}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1B7B6538-C7C6-554F-AC70-105D8A5AAFB1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1B8F18D1-3A01-5EAA-A8F1-3E7EA73ADA28}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1C81CB38-4C7E-59E6-9E03-FE4C73D9E867}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1CA37154-5E82-5418-93CE-2D126803CCD6}]
"ActivatableClassId"="Bing.Maps.MapTileLayer"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1CA37154-5E82-5418-93CE-2D126803CCD6}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D014EC0-6D67-5DFC-BF74-58D3D3402850}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D4215E7-EF58-5514-9B2D-B1ACEE66969C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D4FB576-C800-5FFB-ADEE-66885563AFC4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D8D760E-6FCF-5B16-A61E-1A431E4128E9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D8E5282-8B5E-5BFF-BCD8-E7E92732DF28}]
"ActivatableClassId"="Bing.Maps.MapLayer"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D8E5282-8B5E-5BFF-BCD8-E7E92732DF28}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1D9105D0-F03A-5C73-8321-F8987A0DFAD8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1E0A9D6E-ABD8-5FDF-A59D-60EB6D6C1FED}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1E481ED5-926F-5A69-B69A-733CD8F1AFDA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1EF1490C-594B-58AF-BC1A-1E6143D9FB60}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1EFFD296-02A4-54EA-AA8D-5925B98F09A1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1F06BF86-8CEC-5BEE-B636-242CF358A53E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1F240A97-EEFD-5D80-AA94-1886EA55FD4D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1F31A98F-1EB4-5C5E-8646-EF590BC459AC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{1FB7C60D-F8A4-5253-9988-A532EE1DA003}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{203B4E78-93BD-5256-8793-2A7FF02BFB11}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{205E0A8C-86E3-5552-A964-C6459A73DA52}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{21BA50B3-3F07-527E-A620-08BC71CFFE61}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2220231F-20E8-52F4-A11A-1015740B1C3C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2259C54F-5EB1-56B6-AB01-6A5E0A7F1E5F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{227A582C-56E8-555A-A47B-A9E4D27A9A5B}]
"ActivatableClassId"="Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{227A582C-56E8-555A-A47B-A9E4D27A9A5B}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{228F49B3-7A1F-5BC5-A33F-AEF660A63713}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{22A0003B-66C3-5ACB-8D40-FEA64BF6CCAB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2302D4DB-6234-5715-BA5C-79E9D6C782F2}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{23714C88-94BC-5BF0-94EA-33D85BC4B9A3}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{23F6811F-51FD-5788-81C6-2EC65B09FB19}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{24175638-C999-5B2F-93E9-457F1DAC5F47}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{24837B1F-F7EC-5823-BBC3-0A08F2093F03}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{24C62FE2-C015-516A-803C-9AA9A3B5FEAF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{256E5F36-B346-5486-9855-E9D1FFAB60D6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{25CAAC4E-5FA9-525B-896C-8B69CB6A21F7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{263BE3BF-6A3F-59ED-90FE-7BBE3175D653}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{265DB705-7EB3-5773-AAC0-119605D7AB0F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{26E547AF-E266-5F2D-BBEC-FC902139DE62}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2795BB56-475A-5677-808D-6B63FE03C293}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{27AE925A-4995-53C0-B807-74F2159AF35D}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{289A4BE7-9708-53CB-96EA-69F04DCB7E38}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{28A09196-4176-57C9-A455-A3EA36A1259A}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{28C46901-C0C6-5D4C-9F6E-C930422D0074}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{290A71BB-174F-591E-B6C0-08FB5965E240}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29663C50-9FBC-5A30-A039-825EC2844C12}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29CA3682-2EA5-5516-8023-67716CB8A57A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29CFABF1-C2F3-5512-BB15-2390D4707AB9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29E7A004-65B4-5F5A-A531-2D2C787C57B1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{29F190D5-EA13-586F-9E2A-C0E1CAEB45F8}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2A152E92-5951-5CBA-9142-BD2E9214E878}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2A29A69B-B56C-53AB-A602-3E4EAAE8614B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2A3B79B2-27E7-5544-AE88-EF78AF513C66}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2A70EFA9-6D69-5AAE-B04E-07A52A3D097F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2AB20A8D-FC25-5638-B9DD-E4C70020D643}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2B0C5A4B-9479-5301-8ADF-5B2B2AA1E9BF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2B292F8F-96CC-5869-8219-260448E2E8B8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2B42CFFB-ACA0-5691-83E3-D7A99FF52A80}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2B8A9344-4F26-5654-9D9B-2999111521DA}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2BE3D7D5-3C53-570A-BB46-7ACBE12618EF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2C012709-4445-50E0-9D20-60AC27539B8F}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2C2ED024-BD52-5AE3-87DE-92C238064C2A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2C8A8DF7-3232-582E-9FB3-076840638F8F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2D1D95C6-58F4-5A3B-8B1C-1D153010F876}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2D898219-9844-546D-8F27-0AA2C5B8EA9D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2DA69467-6464-5B2D-AC16-E19B8596CDA1}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2DB56EA1-10A8-5F63-BADF-0D6BAECCFE43}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2DBA13B5-6072-5336-9157-64E383416D18}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2DC2793F-455A-5BA4-A5E3-3A37BE166523}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2E8FD440-8622-5CCA-B231-2B8C388B6EAA}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2EE0DDD1-4B45-52FE-8EB3-A8ABA3B84A5F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2EF5D54A-8E5D-5D45-85EF-DB92ED9DF35F}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F020CCB-2104-59C9-8976-B44209FDB30B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F0EC8DC-FA6C-50E2-B777-901C5EE38412}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F6024A9-589E-55D4-A619-6D302619F416}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F7FCE6F-572D-5390-939A-FBD3C6383644}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F83FE40-270B-563B-AA6C-FC846C8F6BC6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F87B177-375C-5D10-B8B3-2C6B7A060347}]
"ActivatableClassId"="Bing.Maps.StringToLocationConverter"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{2F87B177-375C-5D10-B8B3-2C6B7A060347}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{305F0226-C1D5-52E6-9EFD-ABFEB41A2B10}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3061785B-8390-5626-807B-BAF30D8AE995}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{30933B2C-8F48-5BE3-986E-DEAA5A7B4F74}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{30973F09-C1D0-5181-951D-2C21D6D7C7E7}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{30E83540-A049-538C-8C9B-0FFDB8FAEBD2}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{310E0F30-3B34-5E27-AAD4-1D8E1B7A6E3C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3143EDB5-F20F-58B4-89BD-6F954763C0C3}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{314B0918-1EA9-5A05-8DCA-8773ED0F7AC5}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{31678893-62F0-5AB4-A6AD-FF401A753CC3}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{319D0A47-A102-569F-B873-58DC8DD26236}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{31A80939-9DBE-52E2-94F5-676ED727BCFF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{32172238-D0A4-5EB8-93D3-B83AF3E6BB5B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3271CB55-E049-531D-88BC-C9FAB41F25E7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{32EA5D91-BB6E-5291-BFAD-F3C646338E5C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{330EEB32-87BB-51CF-A638-95FB7C88015F}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3342A456-67B4-52B7-9FDB-5F5CCA9A6E68}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3368C809-CDC3-5C64-A8E8-92848EA46FDA}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{33838084-44DA-5C42-AC66-2E69BFB64B3B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{33B8F545-3DEA-53D4-90AE-F353DCFBB03F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{33D5CCF7-92B3-5897-A28E-661F4A74E524}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{34A022FB-0E12-511D-872A-FA8E870F3EBE}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{34D3253A-0AE0-56ED-BEB5-38D90E101727}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{34F51831-85A4-5A4D-835D-CDF94E0334A0}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{354B204A-77BD-5A3F-96A3-5DEBB8477448}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3554E492-BED0-51C8-A03D-DCD49A144372}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{356B21AC-F50C-588F-9382-178FF50A69F4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3588F280-F8A8-562B-99C3-F54FC0F44755}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{35E74F91-DEFE-5FD0-9A19-06E37CA0BEDB}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{360637F1-7F22-5112-A71A-BEF27CEFFD61}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{36661C1D-33E0-5DF6-B0F5-058895882D5D}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{36BD9604-E69D-5992-834A-DADA82997A5D}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{36E3193A-F1D2-5956-9917-93403A0773B0}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{36F40B14-BDEB-5E77-8867-32CF384C0EAC}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3710CC3F-2C22-5CF3-A1C2-8288F4A31DAA}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3734E1DA-3D5E-5183-8670-16E6019EABC5}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{378BC745-F5DF-5BA6-B355-C7BDBE06E364}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{37A3C0C8-7A96-5BB1-9389-AA152C5F03C8}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{37B4D9C1-E7D4-5ABB-A23C-A769AB2E3898}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{37E18168-AB84-51E0-A056-3EFCE61C7AED}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{38538DBE-7D8B-5E9E-960B-ACC47D8B8DD5}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{386DFE61-CAE2-5C07-9299-A09C8D651F9B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{38C3D963-5CB5-5A3A-A5A5-A54C02E5C560}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{38DD9CFD-43E9-5DFF-ABDC-49A1DC3BD675}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3973ACD3-1EC2-5FB1-89DC-8A5DF8C14DB4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{39EBD434-437E-5082-BA8E-FD3BA0BCDF13}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3A2F5670-FA23-557C-8AD9-5BD9D79D44D0}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3A3D15E3-62BF-5E96-A1BF-C98032BCEFFE}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3A4D51DE-E9E6-5665-B01E-F893515CC961}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3A6EB644-356E-56A3-B675-543DE11A5575}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3B65904A-1991-5015-984B-F943FD51557B}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3B91B64E-65C2-52CC-A168-1C8482E8365D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3BC071B4-88B3-5610-A9CD-35D226219BEB}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3C98E073-5D63-5918-86C8-8F02B10C46CB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3CE9D42F-A9E3-54FA-887B-99F15292C9F8}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3D0ABCED-7FD7-5357-81D1-FB013A4B28EA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3D21472E-E17F-599C-869F-45C77A040CDB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3E5A25BC-EAD4-5852-95C7-C3960CC1E092}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3E7BF0C3-294B-597C-A078-A8A5EE49BAC5}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3E81A077-CBB4-5A4D-93C6-1DFD0D80465F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3E9A0E4B-889D-5909-ADA9-C47739EAB7F6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3EB0F180-51F0-5F92-B2EA-81A5184C67E9}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3EDE2D08-B256-5B52-B8D4-42B67F187FC5}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3F34BBEB-5FB4-5938-B0BA-E957F4F99261}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3F5A74F1-BB07-5AB6-8637-3AD7E83EAFE7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3FA48665-933B-55DD-B678-13580C329CF2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{3FBF768C-25AF-5DB6-A123-D19281CDECE9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{40086B24-9D32-5A9E-95ED-FA65CD80BCF3}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{403B0113-1B85-562B-A65C-CD751814369C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{403FED61-B328-5E09-B455-518BCEA8EC7C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{40AEB858-02AB-567B-8E58-CB3683FF893A}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{40CEE4E9-3B42-5F4A-8EBC-1B8BA52C57D9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41068206-9AF0-533E-A7E7-65BEDFE03685}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4118DAE9-A32D-5160-91BC-9459CAFDF59E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41292E72-EB34-5D03-BB88-741BC01F4DEE}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41A0230C-0501-5C33-9852-1E6C9044C59A}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41D2D510-8639-5129-A738-C8B5B7582063}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41ECF157-3F7F-5F79-A8B3-A3C81743B995}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{41F8DA4E-3F98-5C69-8FFD-F717899C4DB6}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4235E0DA-6554-5842-B4DF-D12D959BE897}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{427268AC-A495-5699-B90E-34A5137B577F}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{42EDBFFB-12F4-5E42-B35F-EBA122E12202}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4333012D-3C4C-56F2-BDE6-A3CAE05F7DAC}]
"ActivatableClassId"="Bing.Maps.MapPolyline"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4333012D-3C4C-56F2-BDE6-A3CAE05F7DAC}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{435D16D5-16B7-5AEB-85EA-DFB23CC4958F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{439C7C4E-008E-5BE7-9BCF-3EF8A6315607}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{439DE0E1-A887-5F5C-B6B9-374747E56C18}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{43A7F2E8-EC5C-507A-A456-699EF1B0A3B8}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{43E352F9-4E2A-5120-9394-E3F00FD89D1A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{44723AC1-5E6C-5244-A7C2-9327BC490D1D}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{449B3E70-1B2E-588F-AF05-7C2EDFFDDE58}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{44BBDEDA-BBCC-5277-82B6-C654E5C407F2}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{44FE770D-300C-5E64-BDD7-D712AFCA1818}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{452DC449-F488-506F-B0D8-F8F3CD5E5568}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45318181-AB2A-5BE9-AC25-A46194FB6E1B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{453AA835-533A-5B1E-B5BC-75064107F204}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{455DB01B-FBC6-5165-958B-965405CE1811}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45609425-B7D1-502C-8125-EE1BCC95E95C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45634474-18CA-53AA-B228-9036EE08FDB1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45699EA7-C3C7-53B6-9A0E-C3BC48D1F769}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45B9D882-E01D-5EFE-8182-5ACAB3A9FF34}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45F6DF50-9B0F-5793-91A7-689A3B2F9D2C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{45FA7AB1-BEE3-5B83-8B9F-FA871A51C932}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{461D4F1C-1531-5FBF-B85D-3D0AE278378E}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46564611-4701-5918-B29B-2D47260125F6}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46A83204-3B34-55DB-9AB2-17A4B72BA58E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46B4CE9B-6B69-5DC6-8DDA-6CBD2C3E4113}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46DD01C3-A181-5BB3-B657-0AD445343E00}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46DFBEA2-7E71-52B1-A1A5-F67C33C3600D}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{46FD0065-F6AC-591E-AF18-49ACA756C3C0}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{471C4D89-D103-5955-8858-3A94EF7162FC}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{474E9227-BBB6-53CD-AF6E-2A41281B88F1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4758D276-41E4-5F27-AA5A-365B2AB41996}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{476DB918-75A5-5E75-9C17-73E7C3A86CF0}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{47EE909C-64C3-560B-8BAA-CD36828FD499}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{48074F2A-175A-5926-8970-EB3A8ECF7BE6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{48C4AFA8-D629-5944-A1F8-3E1D6A293C3E}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{48F51DE3-A774-552B-90A1-6B0D81DC6A0D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{491367D0-DF2A-571E-8B0E-BECB77320DF7}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{497085FD-2140-5D32-8C9D-018918BC74E4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4A843CCC-EBC4-5A80-8BB0-3EF5B56F1EC0}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4AE3AD4F-6AD0-519A-BDB2-FF505D294B00}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4B13256D-075C-5803-9FCB-33DBF3B28197}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4B8F259B-8662-5C50-AA36-61A28F8CF103}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4BA7F6AE-F462-57A5-A5A6-6B8749523104}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4BFA50C3-776C-598F-AADA-950609DCE973}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4C3EB219-36A6-53C8-8E68-D50C0980369F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4C40AF27-E777-54AD-9536-B827E9A3EB1E}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4C7D518D-8491-54AE-8819-99F50C28A74B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4CA3A6B4-BCDD-50F0-9BDC-E22B0D3FE0F3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4CF606F9-0124-5C22-9814-AAA2FE140897}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4D62F807-8C1B-5A8D-8898-625A8CF9BCB2}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4DD78836-A74C-5917-A6CA-3DDB27B0D4F9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4DE00871-73D6-558C-90B0-B420184FB2B7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4DF4613C-930D-5234-8C56-B1CE857BD895}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4E293BE9-5B91-5798-9F8D-C6360B26D126}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4E635258-0FCE-5981-A17F-52B2F84AABD9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4E875AB4-0B5B-5936-AB7C-88642E53B5DF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{4F29B02C-8DF6-5EB0-BABA-566062EF54F8}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5093E659-155F-581B-9714-11B4F364BF80}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{509AB79F-E05A-5975-9543-4E7B7E0EF48F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{50C5638D-B78C-5C15-A8BF-81CCCC4D595D}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{50E438DD-6B31-5A3C-9EE6-23E4AD9FAD49}]
"ActivatableClassId"="Microsoft.Bing.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{50E438DD-6B31-5A3C-9EE6-23E4AD9FAD49}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5115EE97-6EE5-544F-9FA9-52BB0AFA12C1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{519E5A56-60AD-5264-8A35-6418454E5720}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{51B50DCC-CB4E-5470-87F1-4F43DB056175}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{51B5E278-7536-5A55-9C31-03F83A0BA9F1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{51E3CAF5-BEF9-55DB-8C3C-3CA15F67F876}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5211E545-38C0-5B8F-9BDF-2D5A21F69988}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{523B2F41-BD1B-59E1-9D6D-2C792370492F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{525B1616-683D-5DD9-B1D3-3599FEEF89C5}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5286FD4B-0258-55E8-93AB-A06693D3D48C}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5289EB63-DAEB-5A83-9624-5BD2DD34F007}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{52E70393-3010-590D-B77D-BCB029A7C18F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{531AAC0A-AC30-5CA1-9249-A71406FB5918}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{533D73DA-EBC9-5A85-BED7-D19035D21564}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{535287AD-1CCB-5502-B584-664E29D3AAF6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{53575134-589B-5A51-B62F-91B4F69A2030}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{53704826-E6BD-551D-BA88-45D7F47B6720}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5409A7DD-76C7-58A9-A164-D15912BAE4B4}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{545ED1CB-6600-58E5-8D93-EBCE212824E0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{546B115D-8A39-5914-A134-9840013D1080}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{54DE9409-4FE0-5EB6-A5A9-66CC380A3B36}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{551438CB-9B9B-560A-9C1A-27C7F58083E1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{553BF9A6-894C-5D8C-9DB4-62E151F24805}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{557658F9-C23B-5675-89D3-4C53BBCFCB81}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{55A3EEB4-C323-5168-A2DB-942DE97D8237}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{55F11A06-DB69-537F-B3B4-70B9139DDE7D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{565AC49C-F552-5937-9DB7-A101444BD5E6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{574517DF-3445-52C1-B7A7-9F83FD8E54B6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{576007AE-F255-537E-BEEF-4135AB621AE6}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{57E333AA-9437-5571-BF80-D4E778EA53AE}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{57FBAF63-7DC1-5FE7-9AA9-A558CC53530F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{593DED89-5B41-5A6F-A05F-C70FF2B54EEA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{59A77BF0-6A10-553F-9E5A-212355D6FC5A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{59B16238-60C3-503E-8B89-F1DD0CB34D0A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5A1E299D-A21D-5A1A-9179-5375E0F03A3A}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5A7A05F8-C645-5099-8876-595FFB61CD7F}]
"ActivatableClassId"="Bing.Maps.MapAutomationPeer"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5A7A05F8-C645-5099-8876-595FFB61CD7F}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5ABA31FB-D9F8-581F-9EA1-00E89D832567}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5B23B916-AA37-5D95-8E26-A1A5D2AA9276}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5B988928-07EE-56DF-AE1B-6FC1D23E762D}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5BA5210E-E0D3-542A-B80F-686727550F71}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5BD11C5C-5C45-5B28-BF2D-7477D954858B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5C99EEAF-F0C8-5E72-8838-20FE48F85310}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5C9B8EB3-88B6-5384-B60A-E3EF79D1755B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5D2ECBFD-50FB-5657-90A8-DB821C4A23AB}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5DA67754-BC95-554A-9CC3-9A152A453366}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5E335E21-60F9-5477-B47A-59A3F0D326E3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5F00443E-2258-5BFA-A51B-171796A31FEA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5F1AE946-8A16-5F9A-A55A-FFDAADB1B308}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5F3440B1-D308-5038-9105-DB0D2FA57916}]
"ActivatableClassId"="Bing.Maps.TileServersAvailabilityChangedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5F3440B1-D308-5038-9105-DB0D2FA57916}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5FBBAB5D-3F38-5705-A2BC-39FAF3DC766C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{5FC25AFD-AD7F-5970-A83B-F0DCA505DBCF}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{601A9D05-3CE7-5F05-A4FC-3A61C64A33CD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{601EA3E3-C12F-5F7D-8AB9-E710E91CC4EF}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{60228630-E1E4-585D-93BC-32DD47D0B701}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{604D45F4-CC4A-5D14-AFDA-78E8DAC5454D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{606E87C6-94CD-5B97-8A9A-0240C7B7FF95}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6123DD6E-4E7B-5748-A6A0-6634378792C9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{617E2CC3-6FAB-5F2C-B3A9-0B34628C63F7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{61964D4C-0805-5C2D-AAAD-56523E7C4B57}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{61967070-C3F6-52A4-A719-82DBC6FF705D}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{623C142A-B619-563D-8CC8-125FD9A21A29}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{624A6412-5D64-5A4A-BD84-CDC36CAB077D}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6322D01D-20DD-5F69-9E7B-3E352C571677}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6351D8E6-0107-546B-B3AC-7B38F318E7F5}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{63774FC4-92D2-561E-9BC7-77FB7F92CB61}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{64494899-FEE3-54A7-A590-2195305FF4B7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{648B5CDB-20B9-5044-B231-EAE20293F4EE}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{64D865C4-D71E-5908-AFC3-29124DE1CD97}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6566FF95-62C3-51F5-8A11-70DDCB3C8D48}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6580CF42-29A6-588D-92CE-7E953568D9CB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{65980DBC-A113-5220-BE0C-B8965A7CC752}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{65E91DCB-D302-534B-9FD5-EB2A1824256A}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{66195D48-99F0-51DA-AF3B-E3F7D44007E0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{66368FE4-078F-5AE3-B290-0208AC9B5DFA}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{664E71F5-F99E-5687-9B22-E3F017B86D6D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{669D1A80-5A07-5D94-B3C9-965C16E2D685}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{676B6A71-1BDA-57D1-8AF1-7ACB1494D5D7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{679586D2-8131-515A-8E3A-B0A6FF605899}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{67B21F5E-522F-5041-95A7-EAC6048CBE36}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{68034A3F-6403-56F6-9594-CCC777A0B104}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6806ACCC-D46D-57A3-A718-CC46836034A2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{68C008B6-F815-5E6F-8DE0-76F871469313}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{69101CE2-7A12-5A66-91D7-87852C8FFCD9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{691E18DA-E2D5-5D64-B36B-9A7D97327662}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{69728709-D2E6-5857-980C-C699D6DD0578}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6988D3C0-65EE-545E-B202-739F5936B64A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{69A0BB58-49BF-5E3F-AE37-45563773A6CF}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{69BFD184-E4E8-5BDA-B8D7-499FDFDC2027}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6ACEEC31-B8EF-5F1E-97ED-E5E75EBD1510}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6AF7403A-702C-55B4-8031-1B863C415C0F}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6B4E9CF7-89A8-5447-8BF8-27AD3050B976}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6BB261DF-FA2D-5043-98A5-15D9772AC54B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6BDB1260-772C-5EB3-A24B-B387FA2D7B8B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6C4E63D4-D870-52BE-B692-C252D60D3AAA}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6D1F2D86-8576-5CD8-8D2D-61631A8E27AD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6D9CD358-D17B-5E1F-BEB5-4DB7026044D6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6E027196-228A-5591-B586-4119A38A98E5}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6E6DBDB4-3644-5583-9F1F-7AE3CDCDFC8B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6E747678-4944-58E6-BD96-E321D5AA1A25}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6EA0130B-305F-59D1-9BAE-EDF907F6E950}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6EFA04D2-DF3A-5561-9251-D09D0D64D31F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6EFF173B-773A-59DE-A628-5275CB3C4D44}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6F375964-D1EB-5F14-B68F-0A066216BBDE}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6F649D26-3FC7-551B-996F-A5BEC34BC70F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{6FAF81CA-701B-53FC-9557-9584F4FC0E9F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{70431A9A-2930-5405-B864-319B6E6CB953}]
"ActivatableClassId"="Bing.Maps.MapMultiPoint"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{70431A9A-2930-5405-B864-319B6E6CB953}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{707DA1B3-6184-5C0E-BE3A-E3E34D265A26}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{70DAD619-AFC3-5ACB-9E27-409A9508734F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{70E7446C-FF37-582C-811E-6AA946DF5CE1}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{70FE40FD-EA7C-5150-9869-7FA968E76F6C}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{715B6E7D-2521-5E81-861D-E9111CE0B692}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{71A9B95C-D84D-545B-9444-4652007AF8E4}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{71B6AEC5-ABFF-51E3-B005-8D437DEE38A1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{71C31E99-9AAB-5461-96C3-C4148FD912BB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7253F42C-35BF-5A8F-80FB-82E1DA515943}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{729A35A8-128C-5804-8F51-DC6507F64416}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{72C2422F-0979-5BF9-94C5-6E118E8CE2F0}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{72DEF5B9-A367-5D05-9475-204ACF2C5562}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7334D8A6-9DC4-552C-A1C8-D85D08890BF1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{73ACF7E9-4D5A-5631-B935-8A4EB045D404}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{73E80D43-4FD6-5D1B-9A6B-5F81A1EB1442}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{74294992-8FE8-589F-9EF1-404D13A97F9C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{746BCFCE-36D8-5B90-B1F0-4A0E0BFE250E}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{74755257-725C-5893-BA81-B76CCA2E01F6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{74778AB0-A9CA-50B3-90A2-9516A1D75419}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{74CF8CDB-8756-5EF2-BCC2-D6DEC26F9CB3}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{75563A93-6935-5213-B809-9749F4BD22C5}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{75A25FDE-0D9E-5033-A592-24988E7F2B1D}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{75A3892B-393F-52E4-8472-6AA8E21DDC00}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{763483EC-EC17-50EE-8AC3-A96BFC4F3EE2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{76C9D79D-C576-54D7-BBF3-57C911B4E66B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{76CCC275-22E5-5EAC-8B09-975DB7838198}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{76D6A549-123A-50EF-BCE2-BC7CE9FE1AE4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{76ED1FEE-8FAF-5FB3-9A34-14EF7489E307}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7707F9A7-60AD-5A59-A477-C15A581CD9C8}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{77EA4353-A3AC-5C1A-9F65-CE9F6980AAA4}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{780D3F21-C1EC-5385-9FB4-A98EC0A06670}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{788738F5-BA0D-5096-933E-E03E62656F66}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{79270600-D31D-53CD-A5C4-F22239620103}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7932465F-56AF-5D54-B679-46E36ECCFF3A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7976B81D-2672-56B6-AB45-DF1464DCD6A4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7983E39A-C898-5231-8893-1F2CB83B6C63}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7994AB61-7059-5586-AE18-52D70E195A1B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7A27F3CA-3A52-5740-A631-C068304D7707}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7A9679CB-7799-5368-85BB-244EB21F53E4}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7AE92052-2C86-5F4F-91A2-947A88D19025}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7AEC6502-99AB-556F-BF08-77620A5F4A34}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7B118F50-0604-5556-8499-72EFF633445E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7B24E20C-6AF9-5F86-A48E-CFCA91BB50B7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7B41D533-C4FF-59F9-9D60-60159E7B920A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7B6061E2-BC4A-5CF2-AB64-E3806EBF3234}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7C062BDB-87FF-52FF-B7FC-851898E9FB25}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7C1DE18D-3C4B-585F-B983-96575F96ED55}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7C501EB2-B44E-523B-A81F-ACD9568B5DBC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7C67CFB1-07A5-560C-BBC8-7BDD10D717EB}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7C6E5207-BCB4-58E5-A75E-A4CACB6DB972}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7CBD53AB-CA4B-51F4-B62B-B7513ECD4695}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7CBD6749-8A95-5243-8EC3-843A7C7A0666}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7CE27F68-1394-53E8-AA01-EA287B083F59}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D00183F-F9B1-5C5A-AAF9-C3E4AD603D82}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D2792D0-06FF-5DF5-9CED-4A6699E85C3D}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D283B62-E55B-5795-B2B7-0678B33F7D2B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D28663F-8424-593C-ACB9-732C9725E27A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D455DF3-9C22-5152-8DB4-751C534CAB8A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D52F54B-BBDF-59C7-B056-A81204DFDD33}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D81C6EA-29D0-506E-945B-35144AFEF4E0}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7D9DC63E-8F2D-5B59-AA8F-C7500BD4C933}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7DD907AC-449E-54C8-B81E-4AB3AA70FA5D}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7E4449E9-9E5E-50F4-9191-35F99A67681B}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7E494858-E082-530C-979B-5F21B7A9F474}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7F174A6F-B171-5BA1-851C-3FE10E3BCBED}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7F371502-081B-5E94-8390-DD39747A504F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7F86051D-2447-5FBA-AD27-1EA1C8701704}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7FB3FF9F-A066-5BDE-B366-F2C02048F662}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7FBDB327-5BB5-5A5F-949E-60D576FD0DBA}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{7FEA85F0-82DB-5A47-935D-6A417E2DDF4F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{80E5DED9-8774-59BC-A9F0-1310179D57E9}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{80F66E53-A7AE-5EDD-B194-53802C4A95EA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{811AF1E1-804E-5EDB-8849-3F63BC7DF08D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{81498398-C837-5B15-B888-7E8701D39D07}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{81591FF1-7CAA-5690-831B-CCCFB67F1CA4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{819DD56D-63F3-506E-8871-D8ADAE511CB9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{81EA885E-8499-584C-AB78-532F51B7C454}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{824058D2-27D9-521F-96F9-E22B83C11CBB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{82814E41-3281-5EA0-BCB5-666CD4D97489}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{82BD25CE-D95F-5A04-A884-3621D2303F98}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{82F6BFD2-4484-58F6-A71C-A57A6795824C}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{83D2A29F-9CEA-50D7-B9DC-D6911CC2D806}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{841FEB4B-948B-5CC8-B2E5-14411347701C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8506A56B-E763-5B1A-A02B-31AF6764C647}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{853025B0-8ECE-5D8C-9C5D-CF8AED543318}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{86557CB1-76DA-58E3-AC20-AC936A711AB9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8667BBBE-6A1D-54F7-9524-3253C5A69A4A}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8675B8F1-C805-5E05-A078-F51E499EDFF3}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{86F2FE37-CA03-5E82-9A1F-9B9F6D752DE9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8703ADB6-6D0D-5E01-92D8-19E04E3805B0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8730F1E6-9D44-5E05-BF34-80E456C48FDC}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{87995E26-2283-5756-BECE-56C72AF870E7}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{87F3FC29-E29B-5C98-A0A4-94AD69C0B2DD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{87F8D1CF-4155-5A5F-8677-FCF637178060}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8858B29E-9D5C-56D4-884E-C06584E3AEED}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{88E49CCE-0B1A-5566-91A8-C201183885BE}]
"ActivatableClassId"="Bing.Maps.TargetViewChangedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{88E49CCE-0B1A-5566-91A8-C201183885BE}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{88E61FB6-E1EB-5FEF-A4A8-7C866CF59920}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8929305E-9795-58C1-9252-4D38BF002119}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8937898E-167D-5D38-B16A-2AA8F7D47426}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{896AE2D9-F3B4-508B-92C5-BEE2A617009E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{89CF9748-3FAE-50FC-BECB-29168DBD6180}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{89E0212E-73CB-5112-A6BB-A782D1E62719}]
"ActivatableClassId"="Bing.Maps.TileDownloadCompletedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{89E0212E-73CB-5112-A6BB-A782D1E62719}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{89F0E2A0-2732-5713-B845-285C883E05A1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8A15D72E-7855-5F3A-B7BB-D0071D244384}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8A2B11DC-CB6D-55A1-9F89-441229378860}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8B668EED-BD0F-5E76-99B1-009A05B67453}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8B8E8BEE-C16D-5A43-803B-6DB12BE6AD8A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8C01DF2A-A0A5-54BF-99B8-FA1BC964A38A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8C5D22F1-2804-513D-A112-023DB08E3530}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8C65F7CC-8FC4-5C8A-A0F5-62E9DF41118F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8C801CEB-761E-5A0F-B24A-B1F98BA4E3E4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8D44579B-DFCF-5D81-ACB3-C04DE9921EE6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8DBCD2F2-3965-5908-8057-CBFB19FED6E7}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8DC417EB-C8F2-5BB2-83E9-B45F5E95EC03}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8DC52F2D-6FB1-5A8B-8841-25D06C55D592}]
"ActivatableClassId"="Bing.Maps.ViewChangedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8DC52F2D-6FB1-5A8B-8841-25D06C55D592}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8E0A1921-78B7-5F16-87D7-C505A016A4F7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8E5A62B8-8D61-54EB-82EB-63432F47DDC8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8E7A6C6E-D3A5-5446-BFB7-122E554C4320}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8ED920F4-5F20-5CBD-B96F-27C07CA8952B}]
"ActivatableClassId"="LibWrap.Binary"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8EE7BDAF-8FFF-56BA-944B-7B7D36CAAD15}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F425D20-9D82-5802-A9E5-92CB945F6B92}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F55069B-DF8F-5731-B42E-1A519007F2EC}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F5CEC28-D055-5DFB-83FC-AF9F78E6F14D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F6138F0-7B41-5397-905C-96215C833C24}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F7C4986-7F70-5D6C-8F1C-668679757959}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{8F929D59-2078-581D-AF78-16ED99C7E676}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{90505124-CF1D-5800-B7D3-F6404114A2E8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{918EC842-288C-5CBC-B0FB-60B9DD72C9CA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{91BEE004-6C2E-5285-987E-C8637FB4A01D}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{91E162D8-E2C3-5F09-AC4F-EB197E1BEB23}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{91E4D1C9-E485-5B17-9E84-B788D96E47FE}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{923D8FC1-F3C5-5DF2-8DCD-78B1A0BCE899}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{92702431-ED76-5213-BBDE-F1554BCBFCE1}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{927D038A-D274-51BC-A96C-6C3563C74012}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{92A699AA-886E-58AF-AF4A-EEEB0153558E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{92EB4EDD-D62E-5B5C-A4BE-14DEBA640F4F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{92EF7969-6C8B-5FE8-86E2-1B2ACA56AAD6}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{92F26691-29C3-5D05-8662-492BDDC3243A}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{930F8CD2-91C8-51BE-A60F-E879F31161F4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9347CF58-047E-54D3-BB99-B71C70B22E56}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{935AEE68-A895-5727-814C-27BCA353EC61}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{93715FA1-3D54-5889-BEE6-8ACBC857244E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{948C62F1-407C-536C-82E3-CCBDE50BC7A5}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{94A01D5E-A7AE-510D-BB4A-4A5CCB5B0F76}]
"ActivatableClassId"="Bing.Maps.Location"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{94A01D5E-A7AE-510D-BB4A-4A5CCB5B0F76}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{94D844B4-4E8E-5190-8B6B-D7C7D8735F01}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{954A16A5-E4F0-50D8-B8CE-513F33278E18}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{95DA7C0D-8647-5022-A4D8-78D31C93199A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{961BDB14-C687-58DB-A915-36C21B13A8B1}]
"ActivatableClassId"="Bing.Maps.MapShapeLayer"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{961BDB14-C687-58DB-A915-36C21B13A8B1}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9623BEF2-14D0-5A45-88B6-7F31AD1A33AA}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9645E710-6C71-5E25-8CE1-9DA71B24C0D9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{96462890-2289-50A4-85FC-9DDEA5B5A7F4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9676A506-02FE-5EEC-A3C6-1B61BFFB45A2}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97A04085-46C9-5214-973B-C4E03C654E0A}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97AC3D00-CC8D-53CF-9D3F-CA87BBCEDA6B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97B1E1F5-55C6-5A14-9007-CC878A1575C0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97DA4498-310C-59F8-9769-5781BB324063}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97E6E743-DBCF-5AC5-8812-FCE37D715F27}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97EC883C-A0BC-5AEA-9546-EDF195C224E7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97EEA5D2-42D7-5AC0-AF8D-64A8E1A01BFF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{97F9EA71-55B4-5CCE-880E-EC1A6F1290C4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9803280A-4E45-5A1E-B0A3-06D46A435F5C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9850491A-DB17-515E-A639-77142954385E}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{98F825B7-F9C2-525E-8FB0-3E08BBB52DC3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{98FCF44C-1885-5255-A576-6A7BE459EBCB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{991C960F-A18A-5AF4-B604-3607BAF065C6}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{996F889F-9955-5134-B9C0-E32BABA09AA4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9992503F-A709-59F4-84F2-FB89B35A2E23}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{99A0CA2D-9A17-5F49-9DD0-E6C2B7D15F8C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{99D9BFF7-10AD-5510-A6DB-5219625FF9EB}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{99E5F839-83B9-51C7-8E1E-4B7FDFF4A0EB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9A96FE2B-4207-5B9A-9685-333FAC4357EC}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9ACBE329-91B7-53AE-A0EE-30DA12403B9B}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9AF01F0A-CB96-5416-915E-3547E5C797E4}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B0053B5-1CA6-5E58-896E-EAB3C3EB121F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B095059-70BC-53B1-B537-A5A491C074FC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B1C9DA5-2BDB-576B-A378-EA2E84B60C40}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B8FE9B7-D0BE-50E2-9A89-F452337E2AD2}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B926D19-3EB1-562E-A96F-6A0234E8D45D}]
"ActivatableClassId"="Bing.Maps.MapStyleChangedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9B926D19-3EB1-562E-A96F-6A0234E8D45D}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9BCCD466-B7CB-5E09-976F-2489A1638108}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9C6DFD64-69CE-509D-938E-B22C9A7D5C0E}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9C97C184-734D-58F0-921C-7863CC708B5B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9CB9DD26-F46C-593F-A050-31F745918A01}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9CCC541D-40C2-574B-9849-A5BE984189A2}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9D2E0EF9-F5C0-5B07-B936-8DADC802A43A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9D4891F4-38F7-58F6-A6EA-830148E331D3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9D8EAF02-5B65-51BF-A04A-08EE77B1B06E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9DEDFBAE-652D-5E48-BAAF-C7CB7CAECA16}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9DF2B3EA-BB9C-537A-B3EA-33B2150BF12F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9E2203AE-D12D-5E2E-B46C-04B7FDDA6E85}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9E5F9685-C4AE-5F74-8202-B1FB91C7BA76}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9E6C2AED-176B-5895-BC28-C31F3AA7EB14}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9F5D42A7-7587-5CDC-8ABF-D4FDD73E5C25}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{9F83F07E-6C2B-5C13-807C-4B899166028B}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A06A946F-E201-55C7-BD9B-2962D8B89A4A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A0768F92-5A6A-5E8F-AA2D-B22A3E1035F7}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A132F216-0A41-5E78-ACCC-38B72D8D2960}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A1502D01-9D13-5E3A-8AF0-301F168AF55B}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A1D99692-98B4-5E34-B46F-B4F4B690A9E2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A1E1AF0F-0CCF-5D52-A508-047A230398BF}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A20B4EFC-50F3-5543-8389-E5283449DCDF}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A24E5FB4-C8C4-5637-9660-A63247174024}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A27D4BB3-0720-57C8-B876-4F62760E5DA9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A313239D-C20A-5A73-853F-C4BD07AC0558}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A365438E-1E3A-52B6-8503-6F653E457ACB}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A3CB45E7-3136-58E9-AFEF-DB22877AEF76}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A3E417E9-1728-524F-92C1-B9F4637DFCE2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A4D2ACCB-1DA9-5156-B3E1-A1301B9A0160}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A4D5C294-305A-5C4D-B8BC-5269B4D7FFD2}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A4DDEE5C-49E5-539C-8A8E-902062645F2C}]
"ActivatableClassId"="Bing.Maps.MapPolygon"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A4DDEE5C-49E5-539C-8A8E-902062645F2C}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5225A00-C7DB-5EF4-A779-BA2019F93357}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5770362-4DBD-5733-8660-9657E23BF954}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5AA8C03-8256-5CAC-8727-809E0C106E4C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5DF708D-0A69-5F14-9D72-C77BBD2EA529}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5E6E3A7-DD49-5D94-A642-EBB2B6924DFF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A5F1DDD9-8E5B-5D27-8594-20C423F45EDC}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A603F5E1-0526-5161-B507-8B086F2DAC6F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A62CD074-EA55-5D03-B547-0D3B8BA22F18}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A655153B-AED4-5E89-99E7-AAF522427118}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A65722ED-B4BD-5E6C-9A52-E898B2CF0EAF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6652F2D-D308-5ED0-B4CF-6827531CDFD2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6918E54-D0D2-5AEB-B806-2CB7B261128A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6BB5B4C-0008-5E18-89E6-932C25BCA0F8}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6C83842-BEE5-5045-AF32-4316FA458CF7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6DEC0FC-B7E2-5187-8D68-EA91BEF24B3C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A6F83779-408A-5938-A986-6FA9D66B1420}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A7012899-89BB-51DF-8E8B-37B29B248CCD}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A7411329-6108-5753-899A-025E1B6216AF}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A78A34F0-C4F1-51B5-AD92-38F241EAD077}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A791F168-4BAF-5F51-A71E-EA3119D0919E}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A8049820-C016-540D-A041-94DBCE2E7718}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A80BBC72-7D83-5D26-970C-A244EDFA9510}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A8F1A36D-F33A-5991-8A96-2F93A0F98341}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A930F4BD-9034-530E-964F-452204487D25}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A9347881-3F11-5D1A-8E9F-9AEDCA912633}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{A9FAE775-09D6-5C84-93B1-99C043AA771A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AA791ACD-3EF9-55F4-AA30-1957C7A541D5}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AA87BA27-3635-5505-A936-23E2A48E8B60}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AA89F8C6-CB6F-5719-AC2B-D2BE9F7DE22E}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AB09C351-9AD3-5553-ACCF-B234A2E3685E}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AB5D2192-703E-5DD5-A00D-5DEA7196F453}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ABA284EA-0DB4-5795-959A-8AB28FAE11BF}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ABB0529D-EFA8-57A8-8E3F-52C754114085}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ABE0BDF7-2BF9-545D-BA1A-DD2D1F367D4D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AC890EFC-53F3-5552-874B-A9155FC562AB}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ACB7C66B-3373-509A-B581-6B6D289D348F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ACCB1416-2C28-51CE-99B1-475DC8093D69}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ACE5E58B-615B-5315-B9C6-4A8E2006F641}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AD98532A-5DAA-5CF8-BBE9-CC0DD333C9A7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AE2A47FF-594D-5542-B834-ADFAED5F4576}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AE834F76-12BA-5A81-B798-E7B006CF352B}]
"ActivatableClassId"="Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AE834F76-12BA-5A81-B798-E7B006CF352B}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AE8B6A0B-5520-5FB5-BF45-49D5FCB34315}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AEB7B603-00C4-5098-8BF9-3B00E0BB17E4}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AF213CCC-628F-5EC2-9514-15807901C73E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{AF2E2A9E-A004-52E8-8C07-2E9B213F5F0C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B00A80FF-3BFA-56C9-A9B6-91318EB21A2B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B0316AD6-5B0F-55C0-A305-65D36F6FE359}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B06C265B-DB5F-5115-931D-D674F9192724}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B08A3880-640F-519B-A0D0-A4793D8B3055}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B0D679F2-5B45-5D7A-A3D1-BF8FA7C4D1C3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B18BABEE-F981-5059-82CD-CB14D302094D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B1BBE9F3-804A-5A1B-B321-4BE04FFB64CB}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B226DF9D-9EDF-5F84-905F-CA6152AA1147}]
"ActivatableClassId"="Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B226DF9D-9EDF-5F84-905F-CA6152AA1147}]
"PackageMoniker"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B2326A41-6094-57D7-8049-572D6BEFDD88}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B2B9B66B-011B-52E5-9441-4CD03C8A68DE}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B2DD1888-E2C3-5739-852A-9E6381C22F82}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B2F249CE-DB6B-5D7C-8472-D1691958149C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B2F453D1-64D7-51DD-B406-5C4D0C5BD5D6}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B32937AC-844E-5F49-8A2E-2B3AD5E3E118}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B37541EB-2A9D-5E34-B090-222564C5FCEA}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B375CDBC-B0E6-5770-AE52-63977F49F783}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B3BA8330-8A62-527B-A8F2-F42D428BCB6D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B42B5FF2-1584-5960-ACB1-8C33C52063E8}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B453993D-2667-5536-B6C1-EA0370EE8E78}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B48DD551-38D7-58F4-B603-C583EA08CD08}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B4CAA6E9-C1E6-5AB2-B93D-CBA8541F5DFB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B4DA0FBA-97A4-5078-8E4D-3D7703B9FFCD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B53E72FE-2723-5435-A84F-F45C7CA42889}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B5920959-82BF-59F2-80AF-19715D19D94A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B5EF4032-2EDB-5F37-A545-06075D7ED2C5}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B62B9585-0FE2-53B8-835C-669D65A3B86B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B63BCCF3-0F91-5CEE-8BE4-013762BE434B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B6DDF174-B4BA-5DD9-B410-A040FEE80894}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B70AE29B-B869-5159-A8C5-CFECE7BD5676}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B7418FCD-39A2-5852-9AA2-CFF3CCD2AB0D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B77CCBD6-40EA-5EA2-823C-24FAC3E81E21}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B78733FC-3953-51B6-A00A-B77C351AD2FF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B7A24CCA-B70C-5342-8207-34A40940C00A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B9176C61-2CF1-550D-A463-123F87C48967}]
"ActivatableClassId"="Bing.Maps.ViewChangeEndedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B9176C61-2CF1-550D-A463-123F87C48967}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B9A30B4B-2ADC-5C8B-8D0B-D6B9C900BD04}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{B9E5B0B7-3873-5FD8-9F2E-91C6C317D56C}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BAAD8DC2-58F7-572A-936A-FD7D0DC1162B}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BB23FB65-B784-558D-A172-3FBCBCC0C865}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BB36176D-4466-589B-B93E-3397E2F20DA0}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BB6810D5-0886-59FC-A8D1-44A03BA2F16F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BB8BEAF7-D370-59C6-8EB7-F9529164B3DF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BBACE316-DB3B-5F7B-935B-373166FD4D07}]
"ActivatableClassId"="Bing.Maps.PushpinAutomationPeer"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BBACE316-DB3B-5F7B-935B-373166FD4D07}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BBE7845F-E9B4-5CA1-9D27-A3E4FBF0799D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BC2E6AFD-6058-5B5B-92FB-B825A86CFFD0}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BC94E6A1-D645-59F4-B6DA-4E825F5B5223}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BD23551B-D6E8-5387-8D3A-F6FD8B8B3D70}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BD8F6153-D52A-520D-A35D-D0098C10ED05}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BDB8F7C2-FE01-5988-8C23-58B653C6F7DB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BEBEF770-AEFE-5FB4-9AAB-7280A613DEA1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BEC58792-4510-5099-8122-3DA83CE87665}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BECCAC7D-F786-567A-80FA-6BF58FE1C463}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BEFA9279-7201-5853-B262-355C96036BE1}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BF0AAC50-D692-504A-B18A-2CF49B4ABD72}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BF65AD90-8BCA-59C0-8661-8E58B6EEA32A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BF69129C-8D9E-513F-9F9C-AF5B8444A116}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BF812AF7-CC27-52CD-827C-5E54A4CD1971}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{BFEA8773-5F6C-57E3-833F-CE46280967AF}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C035FE1B-9CFB-5187-A0EA-BAE73180A880}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C04C26F2-FBA1-50B1-AAA3-FA16941DD38C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C0869758-8E72-5939-B7D7-62CAA2173818}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C0990453-F35D-5524-8493-54AD81F81EBB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C1321634-D4E2-50FA-9B67-52B62C981517}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C13CDC81-F373-55AB-BA26-F4FC8D0674A1}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C13EEFCA-3EF6-5254-89F1-E01B4477D3B4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C1B8E022-7894-5312-B888-440E21E7BB14}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C1EFD9C3-1AA5-51E5-898A-9908694B953F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C234C9C5-A931-5A38-902A-C44E15BE1AB0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C2820464-C07C-587B-B051-D19BCA1798D3}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C318E9BD-C613-51AD-98E0-14954D9514A4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C332BEF6-E0BB-5D96-9E14-D5A27E5DB9C0}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C37F5407-971D-5224-9920-723118752A61}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C38501EA-F9F2-5321-8A0A-6F7E5CB7BD84}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C3B18D4E-B0C7-5BCF-86CC-F44AA0795A23}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C45E03A4-09A1-5306-AF76-45D59B7ED04F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C4645D88-A721-5CCD-8CD8-C3C8E98EE7CD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C5185B50-6D43-572C-A6BD-E732360C248F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C526A7FB-2EAE-52D5-99D6-1B60D5139A9C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C553D67F-D4E6-5EE3-B930-E6361FD3C87E}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C5875920-7346-5896-BEFF-50B62BBABB3B}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C5DF842D-93D4-57AE-A0E6-1698E1551FC9}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C5E15024-57E9-50A4-8F27-216D817E9C17}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C659B9B2-4051-5266-9073-CDB9B0D2DBF3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C79A6B0A-4357-5CF9-A2FC-22DF0035B40A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C7A9F9FA-A91D-5585-8B9E-881BF74BAF1A}]
"ActivatableClassId"="Bing.Maps.CopyrightChangedEventArgs"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C7A9F9FA-A91D-5585-8B9E-881BF74BAF1A}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C824DC09-668A-545E-B17B-6966FAE147CA}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C8626874-6AC9-5085-ABC6-E1DE48C5A6FF}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C8A61511-C74C-589C-BBCA-89FA365C89AC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C908798C-C2B2-52CD-A8FC-DBD3E3DEDD58}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C938694B-E088-56CD-8FF8-EB100A7726C7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C938774B-EB67-5BB5-BC21-8F4378C671A2}]
"ActivatableClassId"="Bing.Maps.MapAnimationDuration"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C938774B-EB67-5BB5-BC21-8F4378C671A2}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C9B57EF2-A5AE-5699-9B7A-07CE4B3C272E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{C9F7BC34-F32A-51F0-8C7E-71705B18732C}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CA49992E-2AA6-53A2-90B7-4B5D282D0F9F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CA4EC6BB-482C-5B10-A884-4614C39B9A1E}]
"ActivatableClassId"="Bing.Maps.MapShapeLayerCollection"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CA4EC6BB-482C-5B10-A884-4614C39B9A1E}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CA99E5F7-C406-5200-A8D0-7A014C439EC2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CAA5A4B6-403F-5B69-8F0F-FD3CB86ECCD3}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CABE06B8-BE82-5B85-925D-285CB9BED101}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CB075267-215F-5DD3-8462-EA5917962B8F}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CB156C6D-F900-52B5-92F3-B1A3CEB55078}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CC58CE79-42B1-5A47-B592-CA805A0E50EF}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CC70FC3F-AB1D-5E6A-9A76-7D4101535EB2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CC8ED743-9B9E-59F8-8BB1-48D58F5E18C7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CC9BD257-70B6-5E75-A714-0A1CB46E5397}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CCBA62B0-BE5D-53F8-8463-C9BDA6306950}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CD0D47B5-367E-5125-B1D4-6CD970D6481D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CD50621E-B442-5744-B81C-10A27439E3F6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CD750320-D91E-53D3-B47F-7E29FE191D8E}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CDC8A1FA-7DDE-5F37-9FB4-A2DDC896146B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CE0F2692-6DBE-55FF-A604-46E6A30FC640}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CE3FB9BA-8D6A-58F1-9A4C-3FCBE3E9D698}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CE50CED8-8AB0-5F64-BD08-3337EDA02100}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CEC2B990-3F89-556D-B7B7-A7CE66190E12}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CF0BE778-1B7E-5F4E-A91B-8C8AAC045D9D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CF2492F6-535F-58A3-B22C-B3A1134FFEED}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CF3EAECE-F25D-5F62-9851-4FCF051DC185}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CF58685C-7BF1-58F6-AF07-7678E096E0B1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CF82FE64-7284-5D00-9C9E-0CDDD12C692C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{CFF120B5-3B05-525B-AFA9-7CE252EF9480}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D032E31D-90F7-5DB1-A227-14935BF899E0}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D0BA3933-0973-5CC2-925D-FE62F4D3CC3F}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D0FF8992-BC65-58E3-BD32-0825B7DECECF}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D1172B40-9325-5C48-88C4-5A6620797A7D}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D12D61AC-2BAA-5119-A6C7-F5E54957A3DD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D145AFB2-B454-527B-AECA-E547089C1238}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D1BB1936-E2E0-57AF-813F-F7F043CCEAFB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D214D092-862C-5400-BFFB-79386266AE5B}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D2ACEE40-8B2C-5654-91E9-C821C9E39102}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D35F0678-88B0-5420-A3CB-DF96089A3AE6}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D406BAEE-B45B-555D-BEA9-75951F1ACE76}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D436FCED-6C2F-52C2-8B0E-9EAFDC315EAA}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D43D1EE1-C483-5CF7-B439-0D6714E8DEB6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D49B9F45-9B0C-5061-A785-93097D7910E5}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D4A301B4-B74E-5DC7-8025-10BF5CD670AB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D4AE0800-420A-58BE-8E92-7F585BB227CB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D5A68693-C604-5E5F-BD95-C893F936A882}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D5F99A32-9DCD-5ECD-B67F-01E5AED4A116}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D6408409-BCD1-598C-B02F-8973C70F1D08}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D6488A45-E5EF-5FB1-A4B0-1CFD7671206C}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D6B9C037-F32C-5E78-9AB7-CBB81FB140E8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D6C503D1-FB45-5C55-9398-F90D5D935F8D}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D797246A-4BF4-5032-AA0D-0C8E2D22780E}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D7D76D56-D17C-5DDC-B0F7-7BDFE83EBBD4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D822B91C-0BF4-5EC9-A531-2A82C3F37894}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D82D0EF9-4A67-5E21-8259-A5F62435F885}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D8858FC3-B825-56DA-9042-D15DF68CF543}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D8B3ADC4-ADB4-5870-A1C4-DC3CFD745CBA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D921796B-5BCC-58B2-ABCF-F1D8D9241B5C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D98F612B-7107-5FFE-9833-BB46F3E94B68}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D99BABEA-C8F9-5761-BEB2-590AB1C2ACD8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{D9D7E09D-07BA-5073-A2B1-902CFABB5762}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA4BD53E-D949-5528-88AC-52A8E6EF0CAB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA506241-4AFE-5D7F-AFE2-FBD75E18CFE2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA51D0D8-44E0-5388-961F-67687419C264}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA84E2D5-4F25-57CC-A528-D93AA3153F34}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA96693F-B6E4-5B1E-8F8C-7CC708115D7F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DA9D9AA8-876E-5EF9-9160-AE3DCAAD7E29}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DAB0AED4-3E57-5D82-88FA-CCFDF9A17001}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DAE55BC1-21A4-597C-9D78-0A6A02C359D9}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DB068225-4C36-5E29-9C9F-F0ACD7FE1EAD}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DB279014-43F5-5567-86AD-9FC399F633CA}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DBD836EA-6FAF-5256-9B50-9CA6EAD42D27}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DC550123-8F4D-51B4-927F-F4A003B7D068}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DC67D853-DCDF-592A-8356-1139CD642785}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DCEC5CE7-F4EF-57B0-B056-09F8FF7DCF5E}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DD224EFF-E400-59DA-A177-D3D660070032}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DD908DD2-5E6B-5DB5-B672-417DDD0084DF}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DE37634D-EA8F-5DF0-BA0B-FE95375C161C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DE61BB93-3399-5357-B698-A1E3226ACBFC}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DEA82C2C-0FAD-56A7-A103-299CA46F11E4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DF1C55AD-4039-56EB-8B8E-BAA5FAA18D75}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DF4FA31F-63E3-54BA-9606-4414031DBCB3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DFBC6942-EC1D-5C8B-99A0-7532E3A49EB4}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DFEDB6A4-B4A4-5C80-B9BC-4E3C74B2EB7F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{DFFE3670-B794-5B01-AAAD-F02FEBC38A33}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E003EE29-662A-56A8-913A-3639EB6A2D5F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E0730015-1E41-50B6-812C-D7A11951B8D5}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E0C6F571-F5CD-58AE-99A9-784381EC1B1E}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E0FA7A07-DBCE-5468-A7EE-B6EC469D22F2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E1A4209F-8959-5072-BBAF-06DB0A12095B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E2065249-B86C-5730-8E20-5DFB46F09786}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E2C267DC-5127-5A90-ACBA-AA7D1FC14822}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E2DE474C-473E-596B-9833-9CCC8E1C5645}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E31A9F4B-BB77-5739-ACF9-32EEC505B296}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E35E84F2-A6E5-5B91-AB83-F93ECD23020B}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E39C0B11-556F-5972-B468-33B39E449F41}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E3A50112-A951-5F8D-9AC9-B2A712A43267}]
"ActivatableClassId"="Bing.Maps.LocationRect"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E3A50112-A951-5F8D-9AC9-B2A712A43267}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E3A71B05-22F0-522E-A94F-1337B9272D33}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E433D2CA-7A56-5EEB-84B2-1FC84CDB00B3}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E46BA3F1-D116-5455-BEA6-31AF69D133C8}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E4A9CAFA-768A-59E2-8D37-36D50059F338}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E51C9B7D-973E-5ED2-91EF-50CF5048091C}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E5772977-1AD1-5BAF-AF00-C402D5F8890A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E57EFCBC-3546-5D43-80FE-DF30FA617A2B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E592C426-5B63-50CA-98BF-9F62E5FB8AB2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E599BEE4-1F94-53DA-AED0-29BA9FBB99FE}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E5AB3ABC-8FBE-5386-ACA7-651C4C6BCFCE}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E5E3558A-C161-5B48-AC19-478478645884}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E65D1D5B-0052-51B9-B0FB-F3A476B67FAC}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E70867F0-13A8-5B6B-874F-81C293465724}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E73BE8FD-130A-5E3D-8832-27029F06BC30}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E740C2F9-33AA-501F-9666-72502A42C5F2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E788DCA4-AD4A-5BA3-BE10-539FFA6A1E10}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E7DE639B-C52B-50F1-849D-3E7F99001F15}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E7FB380A-F1D4-5C65-80E3-AF02AAA8349C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E83D46DC-DFE3-52B4-BD9C-9FB693D69AEB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E84D763F-3ECE-5E11-8556-E4F61F25B40B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E854740C-EB4D-5F9A-9F1B-60C1B1F56AE2}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E86C3DDE-A7B7-5FA4-A03D-0F1E94685A0A}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E86D0214-E0EE-5F83-88D8-A4D752F3B38E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E87706F4-D63D-56B2-AA78-7DBBC572C143}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E9BE3D85-3929-5773-9310-6EBB4ECD9ACC}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{E9D736F0-5C94-59BF-A0CA-9FF4736A5557}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EAC98915-BF09-503E-A270-4118B9E8EE95}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EB399FDC-E2BE-519D-B66A-6111B2E2E07A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EB9BD7E4-E54A-5339-80B6-E3AE445ECDBD}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EB9CE4B9-C4FA-59B1-A240-8856BCEE9C1F}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EB9FC010-418B-567D-B132-43EC32A1BE8C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EBC70DA7-6B35-534F-8107-9E17B4358DD7}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EC401C5F-FC73-5D3F-9365-77E06D945E48}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EC4526EA-D4FA-563B-B82F-26E6739882C4}]
"ActivatableClassId"="Bing.Maps.Map"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EC4526EA-D4FA-563B-B82F-26E6739882C4}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EC7811AE-A90F-5786-9ECE-F6A936FF16FB}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ECDC87CF-1CC3-57E0-B51F-343847780FC6}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ECDD44DB-CA4A-5AA0-8F92-2535654A6947}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{ED42D080-3A71-58A1-8D23-7B36744E32AB}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EDB67E6B-921B-5DC3-8737-7CDAAEE294D4}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE14DEAD-CA30-5496-8104-C4828191E0CD}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE41DDE5-805E-503F-B6A3-A45EC1CEA0D4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE420CB2-B68D-5CEF-8A69-190BE28085D5}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE9365DA-9DD5-5AC6-B065-D1A3B8FA547E}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EE9ABD11-80A2-54C3-80ED-56E6F3A11D81}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EEA3B791-5758-524E-AD06-352F115131DE}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EEB10936-DCA1-56B5-8EF4-352997F9D73A}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EF79512D-A664-5343-893B-76A78F5A0030}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EFAD184E-B2A0-5272-809C-D42973A7AD5B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{EFC2CBBC-6EA5-52BD-9A08-686454CDA6B3}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F04394E8-FD8B-5E88-95B8-36AE280EE437}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F0F14F4A-F67D-5FB5-AACF-E3C7499FC9B7}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F14AEA3B-4D6E-5F26-9FC4-3C2DB572CDD4}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F187DBED-5958-57E2-A562-B59D6AF5A85B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F24FD857-5EC4-528A-BCD7-42E101E99643}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F29391AE-9B7F-5BC7-B7A2-EC3779D2B92C}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F356211A-9B68-5FB0-9DBF-8CC833DE44A1}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F493DCFC-C98D-5EDE-A55D-829D8C301A12}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4BC0076-FCB4-5F79-9687-E551484D9297}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4BCF594-19D7-534A-BD89-AE39580A19B5}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4CE9354-1BF3-56F8-AC16-2B66BA70F434}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4DCC17E-7493-5CAA-BFEA-FEC78437FBE0}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4F1D65F-7F5F-5F81-8F17-F743E5E4947A}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F4FC073B-8A04-5BB1-9219-476E1F0AB6C8}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F5DB92CC-824C-5BDA-96D8-236C66EFC677}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F69E2819-C921-5611-833C-6265688B468C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F6B7966E-EA1C-535A-B321-CF870B9592F1}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F6CF4160-1136-57FB-9627-0A80510F0CB9}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F7207CEA-85C3-59BB-B324-02E0FAA20E42}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F75DC3BF-40BE-5241-8AB7-735F04F7CEB8}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F81097F2-6D1C-5EC3-ABCF-5B2195ECEE2F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F83D1FC6-B260-5996-B916-F45C6516D71B}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F84ABB37-7ECF-5924-B44F-0FDD91AFA7AD}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F85C4C21-8A6A-5762-861E-5D8CECF89ABA}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F88B35D9-3CA9-5F9A-B939-94DF0388A73D}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F8B43C4E-AB2D-52A9-943C-AAEBCC6B6E47}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F8EA0771-4A33-5CDE-819E-192B9BF97141}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F91509AA-2135-51C6-88B7-F93C134C6019}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F9B797EC-5578-50A9-9C92-9817B8D5BA39}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{F9EF5485-A0E3-58EF-AAEB-06FFDB198166}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FA35723F-F5F7-566E-8C61-BCA6FB6C0A88}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FA68B02B-5D11-5EF4-80FF-FF234D8BF9EB}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FA82B119-6330-5B8A-9850-980FF537FFCB}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FAFFE757-D2C7-5651-BAAE-8A3F0EBC83F1}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FB2BCE8B-6ADD-52C4-AF09-97797EABB7B9}]
"PackageMoniker"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FB5FC59C-4182-5DEB-B7AF-CB0477D0C13C}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FBA72576-2E97-5A90-B4D7-37A49428872F}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FC482699-0C27-592D-837A-3F58614003ED}]
"ActivatableClassId"="Bing.Maps.MapUIElementCollection"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FC482699-0C27-592D-837A-3F58614003ED}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FC57A7D8-5059-5FBC-AAD8-730A8E80E81B}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FCBFBA37-8BC7-515B-87AF-A253A296E3EC}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FD26BD7C-BF94-57A7-8564-5C94B8D51FEE}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FD698565-E3CB-5BF3-A4A0-7AB17B4175E0}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FD747303-2DDA-5549-81F4-3245AC7BC1F0}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FD93BBF0-CDE0-5AF7-BB3B-7DDF2EE56508}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FDD33299-0D41-538E-ADDD-6790BFA12862}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FDF9DFB0-1CB5-5017-8AAA-139D0F78B551}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FDFB5047-7C31-52E2-A1DE-E9BFE29EAE81}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FE1BE7C3-E526-5506-B09E-5792033CCE9C}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FE479AA6-454B-5839-8B96-82E68DF683B7}]
"PackageMoniker"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FE8EF7AE-8D6E-50B5-BF9D-3D9166CF7651}]
"PackageMoniker"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FEB6E6D3-4C2C-5867-BED6-0097AC16F10B}]
"PackageMoniker"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FEBF4554-B06B-55D3-AFA1-435CEAE57F0E}]
"PackageMoniker"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FFC34BF8-580A-5641-90FE-EC5F3D2C5445}]
"ActivatableClassId"="Bing.Maps.MapShape"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\CLSID\{FFC34BF8-580A-5641-90FE-EC5F3D2C5445}]
"PackageMoniker"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\Server\AppexFinance.wwa]
"AppUserModelId"="Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.CopyrightChangedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.CopyrightChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Location]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Location]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.LocationCollection]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.LocationCollection]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.LocationRect]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.LocationRect]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Map]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Map]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapAnimationDuration]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapAnimationDuration]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapAutomationPeer]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapLayer]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapLayer]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapMultiPoint]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapMultiPoint]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapPolygon]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapPolygon]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapPolyline]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapPolyline]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShape]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShape]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeCollection]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeCollection]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeLayer]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeLayer]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeLayerCollection]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapShapeLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapStyleChangedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapStyleChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapTileLayer]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapTileLayer]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapTileLayerCollection]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapTileLayerCollection]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapUIElementCollection]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.MapUIElementCollection]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Pushpin]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.Pushpin]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.PushpinAutomationPeer]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.PushpinAutomationPeer]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.StringToLocationConverter]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.StringToLocationConverter]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TargetViewChangedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TargetViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TileDownloadCompletedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TileDownloadCompletedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TileServersAvailabilityChangedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.TileServersAvailabilityChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangeEndedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangeEndedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangeStartedEventArgs]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\Bing.Maps.ViewChangeStartedEventArgs]
"DllPath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Bing.Maps.dll"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Server\AppexMaps.AppXx8y9crt3hzfbmxxth4eth2nn11ahfpfx.mca]
"ExePath"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Map.exe"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Server\AppexMaps.AppXx8y9crt3hzfbmxxth4eth2nn11ahfpfx.mca]
"AppUserModelId"="Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\Server\AppexNews.wwa]
"AppUserModelId"="Microsoft.BingNews_8wekyb3d8bbwe!AppexNews"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingNews_8wekyb3d8bbwe!AppexNews"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\Server\AppexSports.wwa]
"AppUserModelId"="Microsoft.BingSports_8wekyb3d8bbwe!AppexSports"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingSports_8wekyb3d8bbwe!AppexSports"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\Server\AppexTravel.wwa]
"AppUserModelId"="Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\Server\App.wwa]
"AppUserModelId"="Microsoft.BingWeather_8wekyb3d8bbwe!App"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.BingWeather_8wekyb3d8bbwe!App"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
"Server"="Microsoft.Bing.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
"Server"="Microsoft.Bing.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
"Server"="Microsoft.Bing.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
"Server"="Microsoft.Bing.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Server\BackgroundTransferHost.1]
"AppUserModelId"="Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Server\Microsoft.Bing.wwa]
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Server\Microsoft.Bing.wwa]
"AppUserModelId"="Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Server\Microsoft.Bing.wwa]
"ActivatableClasses"="Microsoft.Bing.wwa Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa"
[HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package\Microsoft.SkypeApp_1.3.0.112_x86__kzf8qxf38zg5c\ActivatableClassId\LibWrap.Binary]
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y]
"FriendlyTypeName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\Application]
"ApplicationName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\Application]
"ApplicationIcon"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo_small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\Application]
"ApplicationDescription"="ms-resource:BingSportsApp"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\Application]
"AppUserModelID"="Microsoft.BingSports_8wekyb3d8bbwe!AppexSports"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\DefaultIcon]
@="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo_small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXcbv5327r7rdq29p70tt5kdntysgx9c5y\Shell\Open]
"PackageId"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt]
"FriendlyTypeName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt\Application]
"ApplicationName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt\Application]
"ApplicationIcon"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Files/Images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt\Application]
"AppUserModelID"="Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt\DefaultIcon]
@="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Files/Images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXde453qzh223ys1wt2jpyxz3z4cn10ngt\Shell\Open]
"PackageId"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137]
"FriendlyTypeName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137\Application]
"ApplicationName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137\Application]
"ApplicationIcon"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137\Application]
"AppUserModelID"="Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137\DefaultIcon]
@="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXedf16y52sm2kqhytky9zey5hdcxjp137\Shell\Open]
"PackageId"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x]
"FriendlyTypeName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x\Application]
"ApplicationName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x\Application]
"ApplicationIcon"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x\Application]
"AppUserModelID"="Microsoft.BingNews_8wekyb3d8bbwe!AppexNews"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x\DefaultIcon]
@="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x\Shell\Open]
"PackageId"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd]
"FriendlyTypeName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_protocol_description}"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\Application]
"ApplicationName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\Application]
"ApplicationIcon"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/smalllogo.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\Application]
"AppUserModelID"="Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\DefaultIcon]
@="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/smalllogo.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\Shell\Open]
"ActivatableClassId"="Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa"
[HKEY_CURRENT_USER\Software\Classes\AppXpc32jqxwy10b402mqmvjsb3xqyaptejd\Shell\Open]
"PackageId"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1]
"FriendlyTypeName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1\Application]
"ApplicationName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1\Application]
"ApplicationIcon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/smalllogo.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1\Application]
"AppUserModelID"="Microsoft.BingWeather_8wekyb3d8bbwe!App"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1\DefaultIcon]
@="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/smalllogo.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1\Shell\Open]
"PackageId"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n]
"FriendlyTypeName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n\Application]
"ApplicationName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n\Application]
"ApplicationIcon"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n\Application]
"AppUserModelID"="Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n\DefaultIcon]
@="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/small.png}"
[HKEY_CURRENT_USER\Software\Classes\AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n\Shell\Open]
"PackageId"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\bingfinance]
[HKEY_CURRENT_USER\Software\Classes\bingfinance]
@="URL:bingfinance"
[HKEY_CURRENT_USER\Software\Classes\bingmaps]
[HKEY_CURRENT_USER\Software\Classes\bingmaps]
@="URL:bingmaps"
[HKEY_CURRENT_USER\Software\Classes\bingnews]
[HKEY_CURRENT_USER\Software\Classes\bingnews]
@="URL:bingnews"
[HKEY_CURRENT_USER\Software\Classes\bingsearch]
[HKEY_CURRENT_USER\Software\Classes\bingsearch]
@="URL:bingsearch"
[HKEY_CURRENT_USER\Software\Classes\bingsports]
[HKEY_CURRENT_USER\Software\Classes\bingsports]
@="URL:bingsports"
[HKEY_CURRENT_USER\Software\Classes\bingtravel]
[HKEY_CURRENT_USER\Software\Classes\bingtravel]
@="URL:bingtravel"
[HKEY_CURRENT_USER\Software\Classes\bingweather]
[HKEY_CURRENT_USER\Software\Classes\bingweather]
@="URL:bingweather"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppXybtsa1402ty679z1bw0864vsphzrs336.wwa]
"Icon"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppXybtsa1402ty679z1bw0864vsphzrs336.wwa]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppXybtsa1402ty679z1bw0864vsphzrs336.wwa]
"Description"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXctnv7jgfexcxjqxhnfr8weh1x4cw0e6g.wwa]
"Icon"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXctnv7jgfexcxjqxhnfr8weh1x4cw0e6g.wwa]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXctnv7jgfexcxjqxhnfr8weh1x4cw0e6g.wwa]
"Description"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXkdpa0f8m9a8vjds1v5mqrfgyxn1fp78g.wwa]
"Icon"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXkdpa0f8m9a8vjds1v5mqrfgyxn1fp78g.wwa]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXkdpa0f8m9a8vjds1v5mqrfgyxn1fp78g.wwa]
"Description"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXdvfyn3mvgf382k8g5z6dsznda6kvcagd.wwa]
"Icon"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXdvfyn3mvgf382k8g5z6dsznda6kvcagd.wwa]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXdvfyn3mvgf382k8g5z6dsznda6kvcagd.wwa]
"Description"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX7w733cy1qbd10gsh6qvg6cfefe4v34k3.wwa]
"Icon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX7w733cy1qbd10gsh6qvg6cfefe4v34k3.wwa]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX7w733cy1qbd10gsh6qvg6cfefe4v34k3.wwa]
"Description"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX8w8c6p2x3vbeag622f2mzjjecz4n9rtb.wwa]
"Icon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX8w8c6p2x3vbeag622f2mzjjecz4n9rtb.wwa]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppX8w8c6p2x3vbeag622f2mzjjecz4n9rtb.wwa]
"Description"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
"Icon"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/squarelogo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.BackgroundTasks\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppXw4ad98zr09dmj73rcqjj49erddgwsa3r.wwa]
"Description"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"Icon"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"Description"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps]
"Icon"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Files/Images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps]
"DisplayName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps]
"Description"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.wwa]
"Icon"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.wwa]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.wwa]
"Description"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"Icon"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"Description"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"Icon"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"Description"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"Icon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"Description"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
"Icon"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/squarelogo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Launch\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.wwa]
"Description"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppX0r0dkhzt17fm4yb671r3szje1ybkmy3j.wwa]
"Icon"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppX0r0dkhzt17fm4yb671r3szje1ybkmy3j.wwa]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppX0r0dkhzt17fm4yb671r3szje1ybkmy3j.wwa]
"Description"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.AppX0r0dkhzt17fm4yb671r3szje1ybkmy3j.wwa\CustomProperties]
"Name"="bingfinance"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppXk74pm3yqzgzhk68v0qwfqh1fb6bzyfa2.mca]
"Icon"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Files/Images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppXk74pm3yqzgzhk68v0qwfqh1fb6bzyfa2.mca]
"DisplayName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppXk74pm3yqzgzhk68v0qwfqh1fb6bzyfa2.mca]
"Description"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppXk74pm3yqzgzhk68v0qwfqh1fb6bzyfa2.mca\CustomProperties]
"Name"="bingmaps"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXmr5vsssa5hr66w886547dqn2casn6rsg.wwa]
"Icon"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXmr5vsssa5hr66w886547dqn2casn6rsg.wwa]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXmr5vsssa5hr66w886547dqn2casn6rsg.wwa]
"Description"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppXmr5vsssa5hr66w886547dqn2casn6rsg.wwa\CustomProperties]
"Name"="bingnews"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXyvrx553t7kt8vvfxk9py4qdw3b6a295s.wwa]
"Icon"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXyvrx553t7kt8vvfxk9py4qdw3b6a295s.wwa]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXyvrx553t7kt8vvfxk9py4qdw3b6a295s.wwa]
"Description"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.AppXyvrx553t7kt8vvfxk9py4qdw3b6a295s.wwa\CustomProperties]
"Name"="bingsports"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXf7xamrbxy0n5df2tmyrb6y746mzbwm6b.wwa]
"Icon"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXf7xamrbxy0n5df2tmyrb6y746mzbwm6b.wwa]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXf7xamrbxy0n5df2tmyrb6y746mzbwm6b.wwa]
"Description"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.AppXf7xamrbxy0n5df2tmyrb6y746mzbwm6b.wwa\CustomProperties]
"Name"="bingtravel"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppXa7xd3sqwffengk48gap0w73297813byv.wwa]
"Icon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppXa7xd3sqwffengk48gap0w73297813byv.wwa]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppXa7xd3sqwffengk48gap0w73297813byv.wwa]
"Description"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.AppXa7xd3sqwffengk48gap0w73297813byv.wwa\CustomProperties]
"Name"="bingweather"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
"Icon"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/squarelogo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa]
"Description"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Protocol\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX8jr51tygbyg0qq73qnf7srf4k5p5k5k7.wwa\CustomProperties]
"Name"="bingsearch"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"Icon"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/Files/shared/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexFinance.wwa]
"Description"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppX0c2w1943jdqkf1rbwk2c4nzk6m4nxw47.mca]
"Icon"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Files/Images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppX0c2w1943jdqkf1rbwk2c4nzk6m4nxw47.mca]
"DisplayName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\ActivatableClassId\AppexMaps.AppX0c2w1943jdqkf1rbwk2c4nzk6m4nxw47.mca]
"Description"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppX840xcewdazfg7z839sn6pf6ws2g4dfec.wwa]
"Icon"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppX840xcewdazfg7z839sn6pf6ws2g4dfec.wwa]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexNews.AppX840xcewdazfg7z839sn6pf6ws2g4dfec.wwa]
"Description"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"Icon"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/Files/images/sports_logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\AppexSports.wwa]
"Description"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"Icon"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\ActivatableClassId\AppexTravel.wwa]
"Description"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"Icon"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Files/images/logo.png}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\ActivatableClassId\App.wwa]
"Description"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
"Icon"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/Files/shell/images/squarelogo.png}"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Extensions\ContractId\Windows.Search\PackageId\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\ActivatableClassId\Microsoft.Bing.AppX1dcfxgk37czzaeqd18fgqn2dmgzqxck5.wwa]
"Description"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03d09eb8e3\en-US]
"@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"="Finance"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03d219387b\en-US]
"@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"="Maps"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03cac0a18b\en-US]
"@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"="News"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03cac0a18b\en-US]
"@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"="News app"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03c8a44253\en-US]
"@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"="Sports"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03c8a44253\en-US]
"@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"="Sports App"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03e167832b\en-US]
"@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"="Travel"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03e167832b\en-US]
"@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"="Travel lets you book your travel and browse destinations"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03ccfbf30b\en-US]
"@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"="Weather"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03ccfbf30b\en-US]
"@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"="Weather App"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe%5Cresources.pri]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03e6aadf1b\en-US]
"@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"="Bing"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03e6aadf1b\en-US]
"Designed for Windows, the Bing app puts control at your fingertips. Whether you want to tap and swipe or click and type, the Bing app makes it easy for you to find the information you want and complete key tasks."="Designed for Windows, the Bing app puts control at your fingertips. Whether you want to tap and swipe or click and type, the Bing app makes it easy for you to find the information you want and complete key tasks."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe%5Cresources.pri\1cd6b03e6aadf1b\en-US]
"@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"="Designed for Windows, the Bing app puts control at your fingertips. Whether you want to tap and swipe or click and type, the Bing app makes it easy for you to find the information you want and complete key tasks."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1f6\52C64B7E]
"@%SystemRoot%\system32\wevtsvc.dll,-201"="This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1f6\52C64B7E]
"@comres.dll,-2451"="Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\1f6\52C64B7E]
"@%SystemRoot%\system32\lltdres.dll,-2"="Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly."
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1220793744-3666789380-189579892-1973497788-2854962754-2836109804-3864561331]
"DisplayName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1220793744-3666789380-189579892-1973497788-2854962754-2836109804-3864561331]
"Moniker"="microsoft.bingmaps_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1457613951-1028716704-1089715812-858319886-3420779130-1191463368-1428868892]
"Moniker"="microsoft.bingsports_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2040986369-264322980-3882385089-1970153872-3662121739-3363227934-2464603330]
"Moniker"="microsoft.bingweather_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2809773185-964540269-851305089-1401553790-1873019115-3187118450-3726485248]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2809773185-964540269-851305089-1401553790-1873019115-3187118450-3726485248]
"Moniker"="microsoft.bing_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2870191891-2241688837-171142518-109998219-184790337-3361571429-3188846544]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-2870191891-2241688837-171142518-109998219-184790337-3361571429-3188846544]
"Moniker"="microsoft.bingtravel_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472]
"Moniker"="microsoft.bingfinance_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-508114518-3340871649-811464485-526616082-4258465299-1774086546-1865468257]
"Moniker"="microsoft.bingnews_8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingfinance_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingmaps_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingnews_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingnews_8wekyb3d8bbwe\Internet Explorer\DOMStorage\microsoft.bingnews]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingnews_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache\DOMStore]
"CachePath"="%USERPROFILE%\AppData\Local\Packages\microsoft.bingnews_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingsports_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingtravel_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingweather_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingweather_8wekyb3d8bbwe\Internet Explorer\DOMStorage\microsoft.bingweather]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bingweather_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache\DOMStore]
"CachePath"="%USERPROFILE%\AppData\Local\Packages\microsoft.bingweather_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bing_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bing_8wekyb3d8bbwe\Internet Explorer\DOMStorage\microsoft.bing]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.bing_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache\DOMStore]
"CachePath"="%USERPROFILE%\AppData\Local\Packages\microsoft.bing_8wekyb3d8bbwe\AC\Microsoft\Internet Explorer\DOMStore"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingFinance_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingFinance_8wekyb3d8bbwe\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingMaps_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingMaps_8wekyb3d8bbwe\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingNews_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingNews_8wekyb3d8bbwe\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingSports_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingSports_8wekyb3d8bbwe\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingTravel_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingTravel_8wekyb3d8bbwe\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingWeather_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.BingWeather_8wekyb3d8bbwe\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Bing_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.Bing_8wekyb3d8bbwe\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppexFinance\Capabilities]
"ApplicationName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppexFinance\Capabilities]
"ApplicationDescription"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppexFinance\Capabilities\URLAssociations]
"bingfinance"="AppXwh8zt5d5vs2res4p2nqe1q3hffrnkr8n"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance]
"DisplayName"="@{Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppexMaps\Capabilities]
"ApplicationName"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppexMaps\Capabilities]
"ApplicationDescription"="@{Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingMaps/Resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppexMaps\Capabilities\URLAssociations]
"bingmaps"="AppXde453qzh223ys1wt2jpyxz3z4cn10ngt"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppexNews\Capabilities]
"ApplicationName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppexNews\Capabilities]
"ApplicationDescription"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/NewsAppDesc}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppexNews\Capabilities\URLAssociations]
"bingnews"="AppXneg0t0xkktzv857g6xgsvj8pav6s1t5x"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"DisplayName"="@{Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppexSports\Capabilities]
"ApplicationName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppexSports\Capabilities]
"ApplicationDescription"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSportsApp}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppexSports\Capabilities\URLAssociations]
"bingsports"="AppXcbv5327r7rdq29p70tt5kdntysgx9c5y"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports]
"DisplayName"="@{Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppexTravel\Capabilities]
"ApplicationName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppexTravel\Capabilities]
"ApplicationDescription"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppexTravel\Capabilities\URLAssociations]
"bingtravel"="AppXedf16y52sm2kqhytky9zey5hdcxjp137"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\Applications\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\Applications\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel]
"DisplayName"="@{Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\App\Capabilities]
"ApplicationName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\App\Capabilities]
"ApplicationDescription"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppDescription}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\App\Capabilities\URLAssociations]
"bingweather"="AppXtd3a09wsy6gzycshqf9ebdqsgskm2jc1"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingWeather_8wekyb3d8bbwe!App]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\Applications\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"DisplayName"="@{Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
"PackageRootFolder"="C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
"PackageID"="Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Applications\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Applications\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"DisplayName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Applications\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"ApplicationContentUris"="+http://*.bing.com +http://*.dev4-bing-int.com +http://*.bing-int.com"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Microsoft.Bing]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Microsoft.Bing\Capabilities]
"ApplicationName"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Microsoft.Bing\Capabilities]
"ApplicationDescription"="@{Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Bing/resources/app_description}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\Microsoft.Bing\Capabilities\URLAssociations]
"bingsearch"="AppXpc32jqxwy10b402mqmvjsb3xqyaptejd"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingFinance_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe\SplashScreen\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe\SplashScreen\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingFinance/Files/shared/images/splash.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingFinance_8wekyb3d8bbwe\SplashScreen\Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingFinance/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingMaps_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\SplashScreen\Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\SplashScreen\Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingMaps/Files/Images/splash.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingMaps_8wekyb3d8bbwe\SplashScreen\Microsoft.BingMaps_8wekyb3d8bbwe!AppexMaps]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingMaps/Resources/AppDisplayName}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingNews_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SplashScreen\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SplashScreen\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingNews/Files/images/splash.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SplashScreen\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingNews/resources/News}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingNews_8wekyb3d8bbwe\SplashScreen\Microsoft.BingNews_8wekyb3d8bbwe!AppexNews]
"ImageCache"="C:\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\images\splash.scale-100.png"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingSports_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\SplashScreen\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\SplashScreen\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingSports/Files/images/splashscreen.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingSports_8wekyb3d8bbwe\SplashScreen\Microsoft.BingSports_8wekyb3d8bbwe!AppexSports]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingSports/resources/BingSports}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingTravel_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\SplashScreen\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\SplashScreen\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingTravel/Files/images/splash.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingTravel_8wekyb3d8bbwe\SplashScreen\Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingTravel/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.BingWeather_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SplashScreen\Microsoft.BingWeather_8wekyb3d8bbwe!App]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SplashScreen\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingWeather/Files/images/splash.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SplashScreen\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.BingWeather/resources/AppTitle}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.BingWeather_8wekyb3d8bbwe\SplashScreen\Microsoft.BingWeather_8wekyb3d8bbwe!App]
"ImageCache"="C:\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\images\splash.scale-100.png"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\PackageStateRoamingCollectionId]
"CollectionId"="Microsoft.Bing_8wekyb3d8bbwe-0"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SplashScreen\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SplashScreen\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"Image"="@{C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.Bing/Files/shell/images/splashscreen.png}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SplashScreen\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"AppName"="@{C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\resources.pri?ms-resource://Microsoft.Bing/resources/app_name}"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SplashScreen\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"ImageCache"="C:\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\shell\images\splashscreen.scale-100.png"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Bing_8wekyb3d8bbwe\SplashScreen\Microsoft.Bing_8wekyb3d8bbwe!Microsoft.Bing]
"AppNameCache"="Bing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.bin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.diagcab]
@="Diagnostic.Cabinet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.hqx]
"Content Type"="application/mac-binhex40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xlsb]
@="Excel.SheetBinaryMacroEnabled.12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xlsb]
"Content Type"="application/vnd.ms-excel.sheet.binary.macroEnabled.12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.xlsb\Excel.SheetBinaryMacroEnabled.12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Amaya\DefaultIcon]
@="G:\Web Design Tools\Amaya\WindowsWX\bin\amaya.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Amaya\shell\open\command]
@=""G:\Web Design Tools\Amaya\WindowsWX\bin\amaya.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CABFolder]
@="Cabinet File"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CImeDictAPIBlockBinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CImeDictAPIBlockBinder]
@="CImeDictAPIBlockBinder Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CImeDictAPIBlockBinder\CurVer]
@="CImeDictAPIBlockBinder.15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CImeDictAPIBlockBinder.15]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CImeDictAPIBlockBinder.15]
@="CImeDictAPIBlockBinder Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06290BD2-48AA-11D2-8432-006008C3FBFC}]
@="Factory bindable using IPersistMoniker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}]
@="NDP SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\ProgID]
@="CorSymBinder_SxS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}]
@="Cabinet Shell Folder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}]
@="Quarantine Private SHA Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25A15FB8-A004-4DE8-BF87-67AD27C2F4D8}\LocalServer32]
@=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPScanDisco.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B4F54B1-3D6D-11d0-8258-00C04FD5AE38}]
@="Shell BindStatusCallback Proxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3050F3C2-98B5-11CF-BB82-00AA00BDCE0B}]
@="Microsoft HTML DwnBindInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{384ea5ae-ade1-4e8a-8a9b-7bea78fff1e9}]
@="CLSID_BinaryAutoList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C6728C8-07C6-4A58-A638-C55AAEC84D6A}\LocalServer32]
@=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C6728C8-07C6-4A58-A638-C55AAEC84D6A}\LocalServer32]
"ServerExecutable"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}]
@="Microsoft.Audio.AudioClient Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{427BC7E3-F833-4584-8745-CFAB9D7A5761}]
@="CTaskConditionCombiner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}]
@="Empty Recycle Bin verb invocation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}]
@="Recycle Bin Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}]
@="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}\InprocServer32]
"Class"="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}\ProgId]
@="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
@="Utility Object for Binding Events SubObjects in Script Variables"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}\ProgID]
@="MSVidCtl.MSEventBinder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}\VersionIndependentProgID]
@="MSVidCtl.MSEventBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}]
@="CImeDictAPIBlockBinder Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}\ProgID]
@="CImeDictAPIBlockBinder.15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}\VersionIndependentProgID]
@="CImeDictAPIBlockBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA199A0-1CED-43A5-9B85-3226086738A3}]
@="Binding Engine Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79eac9f2-baf9-11ce-8c82-00aa004ba90b}]
@="Async BindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e99c0a3-f935-11d2-ba96-00c04fb6d0d1}]
@="ADs DN With Binary Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7e99c0a3-f935-11d2-ba96-00c04fb6d0d1}\ProgID]
@="DNWithBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}]
@="Binary Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CBinaryConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CBinaryConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}\InprocServer32]
"Class"="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}\ProgId]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E594310-16CA-4a00-932F-F70969F990C0}]
@="Quarantine System Health Agent Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9443B89B-6564-496a-B19C-6C6D22709045}]
@="Quarantine Enforcement Client Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA544D41-28CB-11D3-BD22-0000F80849BD}]
@="SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA544D41-28CB-11D3-BD22-0000F80849BD}\ProgID]
@="SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C50477A2-69CD-4614-95CE-AB653E65F039}\LocalServer32]
@=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C50477A2-69CD-4614-95CE-AB653E65F039}\LocalServer32]
"ServerExecutable"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}]
@="State of verb Empty Recycle Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCBCA92E-7DBE-4eda-8B7B-3AAEA4DD412B}]
@="Quarantine Private QEC Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0FA581D-2188-11D2-A739-00C04FA377A1}]
@="Provider Binder for DS OLE DB Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}\InprocServer32]
"Class"="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}\ProgId]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5A55D36-8750-432C-AB52-AD49A016EABC}]
@="Microsoft WMI Provider Subsystem Binding Factory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}]
@="Microsoft OLE DB Root Binder for Internet Publishing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder]
@="Microsoft OLE DB Root Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID]
@="MSDAURL.Binder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID]
@="MSDAURL.Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CorSymBinder_SxS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CorSymBinder_SxS]
@="NDP SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Diagnostic.Cabinet]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Diagnostic.Cabinet]
@="Diagnostic Cabinet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DNWithBinary]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled]
@="Microsoft Excel Binary Worksheet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled\CurVer]
@="Excel.SheetBinaryMacroEnabled.12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled.12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Excel.SheetBinaryMacroEnabled.12]
@="Microsoft Excel Binary Worksheet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\00004109A20090400100000000F01FEC]
"OfficeExample64bitFilesBIntl_1033"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0000000e-0000-0000-C000-000000000046}]
@="IBindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{027C036A-4052-3821-85DE-B53319DF1211}]
@="ISymbolBinder1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04A578B2-E778-422A-A805-B3EE54D90BD9}]
@="IValidateBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{04e6aa66-0b6c-4c42-bcbb-9334c9a73d63}]
@="IImeDictAPIBlockBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C733A89-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C733AB1-2A1C-11CE-ADE5-00AA0044773D}]
@="IBindResource"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0C733AB3-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBBinderProperties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1140C38E-5100-4ea1-8D43-87D326724028}]
@="INapSystemHealthAgentBinding2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{13e60d89-ea0a-5b01-9c2f-0e5b435058e0}]
@="Windows.Foundation.Collections.IIterator<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1A19D89E-F4FE-3E8E-B7EC-05D4E592F3F6}]
@="IEventBindingService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{20808ADC-CC01-3F3A-8F09-ED12940FC212}]
@="ISymbolBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{22BDC741-73F0-41DB-9463-E343DEF3E376}]
@="IQuarPrivateQecBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{24210872-A294-4946-A14F-4A264F70258E}]
@="IQuarPrivateShaBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3050F3F2-98B5-11CF-BB82-00AA00BDCE0B}]
@="IHTMLDatabinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3169AB11-7109-3808-9A61-EF4BA0534FD9}]
@="_Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3BCF0CB2-A849-375E-8189-1BA5F1F4A9B0}]
@="_BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{442E3C03-A205-3F21-AA4D-31768BB8EA28}]
@="_BinaryReader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{450222D0-87CA-3699-A7B4-D8A0FDB72357}]
@="_SerializationBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{49278A16-7447-11D2-ACCB-0000F87A37D8}]
@="IBindMgr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4CA8147E-BAA3-3A7F-92CE-A4FD7F17D8DA}]
@="_BinaryWriter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4E872631-4E75-496C-A4D6-CE1D5B6A90A3}]
@="IBindingRedirect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5678a6a5-4d5a-51c2-a133-4b83bf25d987}]
@="Windows.Foundation.Collections.IIterable<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5BF4E813-3B53-4C6E-B61A-D86A63755650}]
@="ISmsBinaryMessage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5C6FB596-4828-4ED5-B9DD-293DAD736FB5}]
@="ICorSvcBindToWorker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63B9DA95-FB91-358A-B7B7-90C34AA34AB7}]
@="_SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63CDBCB0-C1B1-11D0-9336-00A0C90DCAA9}]
@="IBindEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6A960869-4528-4652-B101-9D44D44C2F55}]
@="IQuarPrivateShaBinding2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ea176ea-99ea-5c79-876a-f4c437b83df6}]
@="Windows.Foundation.Collections.IVectorView<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{71C0D2BC-726D-45CC-A6C0-2E31C1DB2159}]
@="IInitializeWithBindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{728ab302-217d-11da-b2a4-000e7bbb2b09}]
@="IBinaryConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}]
@="DataBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9C0-BAF9-11CE-8C82-00AA004BA90B}]
@="IBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9C1-BAF9-11CE-8C82-00AA004BA90B}]
@="IBindStatusCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{79EAC9D5-BAF9-11CE-8C82-00AA004BA90B}]
@="IBindStatusCallbackMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7e99c0a2-f935-11d2-ba96-00c04fb6d0d1}]
@="IADsDNWithBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85D18B80-3032-11D4-9348-00C04F8EEB71}]
@="IHNetPortMappingBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{85D18B81-3032-11D4-9348-00C04F8EEB71}]
@="IEnumHNetPortMappingBindings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8ED115A1-5E7B-34DC-AB85-90316F28015D}]
@="_SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{92B93223-7487-42D9-9A91-5B8507720384}]
@="INapEnforcementClientBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9B7DE9A9-BD59-11D2-9238-00A02448799A}]
@="IDebugIDBInfo2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9DB3E3B8-84F5-488E-93EB-B3CE3E33EDAB}]
@="IDebugBinderDirect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A22929C9-D301-3F5B-98B7-844FDBA1DEDF}]
@="_CodeBinaryOperatorExpression"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6894F43-9CC7-44C9-A23F-19DBF36BAD28}]
@="INapSystemHealthAgentBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}]
@="IBindStatusCallbackEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B05DC0A0-B06F-4BF9-9FF8-E01E59E850CA}]
@="IActivateWebInstanceWithContext"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{B34E469B-BD59-11D2-9238-00A02448799A}]
@="IEnumDebugIDBInfo2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BBCD7263-B415-40F6-942A-4A9A8599B708}]
@="IDebugBinder3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD96C556-65A3-11D0-983A-00C04FC29E31}]
@="IBindMgr21"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C077C833-476C-11D2-B73C-0000F87572EF}]
@="IDebugBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3209836-26EB-4E90-AB7A-6A7AEA82D59C}]
@="IPersistBinaryStream"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C3A9F406-2222-436D-86D5-BA3229279EFB}]
@="IMSEventBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}]
@="DataBindings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{d9904edc-5391-51f8-9bd8-db81e5763766}]
@="Windows.Foundation.Collections.IVector<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DCF3C6EE-7C7D-4E1F-AEEB-646902AF0723}]
@="IDebugBinder2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3FF0D90-9E82-3736-A253-3B2F41EF981A}]
@="_BindingNavigator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{fa4c2ff1-2ceb-556b-b077-28107769fbdb}]
@="IReference<Windows.Graphics.Printing.PrintBinding>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}]
@="IBindHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/mac-binhex40]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Content Type\application/vnd.ms-excel.sheet.binary.macroEnabled.12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDAURL.Binder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDAURL.Binder]
@="Microsoft OLE DB Root Binder for Internet Publishing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDAURL.Binder\CurVer]
@="MSDAURL.Binder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDAURL.Binder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSDAURL.Binder.1]
@="Microsoft OLE DB Root Binder for Internet Publishing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSEventBinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSEventBinder]
@="Utility Object for Binding Events SubObjects in Script Variables"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSEventBinder\CurVer]
@="MSVidCtl.MSEventBinder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSEventBinder.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVidCtl.MSEventBinder.1]
@="Utility Object for Binding Events SubObjects in Script Variables"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{3223E024-5D70-3236-A92A-6B4114B2632F}\2.0.0.0]
"Class"="System.Reflection.BindingFlags"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{3223E024-5D70-3236-A92A-6B4114B2632F}\4.0.0.0]
"Class"="System.Reflection.BindingFlags"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{5607577D-8945-37A1-AE78-EDDF2A02FE1F}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Access.AcPrintPaperBin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8105E2B5-53C4-31C9-9EBD-75706288B16A}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Word.WdOMathBreakBin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BFE7907F-F8D8-4416-B016-8FE69DC2D17B}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Publisher.PbInksToPrint"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D5B7E7CC-9E7F-45BF-ACC1-88CD28D45AAF}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Publisher.PbInlineAlignment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{E9D00DED-BE26-4963-A447-DF4561054D98}\14.0.0.0]
"Class"="Microsoft.Office.Interop.Publisher.PbInkName"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Scriptlet.Factory]
@="Factory bindable using IPersistMoniker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymBinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymBinder]
@="SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Serialization.Formatters.Binary.BinaryFormatter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.Serialization.Formatters.Binary.BinaryFormatter]
@="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{284C2A89-C055-432B-B2EE-6B1AC4A70BC0}\1.0\0\win64]
@="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPScanDisco.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{284C2A89-C055-432B-B2EE-6B1AC4A70BC0}\1.0\HELPDIR]
@="C:\Program Files\HP\HP Officejet Pro 8600\Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B8812619-BDB3-11D0-B19E-00A0C91E29D8}\5.4\0\win32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B8812619-BDB3-11D0-B19E-00A0C91E29D8}\5.4\HELPDIR]
@="C:\Program Files (x86)\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\InvokeDefaultVerbInOtherProcess]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}]
@="Microsoft Excel Binary Worksheet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}]
"MainPartContentType"="application/vnd.ms-excel.sheet.binary.macroEnabled.main"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AuxUserType\2]
@="Binary Worksheet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\AuxUserType\3]
@="Microsoft Excel Binary 12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\DefaultExtension]
@=".xlsb, Excel Binary Workbook (*.xlsb)"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\ProgID]
@="Excel.SheetBinaryMacroEnabled.12"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00020833-0000-0000-C000-000000000046}\VersionIndependentProgID]
@="Excel.SheetBinaryMacroEnabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0468C085-CA5B-11D0-AF08-00609797F0E0}]
@="Outlook Today's Data-binding control"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{06290BD2-48AA-11D2-8432-006008C3FBFC}]
@="Factory bindable using IPersistMoniker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}]
@="NDP SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\ProgID]
@="CorSymBinder_SxS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}]
@="Cabinet Shell Folder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1588D907-83CA-4CD7-A5B3-45CE414AA4D0}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{24FF4FDC-1D9F-4195-8C79-0DA39248FF48}]
@="Quarantine Private SHA Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{2B4F54B1-3D6D-11d0-8258-00C04FD5AE38}]
@="Shell BindStatusCallback Proxy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3050F3C2-98B5-11CF-BB82-00AA00BDCE0B}]
@="Microsoft HTML DwnBindInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{353E066A-5D5A-4EC3-A4B0-3923A2A6BEF0}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{384ea5ae-ade1-4e8a-8a9b-7bea78fff1e9}]
@="CLSID_BinaryAutoList"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C6728C8-07C6-4A58-A638-C55AAEC84D6A}\LocalServer32]
@=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C6728C8-07C6-4A58-A638-C55AAEC84D6A}\LocalServer32]
"ServerExecutable"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{41FCCC3A-1FA1-4949-953A-6EE61C46A4D1}]
@="Microsoft.Audio.AudioClient Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{427BC7E3-F833-4584-8745-CFAB9D7A5761}]
@="CTaskConditionCombiner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{48527bb3-e8de-450b-8910-8c4099cb8624}]
@="Empty Recycle Bin verb invocation"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4a04656d-52aa-49de-8a09-cb178760e748}]
@="Recycle Bin Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{4AE5476C-F4C5-4721-982A-3BE2007DCBD1}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}]
@="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}\InprocServer32]
"Class"="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{50369004-DB9A-3A75-BE7A-1D0EF017B9D3}\ProgId]
@="System.Runtime.Serialization.Formatters.Binary.BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}]
@="Utility Object for Binding Events SubObjects in Script Variables"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}\ProgID]
@="MSVidCtl.MSEventBinder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577FAA18-4518-445E-8F70-1473F8CF4BA4}\VersionIndependentProgID]
@="MSVidCtl.MSEventBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}]
@="CImeDictAPIBlockBinder Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}\ProgID]
@="CImeDictAPIBlockBinder.15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5a4b3263-4381-4499-bf2f-c98d168e3ee2}\VersionIndependentProgID]
@="CImeDictAPIBlockBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5AA199A0-1CED-43A5-9B85-3226086738A3}]
@="Binding Engine Task Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B3889D4-F844-4227-815D-821A1A0A756C}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5ef4af3a-f726-11d0-b8a2-00c04fc309a4}]
@="Recycle Bin Cleaner"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{636F33CF-E833-4761-BD18-60C1902529F2}]
@="BinaryObjectSyncRequestFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6F763747-C66E-4F17-AC3A-72E31CD87585}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{77374631-CE64-4E11-A108-08C52C36E1AD}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79eac9f2-baf9-11ce-8c82-00aa004ba90b}]
@="Async BindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7e99c0a3-f935-11d2-ba96-00c04fb6d0d1}]
@="ADs DN With Binary Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7e99c0a3-f935-11d2-ba96-00c04fb6d0d1}\ProgID]
@="DNWithBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}]
@="Binary Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}\ProgID]
@="X509Enrollment.CBinaryConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{884e2002-217d-11da-b2a4-000e7bbb2b09}\VersionIndependentProgID]
@="X509Enrollment.CBinaryConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}\InprocServer32]
"Class"="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C1425C9-A7D3-35CD-8248-928CA52AD49B}\ProgId]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8E594310-16CA-4a00-932F-F70969F990C0}]
@="Quarantine System Health Agent Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9443B89B-6564-496a-B19C-6C6D22709045}]
@="Quarantine Enforcement Client Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA544D41-28CB-11D3-BD22-0000F80849BD}]
@="SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AA544D41-28CB-11D3-BD22-0000F80849BD}\ProgID]
@="SymBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BDD7C527-7C4B-4C22-9F7B-712BDC9A2D10}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BFAFF977-56F7-458A-9137-E148888D45B4}]
@="BinaryObjectStorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C50477A2-69CD-4614-95CE-AB653E65F039}\LocalServer32]
@=""C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{C50477A2-69CD-4614-95CE-AB653E65F039}\LocalServer32]
"ServerExecutable"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{c9298eef-69dd-4cdd-b153-bdbc38486781}]
@="State of verb Empty Recycle Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D1954B6A-A88E-4A42-8C96-58BA55FB03E7}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D28F70A0-0F60-47AB-BD1B-E428E6791324}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DCBCA92E-7DBE-4eda-8B7B-3AAEA4DD412B}]
@="Quarantine Private QEC Binding class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E0FA581D-2188-11D2-A739-00C04FA377A1}]
@="Provider Binder for DS OLE DB Provider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}\InprocServer32]
"Class"="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F59D514C-F200-319F-BF3F-9E4E23B2848C}\ProgId]
@="System.Runtime.Remoting.Metadata.W3cXsd2001.SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9A1AD15-1062-4767-93EC-A56FD6CE9D18}\InprocServer32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}]
@="Microsoft OLE DB Root Binder for Internet Publishing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\OLE DB Binder]
@="Microsoft OLE DB Root Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\ProgID]
@="MSDAURL.Binder.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FF151822-B0BF-11D1-A80D-000000000000}\VersionIndependentProgID]
@="MSDAURL.Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0000000e-0000-0000-C000-000000000046}]
@="IBindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020996-0000-0000-C000-000000000046}]
@="KeyBindings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00020998-0000-0000-C000-000000000046}]
@="KeyBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{00024478-0000-0000-C000-000000000046}]
@="XmlDataBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{027C036A-4052-3821-85DE-B53319DF1211}]
@="ISymbolBinder1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04A578B2-E778-422A-A805-B3EE54D90BD9}]
@="IValidateBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{04e6aa66-0b6c-4c42-bcbb-9334c9a73d63}]
@="IImeDictAPIBlockBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C733A89-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBInfo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C733A8B-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C733AB1-2A1C-11CE-ADE5-00AA0044773D}]
@="IBindResource"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{0C733AB3-2A1C-11CE-ADE5-00AA0044773D}]
@="IDBBinderProperties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1140C38E-5100-4ea1-8D43-87D326724028}]
@="INapSystemHealthAgentBinding2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{13e60d89-ea0a-5b01-9c2f-0e5b435058e0}]
@="Windows.Foundation.Collections.IIterator<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1A19D89E-F4FE-3E8E-B7EC-05D4E592F3F6}]
@="IEventBindingService"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{20808ADC-CC01-3F3A-8F09-ED12940FC212}]
@="ISymbolBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{22BDC741-73F0-41DB-9463-E343DEF3E376}]
@="IQuarPrivateQecBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{24210872-A294-4946-A14F-4A264F70258E}]
@="IQuarPrivateShaBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3050F3F2-98B5-11CF-BB82-00AA00BDCE0B}]
@="IHTMLDatabinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3169AB11-7109-3808-9A61-EF4BA0534FD9}]
@="_Binder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{38604C20-4F74-42EE-B3D3-F1E71F6AC7A3}]
@="IBinaryObjectStorer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{3BCF0CB2-A849-375E-8189-1BA5F1F4A9B0}]
@="_BinaryFormatter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{442E3C03-A205-3F21-AA4D-31768BB8EA28}]
@="_BinaryReader"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{450222D0-87CA-3699-A7B4-D8A0FDB72357}]
@="_SerializationBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{49278A16-7447-11D2-ACCB-0000F87A37D8}]
@="IBindMgr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4CA8147E-BAA3-3A7F-92CE-A4FD7F17D8DA}]
@="_BinaryWriter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{4E872631-4E75-496C-A4D6-CE1D5B6A90A3}]
@="IBindingRedirect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5678a6a5-4d5a-51c2-a133-4b83bf25d987}]
@="Windows.Foundation.Collections.IIterable<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5BF4E813-3B53-4C6E-B61A-D86A63755650}]
@="ISmsBinaryMessage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5C6FB596-4828-4ED5-B9DD-293DAD736FB5}]
@="ICorSvcBindToWorker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{60EC79B1-4742-4665-93CB-32F8FD795185}]
@="ILiveBinaryObject"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63B9DA95-FB91-358A-B7B7-90C34AA34AB7}]
@="_SoapHexBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{63CDBCB0-C1B1-11D0-9336-00A0C90DCAA9}]
@="IBindEventHandler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6A960869-4528-4652-B101-9D44D44C2F55}]
@="IQuarPrivateShaBinding2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6ea176ea-99ea-5c79-876a-f4c437b83df6}]
@="Windows.Foundation.Collections.IVectorView<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{71C0D2BC-726D-45CC-A6C0-2E31C1DB2159}]
@="IInitializeWithBindCtx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{728ab302-217d-11da-b2a4-000e7bbb2b09}]
@="IBinaryConverter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7500A6BA-EB65-11D1-938D-0000F87557C9}]
@="DataBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79EAC9C0-BAF9-11CE-8C82-00AA004BA90B}]
@="IBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79EAC9C1-BAF9-11CE-8C82-00AA004BA90B}]
@="IBindStatusCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{79EAC9D5-BAF9-11CE-8C82-00AA004BA90B}]
@="IBindStatusCallbackMsg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7e99c0a2-f935-11d2-ba96-00c04fb6d0d1}]
@="IADsDNWithBinary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{85D18B80-3032-11D4-9348-00C04F8EEB71}]
@="IHNetPortMappingBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{85D18B81-3032-11D4-9348-00C04F8EEB71}]
@="IEnumHNetPortMappingBindings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8ED115A1-5E7B-34DC-AB85-90316F28015D}]
@="_SoapBase64Binary"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{92B93223-7487-42D9-9A91-5B8507720384}]
@="INapEnforcementClientBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9B7DE9A9-BD59-11D2-9238-00A02448799A}]
@="IDebugIDBInfo2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{9DB3E3B8-84F5-488E-93EB-B3CE3E33EDAB}]
@="IDebugBinderDirect"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A22929C9-D301-3F5B-98B7-844FDBA1DEDF}]
@="_CodeBinaryOperatorExpression"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{A6894F43-9CC7-44C9-A23F-19DBF36BAD28}]
@="INapSystemHealthAgentBinding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AAA74EF9-8EE7-4659-88D9-F8C504DA73CC}]
@="IBindStatusCallbackEx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B05DC0A0-B06F-4BF9-9FF8-E01E59E850CA}]
@="IActivateWebInstanceWithContext"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{B34E469B-BD59-11D2-9238-00A02448799A}]
@="IEnumDebugIDBInfo2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BBCD7263-B415-40F6-942A-4A9A8599B708}]
@="IDebugBinder3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BD96C556-65A3-11D0-983A-00C04FC29E31}]
@="IBindMgr21"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C077C833-476C-11D2-B73C-0000F87572EF}]
@="IDebugBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C3209836-26EB-4E90-AB7A-6A7AEA82D59C}]
@="IPersistBinaryStream"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C3A9F406-2222-436D-86D5-BA3229279EFB}]
@="IMSEventBinder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D4E0F020-720A-11CF-8136-00AA00C14959}]
@="DataBindings"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{d9904edc-5391-51f8-9bd8-db81e5763766}]
@="Windows.Foundation.Collections.IVector<Windows.Devices.Sms.ISmsBinaryMessage>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DCF3C6EE-7C7D-4E1F-AEEB-646902AF0723}]
@="IDebugBinder2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3FF0D90-9E82-3736-A253-3B2F41EF981A}]
@="_BindingNavigator"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E8AD09F5-0FD5-4178-B0FA-237B0A046449}]
@="IBinaryObjectNameParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{fa4c2ff1-2ceb-556b-b077-28107769fbdb}]
@="IReference<Windows.Graphics.Printing.PrintBinding>"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{FC4801A1-2BA9-11CF-A229-00AA003D7352}]
@="IBindHost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{284C2A89-C055-432B-B2EE-6B1AC4A70BC0}\1.0\0\win64]
@="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPScanDisco.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{284C2A89-C055-432B-B2EE-6B1AC4A70BC0}\1.0\HELPDIR]
@="C:\Program Files\HP\HP Officejet Pro 8600\Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B8812619-BDB3-11D0-B19E-00A0C91E29D8}\5.4\0\win32]
@="C:\PROGRA~2\COMMON~1\MICROS~1\WEBSER~1\14\BIN\FPWEC.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{B8812619-BDB3-11D0-B19E-00A0C91E29D8}\5.4\HELPDIR]
@="C:\Program Files (x86)\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CBinaryConverter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CBinaryConverter]
@="Binary Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CBinaryConverter\CurVer]
@="X509Enrollment.CBinaryConverter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CBinaryConverter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\X509Enrollment.CBinaryConverter.1]
@="Binary Converter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9381D8F2-0288-11D0-9501-00AA00B911A5}]
@="Dynamic HTML Data Binding"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\2.0.50727.0]
"SupportedExts"=".asax,1,.ascx,1,.ashx,0,.asmx,0,.aspx,0,.axd,0,.vsdisco,0,.rem,0,.soap,0,.config,1,.cs,1,.csproj,1,.vb,1,.vbproj,1,.webinfo,1,.licx,1,.resx,1,.resources,1,.master,1,.skin,1,.compiled,1,.browser,1,.mdb,1,.jsl,1,.vjsproj,1,.sitemap,1,.msgx,0,.ad,1,.dd,1,.ldd,1,.sd,1,.cd,1,.adprototype,1,.lddprototype,1,.sdm,1,.sdmDocument,1,.ldb,1,.svc,0,.mdf,1,.ldf,1,.java,1,.exclude,1,.refresh,1,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\4.0.30319.0]
"SupportedExts"=".asax,1,.ascx,1,.ashx,0,.asmx,0,.aspx,0,.axd,0,.vsdisco,0,.rem,0,.soap,0,.config,1,.cs,1,.csproj,1,.vb,1,.vbproj,1,.webinfo,1,.licx,1,.resx,1,.resources,1,.master,1,.skin,1,.compiled,1,.browser,1,.mdb,1,.jsl,1,.vjsproj,1,.sitemap,1,.msgx,0,.ad,1,.dd,1,.ldd,1,.sd,1,.cd,1,.adprototype,1,.lddprototype,1,.sdm,1,.sdmDocument,1,.ldb,1,.svc,0,.mdf,1,.ldf,1,.java,1,.exclude,1,.refresh,1,.xoml,0,.xamlx,0,.rules,1,"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{00AAC56B-CD44-11D0-8CC2-00C04FC295EE}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{31D1ADC1-D329-11D1-8ED8-0080C76516C6}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-AABA-11D0-8CCB-00C04FC295EE}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{573E31F8-DDBA-11D0-8CCB-00C04FC295EE}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{64B9D180-8DA2-11CF-8736-00AA00A485EB}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{A7F4C378-21BE-494e-BA0F-BB12C5D208C5}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{C6B2E8D0-E005-11CF-A134-00C04FD7BF43}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{D41E4F1D-A407-11D1-8BC9-00C04FA30A41}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{D41E4F1F-A407-11D1-8BC9-00C04FA30A41}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Providers\Trust\Initialization\{FC451C16-AC75-11D1-B4B8-00C04FB66EA0}]
"$Function"="SoftpubInitialize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DataAccess\RootBinder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{8DCB7100-DF86-4384-8842-8FA844297B3F}]
"DllName"="BingExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}]
"DllName"="BingExt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_RELEASE_CALLBACK_ON_STOP_BINDING]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SAFE_BINDTOOBJECT]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_SHIM_MSHELP_COMBINE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"DisplayName"="Bing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"FaviconPath"="C:\Program Files (x86)\Online Services\Bing_icon\favicon.ico"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"SuggestionsURL"="http://api.bing.com/qsml.aspx?query...e:sectionHeight}&FORM=IE8SSC&market={language}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
"URL"="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\housecall.bin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\PhoneConverters\Tokens\Chinese]
"PhoneMap"="- 0001 ! 0002 & 0003 , 0004 . 0005 ? 0006 _ 0007 + 0008 * 0009 1 000A 2 000B 3 000C 4 000D 5 000E a 000F ai 0010 an 0011 ang 0012 ao 0013 ba 0014 bai 0015 ban 0016 bang 0017 bao 0018 bei 0019 ben 001A beng 001B bi 001C bian 001D biao 001E bie 001F bin 0020 bing 0021 bo 0022 bu 0023 ca 0024 cai 0025 can 0026 cang 0027 cao 0028 ce 0029 cen 002A ceng 002B cha 002C chai 002D chan 002E chang 002F chao 0030 che 0031 chen 0032 cheng 0033 chi 0034 chong 0035 chou 0036 chu 0037 chuai 0038 chuan 0039 chuang 003A chui 003B chun 003C chuo 003D ci 003E cong 003F cou 0040 cu 0041 cuan 0042 cui 0043 cun 0044 cuo 0045 da 0046 dai 0047 dan 0048 dang 0049 dao 004A de 004B dei 004C den 004D deng 004E di 004F dia 0050 dian 0051 diao 0052 die 0053 ding 0054 diu 0055 dong 0056 dou 0057 du 0058 duan 0059 dui 005A dun 005B duo 005C e 005D ei 005E en 005F er 0060 fa 0061 fan 0062 fang 0063 fei 0064 fen 0065 feng 0066 fo 0067 fou 0068 fu 0069 ga
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK\TextNorm]
"DataFile"="%windir%\Speech\Engines\SR\en-US\tn1033.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-1033-80-DESK\WordParse]
"Datafile"="%windir%\Speech\Engines\SR\en-US\wp1033.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-2057-80-DESK\TextNorm]
"DataFile"="%windir%\Speech\Engines\SR\en-GB\tn2057.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Speech\Recognizers\Tokens\MS-2057-80-DESK\WordParse]
"DataFile"="%windir%\Speech\Engines\SR\en-GB\wp2057.bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\advapi32.dll[MofResourceName]"="LowDateTime:678210304,HighDateTime:30239401***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\en-US\advapi32.dll.mui[MofResourceName]"="LowDateTime:102537707,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]"="LowDateTime:110982463,HighDateTime:30250712***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]"="LowDateTime:4408675,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\mssmbios.sys[MofResource]"="LowDateTime:678078713,HighDateTime:30239417***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]"="LowDateTime:-15716357,HighDateTime:30239440***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]"="LowDateTime:893186382,HighDateTime:30260128***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]"="LowDateTime:4252667,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\drivers\battc.sys[BATTCWMI]"="LowDateTime:-1533261649,HighDateTime:30254925***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\drivers\en-US\battc.sys.mui[BATTCWMI]"="LowDateTime:-15872365,HighDateTime:30239440***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\HDAudBus.sys[HDAudioMofName]"="LowDateTime:421176745,HighDateTime:30250692***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\en-US\HDAudBus.sys.mui[HDAudioMofName]"="LowDateTime:5968755,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\Drivers\portcls.SYS[PortclsMof]"="LowDateTime:-2136263592,HighDateTime:30325705***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\Drivers\en-US\portcls.SYS.mui[PortclsMof]"="LowDateTime:5968755,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\drivers\NetgearUDSMBus.sys[MofResourceName]"="LowDateTime:1812435456,HighDateTime:30243164***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"SCSI\Disk&Ven_ATA&Prod_Hitachi_HTS54757\4&121a3623&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}"="LowDateTime:803713417,HighDateTime:0***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"ACPI\PNP0C14\0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"="LowDateTime:763804277,HighDateTime:0***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]"="LowDateTime:-16808413,HighDateTime:30239440***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\wmiacpi.sys[MofResource]"="LowDateTime:1063369242,HighDateTime:30239396***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\System32\drivers\monitor.sys[MonitorWMI]"="LowDateTime:-778101788,HighDateTime:30283270***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\drivers\ndis.sys[MofResourceName]"="LowDateTime:1528620181,HighDateTime:30304944***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM]
"C:\Windows\system32\DRIVERS\vwifimp.sys[NdisMofResource]"="LowDateTime:-874931054,HighDateTime:30239395***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\advapi32.dll[MofResourceName]"="LowDateTime:678210304,HighDateTime:30239401***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\en-US\advapi32.dll.mui[MofResourceName]"="LowDateTime:102537707,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\ACPI.sys[ACPIMOFResource]"="LowDateTime:110982463,HighDateTime:30250712***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\en-US\ACPI.sys.mui[ACPIMOFResource]"="LowDateTime:4408675,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\mssmbios.sys[MofResource]"="LowDateTime:678078713,HighDateTime:30239417***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\en-US\mssmbios.sys.mui[MofResource]"="LowDateTime:-15716357,HighDateTime:30239440***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\intelppm.sys[PROCESSORWMI]"="LowDateTime:893186382,HighDateTime:30260128***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\en-US\intelppm.sys.mui[PROCESSORWMI]"="LowDateTime:4252667,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\drivers\battc.sys[BATTCWMI]"="LowDateTime:-1533261649,HighDateTime:30254925***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\drivers\en-US\battc.sys.mui[BATTCWMI]"="LowDateTime:-15872365,HighDateTime:30239440***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\HDAudBus.sys[HDAudioMofName]"="LowDateTime:421176745,HighDateTime:30250692***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\en-US\HDAudBus.sys.mui[HDAudioMofName]"="LowDateTime:5968755,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\Drivers\portcls.SYS[PortclsMof]"="LowDateTime:-2136263592,HighDateTime:30325705***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\Drivers\en-US\portcls.SYS.mui[PortclsMof]"="LowDateTime:5968755,HighDateTime:30239441***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\drivers\NetgearUDSMBus.sys[MofResourceName]"="LowDateTime:1812435456,HighDateTime:30243164***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"SCSI\Disk&Ven_ATA&Prod_Hitachi_HTS54757\4&121a3623&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}"="LowDateTime:803713417,HighDateTime:0***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"ACPI\PNP0C14\0_0-{05901221-D566-11d1-B2F0-00A0C9062910}"="LowDateTime:763804277,HighDateTime:0***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName]"="LowDateTime:-16808413,HighDateTime:30239440***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\wmiacpi.sys[MofResource]"="LowDateTime:1063369242,HighDateTime:30239396***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\System32\drivers\monitor.sys[MonitorWMI]"="LowDateTime:-778101788,HighDateTime:30283270***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\drivers\ndis.sys[MofResourceName]"="LowDateTime:1528620181,HighDateTime:30304944***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"C:\Windows\system32\DRIVERS\vwifimp.sys[NdisMofResource]"="LowDateTime:-874931054,HighDateTime:30239395***Binary mof failed, see WMIPROV.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\WDM\DREDGE]
"SCSI\Disk&Ven_Seagate&Prod_Expansion\000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}"="LowDateTime:803713417,HighDateTime:0***Binary mof compiled successfully"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\AppModel\StateChange]
"BinaryName"="\Device\HarddiskVolume4\Users\Cathy\AppData\Local\Packages\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Common\166e2c420584377d68711fd5494759fb\Common.ni.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Applications\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingFinance_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingMaps_1.2.0.136_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingNews_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingSports_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingTravel_1.2.0.145_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.BingWeather_1.2.0.135_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-4122548210-2413772287-1355096437-1001\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe]
"Path"="%SYSTEMDRIVE%\Program Files\WindowsApps\Microsoft.Bing_1.2.0.137_x64__8wekyb3d8bbwe\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-i..rewebenginebinaries_31bf3856ad364e35_0.0.0.0_none_14fcbc69267521be]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_0.0.0.0_none_be0d7895260f73fa]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-s..spellcheck.binaries_31bf3856ad364e35_0.0.0.0_none_a2c6138737438a14]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_0.0.0.0_none_3316a38366edee62]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\wow64_microsoft-windows-i..rewebenginebinaries_31bf3856ad364e35_0.0.0.0_none_1f5166bb5ad5e3b9]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-ndis-tdi-bindingengine_31bf3856ad364e35_0.0.0.0_none_61eedd116db202c4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\x86_microsoft-windows-s..spellcheck.binaries_31bf3856ad364e35_0.0.0.0_none_46a778037ee618de]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-Embedded-GroupPolicy-ClientTools-Binaries-Package~31bf3856ad364e35~amd64~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance]
"BinariesExtensionList"=".exe:.dll:.sys:.db:.cpl:.mui:.cmd:.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exenPUnattend.exenPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\PerfTrack\BinaryConfiguration]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\ShowFullPath]
"RegPath"="Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.Empty]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.Location.properties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.properties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.properties]
"VerbList"="Windows.RecycleBin.Selection.properties Windows.RecycleBin.Location.properties"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.RestoreAll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.RestoreItems]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell\Windows.RecycleBin.Selection.properties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{645FF040-5081-101B-9F08-00AA002F954E}]
@="Recycle Bin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B7534046-3ECB-4C18-BE4E-64CD4CB7D6AC}]
"Name"="RecycleBinFolder"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Recycle Bin]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{000D96F5-8034-4B74-A429-B6F0B04C75F4}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\000d96f5-8034-4b74-a429-b6f0b04c75f4.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{0334682E-F04F-4F03-8B56-D518FDCB7661}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Zumas Revenge\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{26352374-AF55-4B53-B07B-6B0288ED97DF}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\26352374-af55-4b53-b07b-6b0288ed97df.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{3EDA1E54-8889-41F5-A649-5A306789B7EF}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\3eda1e54-8889-41f5-a649-5a306789b7ef.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{3EDEA465-61B0-4949-97E6-2CDC82169B9F}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\John Deere Drive Green\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{72033F97-D521-44AD-993E-7BCB7E225057}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Mahjongg Dimensions Deluxe Tiles in Time\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{977B5905-4D14-47F1-BBBF-7B92F596695D}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\WildTangent Games\Game Explorer Categories - main\977b5905-4d14-47f1-bbbf-7b92f596695d.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{B87F2BDE-5D44-4E86-BD37-A71616B35EA6}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Bejeweled 3\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{C3C636E0-1B04-11DE-8C30-0800200C9A66}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\c3c636e0-1b04-11de-8c30-0800200c9a66.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{D58EECB0-0816-11DE-8C30-0800200C9A66}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\d58eecb0-0816-11de-8c30-0800200c9a66.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{E619FD40-2356-4ABA-B007-0E870C792462}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\FATE The Cursed King\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F10F89F1-9C08-4D85-9169-A28BA1FC6AB0}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Farm Frenzy\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{F405496E-4CD5-4891-A8BC-3E58BD47B25C}]
"ConfigGDFBinaryPath"="C:\Program Files (x86)\HP Games\Penguins!\GDF.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-4122548210-2413772287-1355096437-1001\{A1145673-0561-4309-AF61-A2E3B870152A}]
"ConfigGDFBinaryPath"="C:\Program Files\WindowsApps\Microsoft.MicrosoftMahjong_1.0.0.2_x86__8wekyb3d8bbwe\GameDefinitionContainer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\S-1-5-21-4122548210-2413772287-1355096437-1001\{D970E6A2-B840-40DD-BA12-7F7B687271F2}]
"ConfigGDFBinaryPath"="C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_1.3.0.21213_x86__8wekyb3d8bbwe\GameDefinitionContainer.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\1033\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\Common Files\Microsoft Shared\Web Server Extensions\14\BIN\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HP\HP Officejet Pro 8600\bin\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\005AFC29B14E5784F9736D9FCD57DB6A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\005B87EE153803547A30372151D5B332\00004109F100C0400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0075C8AC75444FD529FC068FFBC3380C]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\utils\hpUtility.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0093040BB0258D14E86D6B933B2B9E81\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00965022248C1D110ADD000A9C502477\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\009E7C65F38C8DF45AD00C33FB1E4C88\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00A036318FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00CD1B518FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00CDBC0691203FD4A856A0F84A27F833\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\010B46E83FFFE2A578D3E84543824B8C]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\localize_1045.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\014E25605316C79489E2B262799C444E\F3CC0CBE1A7B8CF40841C4B7DF93528E]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016813F136D2B024690C9F9AE3E81B4E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016B18C0A570B674CBEE9FA62FA5636F]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1060.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01C6A217AD18CDB4B915C4591531B135\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\01C8B05FD0C7DF54594D698E89C6528B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02089E379C5E65345976EE8370B11E87\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\021AD4CE7F3D25C40BA49F9F2EB638CF\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02207D494CB62C84585D4CA537AEDDF2\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\022E17DAD3AE666419B0DE8CA6BEEF21\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02301FE07C6F5864E91AD0E19FED752B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02329F8BCBF3B8C488DE9A9A5E090DA5\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0239D4F8A975BCA469247187ED4AF48B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0283E042C21402145B5FA1646BBB1592\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02AD20A7119B0DE4C896799EF565691D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02BF7CB12B9A73248BB04E22DCFB8333\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02D0E27E36D0B834CB1729BAF9E9B845\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02D80E3DE599CAA4F8E52D3D9448E22E\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\030B0F324A64CF64AB5DAF01F686E818\00004109A10090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\030CBD8069950164C894C4A3F224A8D5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\034E942C51E4988488EFC09AB0D80011\00004109A20000000100000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\034E942C51E4988488EFC09AB0D80011\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\037312AF2D9E7374CA289CA99D9CF6E0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0391876A94E050D4E92B692087746FE2\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B171917993DC34992E93E7933FD8CD\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03DA96C318F7B9D4FA8AA45E9F333FEB\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\00004109A20000000100000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03EA91DAF1821523AAA0556E73E73D5F\1926E8D15D0BCE53481466615F760A7F]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\040F130B22370A1439E378A0C8BC2BE9\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0414722551413CE44BF86D8EE57DDA6D]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1063.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04163974CFAF61E459395EEA0DEEDE9A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\041EBFAECA393334AB5555F4A5C113C8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\042A3FF0FCE7B974999D3B112B5E9886\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0435365511E7B6C45B240DE50BF4AE29\00004109F10090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\044B2B18FBDD5823299BD88873C05DE3\1926E8D15D0BCE53481466615F760A7F]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0454DBAEEA8EB4447821E8F95DB2BF7A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\045D15B6A4673C345BCE28383E59CB0C\766F6333940964D4896BC447E3BE5C1B]
"MediaCabinet"="PhotoLibrary_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0469C90AAB5A99B40BC813DD7FCA59D7\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\047DE1C57A5C26139B5BF06B6D9DFF6F\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\048342E013A957C43802DD1714168A3E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04939F7CA5722D24896AEABE227F693A\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\049656B180D50B64C95654E2DE7ADC0D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04A7FFB0883465542A3EC9A56C3B4535\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04B637F70C49560528A2DBCE238551D5]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\highlighted_center.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFE63110B03564EAC9D1D61ED9A836\45B9108BEB9FA0946991D6601FF821F9]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFE63110B03564EAC9D1D61ED9A836\69A9FA1138D6B3C4D8BC61AEA253E8F3]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFE63110B03564EAC9D1D61ED9A836\B572B538B92FB464DBB490F75DF5BAA0]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04CFE63110B03564EAC9D1D61ED9A836\CC11B906DEC86114DAA87A128698D493]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D9AA7BC3B2AFD508675D5F8AEAC7A1]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\search_center.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\052D25C6ED813464FA608570FE4BB1B3\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0536BB968AE783F588BDD65EEB9F8F5E]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\productwebpage.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\057935CE8795D9F4CBBDF3A7F621B7C4\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\058210E145B2A4048BCF415F90EC6752\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05CEA9EC5FEA8574EA748DE4ABC952AD\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05D102A28FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05EB38C34BC08C849AA99BC8E106EF01\F132F0B0A6ECD384AA32773B467F9571]
"MediaCabinet"="WLXSuite_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05F979E388E3AF4409AC340856683EC4\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0602E165ABE027F498B41AA211F7CF23\766F6333940964D4896BC447E3BE5C1B]
"MediaCabinet"="PhotoLibrary_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06067B7D4EC6B624D9E8913001B0CF70\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063DDF0E5FEEBAA59A4F5246C5EDF349]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\other_products.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\068A078B910278C41B362FD0344983D3\B6ACDB9A3563B764CA384963D73AFB3E]
"MediaCabinet"="PhotoCommon_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06A0D925C8932A8379FE28AFAF97A860\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06B37D9744DEB794E94D5236DA29F729\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06B99239FAAAA764EA753C731D2EA80B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06D787938FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06EBDC2DE6E30DD418EC9250048346C0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"


----------



## Squeedlejinks (Feb 27, 2014)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\06F75C3405151424694653BA9F46F1B9\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\072958416F021494BBDF2E9AB7E91D6D\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\074D0F86DF4492145B272D6AB61ADEB7\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\075CBF0C89B1F7540A20E7B3FDD16D98]
"B846977CE014ABB47BB58551CBFE7ED1"="C:\Program Files (x86)\Safari\Safari.resources\en.lproj\bindict2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07659132DD719AC51ACF9C19538646AE]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\Shopping_icon.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0770322B080ACF04FB9CDEA4C3BD5D62\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07705B8EA7FD90F41995918B56EE9B68\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\077FEFF08FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07856FF7C7A203D4891D0D4B675EBC85\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0799BACF4653B08439164FCE98A690A0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\079E7838A4734F44EA59D2BA4C1089F9\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07B386E3AA9A2634AB0720D36C5B15C7\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07CADE585D8B453418893A54E95EE451\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07CC0A6BE7409094699E8A853508137D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4\766F6333940964D4896BC447E3BE5C1B]
"MediaCabinet"="PhotoLibrary_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\082A1E9D3982F674893C266EB067D87E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\082B05F28FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\085020D4FA7E709498A4E8A95D3917E4\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\086CED3502BA4294D81E08A53F017EC2\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0888D214BE69173408C863A1334667A0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\088FFC71B021FA5438DF3A8610718896\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08AABC88045C87A4D809FA5D06522E31\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08AB3036FE3E1D64DB37C959DDBC635C\00004109A20000000100000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08AB3036FE3E1D64DB37C959DDBC635C\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08B2182856892674987CFBFDA5A6F79B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08B4F56D45EE76C45ADF93B8C9DA0CC6\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08C51279923C70F4B80767251C2DF148\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E4FEEE44DE18547A8B70EE2A9B18C3\766F6333940964D4896BC447E3BE5C1B]
"MediaCabinet"="PhotoLibrary_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08EA75728FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08F197864FFF13B4BA36EAA516231982\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\090CDC26BE262A64AAD939FEBC8870BD\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0912317F4AC6B1741AC1B02F1C404FAA\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0915BD7EF8BD3445AB79801CF3A58BBB]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\tick_icon.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\093E2728198B3244583B7F93BFC9E07A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\094022EC42BC99740A0896C868826FB3\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0954BEAE9597FF5388F2783CEA546E77\00004109A20000000100000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\097F1408873878F4BBA699F8FD6F7ACE\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09A27D34BB5766A4EBCCA8668CD1C890\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09BDD92E889900D4E90F88947C700B58\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09BEEFA746BE37B438A6B2F351A80868\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09C0CF864F8F0A6479C2DF3A0CF60971\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09C1C2F2A5BB6DB4584B706CBE1B78FF]
"5A440F64B8EC691489E4B56D25E563D1"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit.resources\inspector\Images\indexedDBIndex.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09C473B6595A50A4682667CE77BE7B4B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09F7AD157C7A0C844911509464495F0B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09FE78A4A22FFAB4C924A6E6B88DE52F\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A0C53B08E86D054E84E8DC87701937E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A6B7DEC5302BF73F923C8C583CA5653\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A7E9D95D10C5C74DADB9787139A9C1D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A7FD3E02DBC49A48BF1865EA9CAC585\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A868F338FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A9F05E661C2D7B47B23A9A206B15F32\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AAD0333F64D15342BD3DC651AD841F8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AC546C0C33226B408CDC50055E855AA\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AC815CD8D2D75246BF73A0292BD096B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AD939138FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0AF9FD002F2084F3F8C856B44602D0DC\00004109A20000000100000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B1E1A0EC94346D44B632D5D39E39B70\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B27EEBBB25368A34A89A4C36060B816\1926E8D15D0BCE53481466615F760A7F]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B3D968B2609B6045B6E7EB69DA64DC5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B5EAEF575D16DB42881273AC3416C5C\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B5FFC756D0010E46888EFF3CC3A94E5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B7056D85BE27CB43A27E7503FF2EA6F\00004109A20000000100000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B7056D85BE27CB43A27E7503FF2EA6F\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B742D48B3D54BE5BBA97AE0CDEFDE6D]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\Utilities_Highlighted_icon.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B75C6FCFEF39CB49B3F37FBB86726C0\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BA2F2CC78AD949459100ED78ADF4535\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BA69E646FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BBDB966EB3417047ABF4B25015BC855\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BC7767CB67AF3740B331C02BEB66C14\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BFDA8EADCE6554408D23072023D475F\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C38DDC0001EFA24C9C6FD2429A0A807\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C41DE2D426C47448A7E1776A75DC40A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0C8E1B9E08D5DB64EB362542A1E11085\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CA689E91E862BF4698147AB8C8441F1\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CA993328FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CB7BD1C40AB26E4F83E22616254CFD5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CC9F873CE54D0645A2C97C2AF55F77D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CE44EE129AB9144F95DD88FC83A6EB7\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D3F3303BF62DF84F94FC30CBE7C9497\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D6776D2CDC55B04A930CD81962666ED\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D6B69186941A004ABB1EAD15E12059E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0D935BC19AB08A94DAEF5048A712C137\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E29B9C18FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E4119638FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E5618C28FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E712F09382979E45AEC999D51BFD457\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E737D818FAAAD117A64800002C0A966\076CFAAAB965F2A4284B2449E5D03EFE]
"MediaCabinet"="Writer_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E742DDEA6C9B8843A7FCC4CF5DE1C75\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E9148D125309224D9566515991D4ABD\E97A59ECCF4EFFF4A857920FB449F22F]
"MediaCabinet"="UXPlatform_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EC9B8F87755729458AF82F9DC66A0FC\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ED5AB96533BE644DB789B952BB76453\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F003E71DF95F2144952818EB4E9449B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F0C2B9CEA049A54283DCB3F6F6359FD\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F1D690DB7C9EBF4CB47B78A10C07700\68AB67CA7DA73301B744BA0000000010]
"MediaCabinet"="PCW_CAB_RDR11006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F1F528DBA785D115AF4000972A8B18B\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F1F947B0C8DCFF429230CF1F5641EFD\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F2A7E907B078294BBD356DC8840852C\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F5D7A0DFFC06B6598D84827A245A630]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\highlighted_bar.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0F5F425D47AEE044BB9F2A0D01664418\F3CC0CBE1A7B8CF40841C4B7DF93528E]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FC8E003B7719D344A49A34E782CA349\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\100DB96514CB2C547A1C6118D3848035\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\100F3535A5AF25A4E91BFDD0A9BB29F1\766F6333940964D4896BC447E3BE5C1B]
"MediaCabinet"="PhotoLibrary_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\100F53E69E2742A47A531855CCD80A82\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\101A6A5265AD6D240B3D81BB2EFE9058\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\101E81DEBEAC18543939D4B1989AFB7C\68AB67CA7DA73301B744BA0000000010]
"MediaCabinet"="PCW_CAB_RDR11006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\102E101F48FA85D449C99D36C76CA269\4314AE291D01A814191EA5403531A183]
"MediaCabinet"="MovieMaker_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\104D116466D13224BB281163426CD097\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\104ECBD48FB74DF44BBBB7E0FBCA89D2\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1074B877CAA119148B94594CE91D3D9A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\108FF39FEABB1F547ABAA0ABC8C66D37\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10BB9476A37D3473E83136181DC18A8F\D20352A90C039D93DBF6126ECE614057]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10BE92CC2CB71D119A12000A9CE1A22A\00004109E60090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10CB98C1E66369B4EBBAE9B111518176\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10DB495BAC08BA059A6DEDF89FE7DC84]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\localize_1029.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\110B416EDCEFD094094B5C64E586A789\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\112E9DE9B02695C4D8C83EBED5E6D519\00004109510090400000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\112E9DE9B02695C4D8C83EBED5E6D519\00004109610090400000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11377D28B4A5BDE4D9B597B314B5971E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\119A2208EFBCBE74998D856B1E3C2550\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120130C00E87DDB4796041FE5C0EC6E8\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120D71EFE9D09CF52B2DBF270F09A628]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\search_drop.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1224BC15D0FE6F845A3EB7788D3C2BFA\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12345A69C3377F14F9DBDB98C3A3A90D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\128D4B891A4A78A4C9CEA1536DB4D5CF\45B9108BEB9FA0946991D6601FF821F9]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\128D4B891A4A78A4C9CEA1536DB4D5CF\69A9FA1138D6B3C4D8BC61AEA253E8F3]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\128D4B891A4A78A4C9CEA1536DB4D5CF\B572B538B92FB464DBB490F75DF5BAA0]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\128D4B891A4A78A4C9CEA1536DB4D5CF\CC11B906DEC86114DAA87A128698D493]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12B107A7BEAC5434CAE560A8E07001A2\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12E4175350B74624ABE10A14C5C4EAB0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12F4F34917EB74E46A1A7D60D21CC622\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12F530FB79B5B664B9DFCE97DDDA76BF\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1302CA528856FCA45A057CB5C03647A0\00004109F10090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\130846E115757D840A93D0C4BF9616FE\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1310AF93A24288141B507C85EA5F5178\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1335F13AAC3231B4D85808D5CD7EDF3B]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1049.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\134AF0E36D3731740BAA2394E3186459\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\134E229BC506B0D4A952222FBC973ED0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13510C61E24000C44BF8C1C616763428\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1387CFF31F058FB4295FB45B10C02BE0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\68AB67CA7DA73301B744BA0000000010]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139C3899EB73E6C3DA23B8E687B98618\69A9FA1138D6B3C4D8BC61AEA253E8F3]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13A31C284359A9136A90E7B8EFC2DFBB\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13E140EABD01E24479A1DEA7DE7BAAB0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\13F1C4E86C5568D58AEEB71081CC7B4B]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\InstanceFinderDll.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\148B358EDD7BCBD44AB5F34E33407EB6\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\149CF57DDBD55C74992CBB2C6BC78D2B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14CC04BB64760B74FA3D307954354749\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14CED4315A8458942BCD19A90BC4E884\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14EC194DFFB53D9479377E1E3FF4E99A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\150D18963495BF24AA8C319C92D07E13\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1524E32571B1EAA5594EA8C2E55AED87]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\FB_App.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1564A6A38E5F4D54BA42A07C488F37D0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1566756D462B89342B38CD9DF2F06FFB\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1592903D421EF984081D16C46C565599\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A262C16A8A5CA4EAB2EA990B92EB81\EEDB8CDDCACDD4042875E3D8B4874276]
"MediaCabinet"="WriterLang_RTM_15.4.3555.0308"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15BFC1B525BD45D4EA3E57D87ACDACB2\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16040FEBE5F33884BB39024DEF31054F\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16299A089CE97B44AA99EAC53D92ED2E\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\163A37A918B0CC34FBF0445DEEF17892\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\163DFF2A22607984582CB168367DD866\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\166770774D775334A90AC3270E6104E5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16850785D000E7D48AE5023D4644C421\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16870A9B6A19FBE5E94ED16E3D93ECD0]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\helpsupport.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\168B10A53A744534784014CA4F76C52A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\169308B6ECCB7C9409A57C64330E9103\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\16F382246CD521340BEAB148A990B615\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\173582079347B1D4EA412B874FD0196D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\176D2896D62F0884FABAC8E6F029C317\00004109A10090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\176D2896D62F0884FABAC8E6F029C317\00004109B10090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\178B82A7114E77C408D7D3C45F6B6A8A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\179FE72998B7B4C319AD15ECF0D789A2\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\17BE970C152499B5592A820262FFCA92]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\localize_1030.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\186B756C83A444E4D8C3E5A48ABEE091\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1873793CE314EFC5AB53EA4CE4341239]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\localize_1044.json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18880FC2B0E9C564D9D8B34909F70194\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\188D0F6EC243AB148B57651C03FC30D8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18A448D9E6473B14FB45973E4255DF98\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18CE92CC2CB71D119A12000A9CE1A22A\00004109E60090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\191D55F39EB73F746A6218B4DC1F03B0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A26FFC6A63EA1B438202A3E54892E93\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A42CBAE676B0F44BB6E7D6C85DD00CA\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A4AC87D1B6227A49AFC9BD09F4986A8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A9B5C0D22454AE4CAB3325A036AD011\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AB694BF7F846C8439B134565EEED7EF\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1AF1584B7ACB76244801B7D8AD9A2FE3\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B00FAC196A9BA14C9456F57A411EC99\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B1CE6A9E646B1544A15BC039B124CF5\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B4BA3813BCAF76428E28CF7CE996E99\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1B4E4C47FEC8CDB4B8F2CDA22316472C\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1BCFC533FCD261142A9AF45221417648\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1BD861C97704FC542BFC345D9928E0B0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1BEF2E9B13536084DBE2F1D2C9CCF79B\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C0C1CF940923B3439689C3B48A615C0\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C1C0C16657056D4D83C0A4D1DB4C22A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C3D6B0D30F0B945C95CD8DEE40A5552]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C71C27363C0D8E43A4920DE09BC308B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C9D186D2C2896340BE7971B2BDCE362\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CA21D459EDDCA147A28C0799C3B8515\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CB2A1274B81BAD49B8DCB03C917C919\000041091A0090400000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CBD25F769E7D8948A10C5AD91602D38\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CCB624AB647FAA42B5998DBDAAA457D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CED03DD7DA4C214AAE2B2E3EB7B9CC9\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1CF7297C2C5C60E4E9E96267E646DD5C\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D0CE8A34B440FC48BFE9C2D18F447DC\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D37F115DF23CF24B8D1A5CB5B961334\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D6637518D543DB4CA25FB4EA51331BA\F3CC0CBE1A7B8CF40841C4B7DF93528E]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D6D942287155543986F9D6AA8A889D8\1926E8D15D0BCE53481466615F760A7F]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D745716284BA8544A23CD20B2DED4AD\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1D78CB0019EFD4A33A0ABCFAA2C03AB4\1926E8D15D0BCE53481466615F760A7F]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA7B277EF60A314F8EFC562AACA4D9A\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DE367BFC9274845B9091D036EC0654F]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HP Officejet Pro 8600.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DE7F110AFAA90C49809BCC45C22CCB7\68AB67CA7DA73301B744BA0000000010]
"MediaCabinet"="PCW_CAB_RDR11006"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E091525355A1334E9AF10E614F91934\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E2E6E2E32776104D92A21DF78DCD43B\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E5170B555D5CCD47A87269FEA80528D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E763A1CA05A0CB45BFD5349C24B1385\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E76A1D21655E65488AD883D58C1ED21\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E89579F121CBF742BCED8DDCE579222\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E91C6AC7C048C54F95DA231A6A79510\00004109A20000000100000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EAD673D362000440B58ADFC801BB031]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1032.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EBA79DF18722524689A9468538CD9E3\00004109510090400000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EBA79DF18722524689A9468538CD9E3\00004109610090400000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1EFF771EE224EFE4BBF9514BC261F442\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F16F47424372D111A99000A9CA05BF0\2FCC6D4EFAA0C9B4D95E98E3CDB9B4AA]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F28B6C52637A8147902163EE3A1F7A6\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F5F2242383A8C54CAE54A7035944E20\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F634A93F525C9D4595E106D280FBF52\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F778157CA4EEF04A8E9FCA6599E082D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F98D64CA3ACC664A95DE2769BECD636\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FA18F7974E099CD0AF18C3B9B1A1EE8\00004109D30000000000000000F01FEC]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FC84038432ED25479C333AF44F339EF\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FF12270BDF05AF4AB2E0F31533A7227\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FF5F788B1D1BD3499B06B5CA628ADF8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\202918C3CEC639846B81860A3E5E4319\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2070927F677B3E843B2C42733003AE74\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\207DC4AC61E57CD578518F8030AFEC91]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPRewards.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20AC1CE232D27074EB878DF6F2654982\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20DD1BA8EBFD6DA50A32B2D52E61D63A]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\img\search_left.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20DEF9E69E868E542B8F87F09095D766\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20E0E8D6CB2E584428BB84DE99FF06EC\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20E1386C1E149B049B0B621256481D17]
"B846977CE014ABB47BB58551CBFE7ED1"="C:\Program Files (x86)\Safari\Safari.resources\es.lproj\bindict"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2106C044EDD8513409B721254231B173\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\212A75B5AF577884FAE0B927876EBF11\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\212CB99DD1C884945A0F903E05D40FC4\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2168143289C7B204EAC64F97D787D2B1\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\217F1D25E987F404A8B5816AA6632DC8\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21A31606A20FC3E4FBFF900C8E6D3775\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21B41DCD782B16A4FB93C7E448906696\00004109D30000000000000000F01FEC]
"MediaCabinet"="PATCH_CAB"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\21BA1B1A0AE18F659B4D2390F3394437]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\print_maintenance.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\223C46A0B8854B749A32D1CEA5A9CD6C\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22415EC913DA55151B6EC7B15668B95A]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\hpqhvind.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22619483127B3E04D84D77F370C9FDC5\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2269CD40EC6F0864DBDBFBD2F07508D4\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\226DA3B17793FC64C9FEB1B7FD6DCB11\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\228781980B831E34CB4FF8177CD80BBF]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1035.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\229F7F4E0520E314BB4E0B6A469A47FF\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22A497070BD988246A0970427116E7F6\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22A98F73A8D1FFF43A6CDF168AD7740A]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files (x86)\HP\HP Officejet Pro 8600\Bin\HelpViewer\Resources\1053.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22ADB29655D63AE309B41371AFB2D2E9\1D5E3C0FEDA1E123187686FED06E995A]
"MediaCabinet"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22BFBCA0906448847B7662084C331E8D\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22C945A13C29FE84F9611BC1E277DA43\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\22CD92C0A54966754A1FF72DEF4C8761]
"2E60A197F0430B34F8BA261D15333926"="C:\Program Files\HP\HP Officejet Pro 8600\Bin\UDC_Files\TaskImg\hp_total_care.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23416AD6D9D2CF146A1DD932F77AA246\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23621FAA3509CA1438F041767EA2F011\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2383250A04C20A840A1DD48160F4F534\D7314F9862C648A4DB8BE2A5B47BE100]
"MediaCabinet"="PCW_CAB_Silver"


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

I haven't even posted a quarter of this log, and look how much data it has! The total file is almost 11 MB of text! Should I run another scan with narrower parameters? 

I'm willing to keep uploading if it's information that will be helpful, but I'm afraid you'll still be poring over it when Easter arrives!

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Yep Cathy, a bad choice of search parameters me thinks. Lets move the problem folder with Zoek, see if that helps....

Before running Zoek make sure all Browsers are closed and Security is turned OFF. Check at the following link: http://www.bleepingcomputer.com/for...nti-virus-firewall-and-anti-malware-programs/

Re-run Zoek (accept UAC) The following window will open:










Copy and paste the following script from the code box and paste into the field.


```
C:\Program Files (x86)\Bin;fs
autoclean;
emptyclsid;
```
Select the "Run Script" tab. The following window will open:










Please be patient and do not use the PC when the scan is in progress.

When complete you maybe asked to re-boot your PC, if so please do










Post the produced log in your next reply..


----------



## Squeedlejinks (Feb 27, 2014)

Ok, Kevin, this is a lot more manageable!

Thank you for all your help!

Cathy

Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Cathy on Sun 03/09/2014 at 20:48:51.55.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Cathy\Desktop\zoek.scr [Scan all users] [Script inserted] 
==== Older Logs ======================
C:\zoek-results2014-03-02-234635.log 95443 bytes
C:\zoek-results2014-03-04-020257.log 6718 bytes
C:\zoek-results2014-03-07-005356.log 90802 bytes
C:\zoek-results2014-03-08-014138.log 1004 bytes
==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================
"C:\Program Files (x86)\Bin\UpdateTool\Downloader.Core.dll" deleted
"C:\Program Files (x86)\Bin\UpdateTool\UpdaterToolService.exe" deleted
"C:\Program Files (x86)\Bin" not deleted
"C:\Program Files (x86)\Bin\UpdateTool" not deleted
==== Firefox Extensions ======================
ProfilePath: C:\Users\Cathy\AppData\Roaming\KompoZer\Profiles\xix2vf8b.default
- Undetermined - %ProfilePath%\extensions\installed-extensions.txt
- KompoZer classic - %ProfilePath%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
- ModPlugin - %ProfilePath%\extensions\{31d88f70-c791-42d8-8187-faaf71d42f67}
- NO Google Analytics - %ProfilePath%\extensions\[email protected]
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Tab Mix Plus - %ProfilePath%\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
ProfilePath: C:\Users\Cathy\AppData\Roaming\Mozilla\SeaMonkey\Profiles\xxjyst12.default
- ChatZilla - %ProfilePath%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
- JavaScript Debugger - %ProfilePath%\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Cathy\AppData\Roaming\Mozilla\Firefox\Profiles\h2vlw8be.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
3D3CAF586124C4E8102764C8B3063BB6 - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fegekclkdhbnfdcmomlpegkkndgnmfmo - C:\Program Files (x86)\HP SimplePass\tschrome.crx[07/12/2012 08:35 AM]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{34FA5360-6333-4EC6-95CD-F6E509A5E894}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{34FA5360-6333-4EC6-95CD-F6E509A5E894} Startpage HTTPS Url="https://startpage.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=english"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={sea...startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay Url="http://rover.ebay.com/rover/1/711-154371-11896-2/4"
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cathy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=96 folders=40 35498216 bytes)
==== Empty Temp Folders ======================
C:\Users\Cathy\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Cathy\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Program Files (x86)\Bin" not found
==== EOF on Sun 03/09/2014 at 21:16:47.88 ======================


----------



## kevinf80 (Mar 21, 2006)

Thanks for the update, can you Navigate here: *C:\Program Files (x86)* is the folder named *Bin* actuall gone?

Also give an update on any remaining issues or concerns...


----------



## Squeedlejinks (Feb 27, 2014)

Yes, first thing I checked was to confirm that the Bin folder was really gone, and it is.

Right now, I see no signs of malware. I think it's only a matter of waiting a couple days to see if everything stays clear. I'll cross my fingers!

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Ok Cathy, post back when you`re ready if no remaining issues or concerns we can clean up....

Kevin...


----------



## Squeedlejinks (Feb 27, 2014)

So far, so good. I haven't started using the computer again for anything more than casual browsing, i.e., anything where I need to sign in. It fooled me before on that.

Cathy


----------



## kevinf80 (Mar 21, 2006)

Let me know when you are happy to clean up and remove tools etc...


----------



## Squeedlejinks (Feb 27, 2014)

Hi, Kevin,

I have been obsessively checking everywhere that malware had been showing up -- at least, the places where it was in English instead of strings of numbers -- and there's one thing I noticed tonight that concerns me.

In my Notifications Area settings (what used to be called the tray,) there's an entry for SearchProtect. When I set it to show icon and notifications, it popped up a message saying, "This notification icon is not currently active. It will be shown the next time it becomes active." I'm hoping this is a leftover and not an indication that SearchProtect is hiding somewhere?

Cathy


----------



## kevinf80 (Mar 21, 2006)

Download the attached zip file (Notification area cleaner.zip) and extract to your Desktop. You should now have a batch file named "Notification are cleaner.bat" on your Desktop, it should look like this:









Double click to run the batch file, your Desktop will clear then return. Re-boot and check the Notification area, defunct icons should be cleared....


----------



## Squeedlejinks (Feb 27, 2014)

Hello, Kevin,

Thank you, that removed the icon like it was never there. Looks great!

In other news ...

I honestly didn't think you (me, anyone) could get this computer clean, and I was mentally gearing myself up to wiping it, maybe flashing the BIOS if I could find an update, and reinstalling the OS and all my programs and data from scratch. 

I'm now cautiously optimistic -- this is the first time in a month that no malware has appeared for 3 days in a row. Or is it 4? Woo-hoo! Thank you! Thank you!

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hello Cathy,

If we have finally put this beast to the sword I guess we can clean up....

We need to remove *FRST*, first it is very important to deal with its own Quarantine folder by using *FRST* itself..

OK, we continue:

Delete any *fixlist.txt* file previously used, continue:

Download attached *fixlist.txt* file and save it to the Desktop, or the folder you saved *FRST* into.

NOTE. It's important that both *FRST* and *fixlist.txt* are in the same location or the fix will not work.

Run *FRST* and press the Fix button just once and wait.
The tool will make a log on the Desktop (*Fixlog.txt*). That will confirm the removal action, delete if successful.

Next,

Delete *FRST.exe* from your Desktop or the folder it was saved to, navigate to and delete its folder *C:\FRST*

Also navigate to and delete *C:\zoek_backup folder*

Next,

Uninstall adwcleaner.exe (unless you want to keep it)

 Please close all open programs and internet browsers.
 Double click on adwcleaner.exe to run the tool.
 Click on *Uninstall*
 Click *Yes* at *Would you like to Uninstall Adwcleaner*

Next,

*"Delfix by Xplode"* and save it to your desktop.

*"Delfix link mirror"*

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:


 Activate UAC
 Remove disinfection tools
 Purge System Restore
 Reset system settings

Now click on "*Run*" and wait patiently until the tool has completed.

The tool will create a log when it has completed.

Let me know if any remaining issues or concerns...


----------



## Squeedlejinks (Feb 27, 2014)

Thank you so much for your guidance, Kevin! I know some about computers, but this was out of my depth. My experience at work is that malware that doesn't clean up completely means the computer is reimaged because it takes time and money to have a computer out of commission. It simply isn't worth the effort to clean it up, monetarily.

I have followed these instructions completely. Do you want me to post the Delfix results?

I also have some items left over that I assume I can delete? They are items like scan results, GMER, geek and geek uninstaller, a registry backup, etc.

I hate to say it, but the computer has been lagging in the last few days. For instance, I switch tabs and it takes a couple seconds to switch. Meanwhile, Firefox or IE has (Not Responding) across the top. Both IE and Firefox have crashed a couple times. An Avast! weekly full scan hung for hours on the same picture file.

I see nothing in the Notification Area, Programs and Features, or Task Manager that leads me to believe any malware is present, but still, this is new behavior and I'm suspicious.

Thank you,

Cathy


----------



## kevinf80 (Mar 21, 2006)

Hello Cathy,

Its a shame you still experience problems after all of this work, if you feel we have made no significant progress then I agree and suggest a reimage is probably the best way forward.

If you want to try one last attempt do the following:

Yes delete any remnants from previously used tools such as you mention, GMER etc..

Next,

Download and install CCleaner from here:

http://www.piriform.com/ccleaner/builds

Ensure to select Slim version. (No Toolbar)

Run CCleaner, from the main GUI Select > Cleaner > Run Cleaner > all temp files and caches will be deleted/emptied

Next,

Select > Registry > "Scan for Issues" > with all found entries checked select > "Fix Selected Issues" follow prompts to make back up and remove all entries...

When CCleaner is finished reboot..

Next,

Run Malwarebytes, Open > Settings Tab > Scanner Settings > Under action for *PUP* > Select: Show in Results List and Check for removal.

Please *Update* and run a *Full* scan

Make sure that everything is checked, and click Remove Selected on any found items.

Post the produced log from Malwarebytes, also let me know if any remaining issues or concerns..

Kevin....


----------



## Squeedlejinks (Feb 27, 2014)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.19.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Cathy :: SPRINGTIME [administrator]
3/19/2014 4:52:21 AM
mbam-log-2014-03-19 (04-52-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 222246
Time elapsed: 3 minute(s), 56 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## Squeedlejinks (Feb 27, 2014)

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.19.04
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
Cathy :: SPRINGTIME [administrator]
3/19/2014 4:56:46 AM
mbam-log-2014-03-19 (04-56-46).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 428383
Time elapsed: 49 minute(s), 59 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)


----------



## Squeedlejinks (Feb 27, 2014)

Hi, Kevin,

Sorry to put the logs before the explanation, but I posted them at home before I ran out the door and figured I could add this once I got to work. I'm glad you didn't read them between when I posted and now. 

I deleted the desktop items and then ran CCleaner. It took out a bunch of temp files. It also got rid of over 100 entries in the registry that referred to dll files that were missing. Most of them were referring to the malware scanners I was just using that I'd removed or deleted. Rebooted.

Then I started a full scan of MalwareBytes. It ran ... oh ... 10 or 15 minutes and then the desktop disappeared and dumped me on the Windows 8 start screen. I couldn't get it back from clicking the tile on the Start screen, and when I searched for it, I got nothing and then the display hung, although I could still move the mouse. I left it a while, then tried Ctrl-Alt-Delete. It took a long time, then went dark for a while, then came up with a message:

The sign-in process couldn't display security and sign-in options when Ctrl-Alt-Delete was pressed. If Windows doesn't respond, press Esc, or use the power switch to restart.

I waited a while longer, then tried Esc. Waited another 5 or 10 minutes. Nothing. So I hit the Power button, but failed to hold it down long enough to power down the computer. I think it might have slept, although the button light didn't blink like it should have for sleeping ... not sure. There was no activity, though. Finally, I powered it down completely.

Once it was down a few minutes, I started it back up again. I did not get a message about shutting it down abnormally or anything. There was no MalwareBytes log, though.

I was suspicious that some malware had caused the problem, so I decided to run a quick scan first and see if it swept up anything that I could take care of and then go back for a fuller look. That's the first log above. It found nothing, so then I ran a full scan. It didn't find anything, either.

After rebooting the other day, the computer really picked up speed and went back to normal. Maybe it heard me threatening to reformat it? LOL It's been fine since then, running as good as ever.

Unless you think that abnormal activity and crash are suspicious or see something in the logs that I missed, I think the computer is clean, thank G-d. I kinda doubted it ever would there for a while, as you know. You are a miracle worker, particularly since you're doing this without ever touching my computer! Thank you, thank you, thank you!

Cathy


----------



## kevinf80 (Mar 21, 2006)

Anytime Cathy, if you are satisfied all is now ok hit the Mark Solved tab at the top of the thread to close out....

Take care,

Kevin....


----------

