Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Slow to boot, Firefox Crashing Frequently, OTL Freezes and will not co


  • Please log in to reply

#31
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ok I am able to delete them now. Missed the final step so working them now.
  • 0

Advertisements


#32
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
OK I got them all deleted.

The GoogleUpdateTaskMachineCore.job did not have a registry under the PLAIN tab but all others had one in all 3 locations and each was deleted.
  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
The btwapi.dll is part of Bluetooth software from Broadcom. Don't see it being called in any scans so not sure how to turn it off. You might look at Sony's website and see if they have a download for bluetooth for your PC.

Are you able to go to Task Scheduler's library now that you have removed the tasks? If not

Copy the next 2 lines:

dir C:\Windows\Tasks\*.job > \junk.txt
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule" /s >> \junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window. Attach or copy and paste the file C:\junk.txt.
  • 0

#34
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Still get the error when I open Task Scheduler

Volume in drive C is Vista
Volume Serial Number is 2894-9318

Directory of C:\Windows\Tasks

01/02/2013 01:16 PM 370 ReclaimerUpdateXML_Cherie.job
1 File(s) 370 bytes
0 Dir(s) 15,986,405,376 bytes free

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
CacheCleanupCompleted REG_DWORD 0x1
HashingCompleted REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Aliases
AtServiceAccount REG_MULTI_SZ NT AUTHORITY\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
DataVersion REG_DWORD 0x3
TasksInMemoryQueue REG_DWORD 0x64
TasksPerHighestPrivEngine REG_DWORD 0x64
TasksPerLeastPrivEngine REG_DWORD 0x32
MissedTasksStartupDelay REG_DWORD 0x258

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CredWom
(Default) REG_SZ Completed

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E576951-3A41-43AE-84EA-623F02F80E79}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22D8F25D-E642-4533-A015-DF42E1E7CA33}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24AEC961-850F-4439-ABCC-E9E95905F28D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{382A66B5-81CF-460E-ABF5-76A4281A7D68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{445B8115-F062-4F14-8CF6-71132C02F9A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4BF7EFA7-B12A-40B0-BE22-AB4E64083250}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77367E09-0898-4B2A-A724-5961373F8950}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AE7DB43-4463-4AA1-B081-B686DD130E83}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D14A7BE-839F-471A-AF97-EBC9587648EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0284D75-8800-4DD4-A7F0-C7375D77B57A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0021D08E-CCE0-4EA2-B7D2-2663B8984933}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{093EFEA0-61F1-486D-AD86-9BDC0B021981}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{292F1D1D-A798-4275-8620-72A199E3FD3B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA53AD9-B8FA-4454-B10A-BBB9D7869580}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{563F9E71-B031-464D-ADEB-763521504163}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{56A34393-E764-4730-B136-C58D6D601F68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC0DB27-AB18-46F8-968D-0510176E655F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63A5B73B-0C43-4C7B-8B08-34C8E01A264D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A67064-7531-4E1A-B744-304C7606F7C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75B002DC-1295-4A52-B31E-936AD92CE95F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0BA2EB4-889E-4FC7-9A6F-E700DEB38DA7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF336F90-33F0-441D-9F1B-941AA64D246D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3BF2515-443F-456C-8485-F2B9A9142897}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E59437C6-816A-4941-AE55-EA5B2E449EB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8586F93-216F-42C2-AA11-CFF75BE2FA65}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0021D08E-CCE0-4EA2-B7D2-2663B8984933}
Path REG_SZ \Norton WSC Integration
Hash REG_BINARY 6499E0032A8F6BE3482DCDA1651DF46DF1640CFF5BC30DA66C9C5DB72F17164E
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0021C20148484848ABB4AEF4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E32B01010074006F006E0020005700530043009D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D00270053006500630075007200690074007900430065006E0074006500720027005D00200061006E00640020004500760065006E007400490044003D0031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 0300000019791F26F6A2CD01E1B2E1F1BFE9CD010300078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Path REG_SZ \Microsoft\Windows\Media Center\ehDRMInit
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848BDF77262484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 03B0BB1C706F35641E31120D128126425362C94006071CEB7569F0139F34EA41

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{093EFEA0-61F1-486D-AD86-9BDC0B021981}
Path REG_SZ \Apple\AppleSoftwareUpdate
Hash REG_BINARY E6DF622DB9973CD7320DEA91542D3B6B9004B2127AEC3324DDB819FA77278ED6
Triggers REG_BINARY 15000000000000000104000068ED470200547FB1B6B9CC010004000068ED4702FFFFFFFFFFFFFFFF78A14000484848487E9E9DBC4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000068ED470200547FB1B6B9CC0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001002000000000000001A903010000000000000027000000
DynamicInfo REG_BINARY 03000000B089BFB49CB9CC01E03952A4A3E6CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}
Path REG_SZ \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Triggers REG_BINARY 1500000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF2811C2014848484860E6BF55484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF0F000000FFFFFFFF000000000000000000000000008B827301006F00770073002F003200C8CF3971A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848480000000000000000000000000000000000000000000000008888000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A8273012020203C726567697374727956616C
DynamicInfo REG_BINARY 03000000FB55560F7FFEC6016939F4A2455BC9010000000000000000
Hash REG_BINARY 4E1D1A9AE95603E293AF115AF6E5B29D61F221F28C9D822B72FFA0C1E448FEA7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}
Path REG_SZ \Microsoft\Windows\Windows Error Reporting\QueueReporting
Triggers REG_BINARY 1500000000000000003A8173B8690A0A0000000000000000003A8173B8690A0AFFFFFFFFFFFFFFFF4085400048484848D9CEAE534848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173B8690A0A0000000000000000003A8173B8690A0AFFFFFFFFFFFFFFFF0C030000FFFFFFFF008D2700000000000000000000888273010058003B003B003B005700440029000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601612C2445C2E9CD010000000000000000
Hash REG_BINARY F1E43E301393C048622563D225BA95F64D60A9B1DB8BF2A93E09778A8C693468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}
Path REG_SZ \Microsoft\Windows\MUI\LPRemove
Triggers REG_BINARY 150000000000000001E315020AB52B7400D748295281C8010000000000000000FFFFFFFFFFFFFFFF38214201484848484D47E0EB484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848FFFF00000000000001E315020AB52B7400D748295281C8010000000000000000FFFFFFFFFFFFFFFF84030000907E000000000000000000000000000000E41502010076006500720074004C006F006700DDDD00000000000001E315020AB52B7400D748295281C80100000000000000000000000000000000000000000000000000000000000000000000000000000000907E000000000000000000000000000000011502010000000000000019000000
DynamicInfo REG_BINARY 030000009AD012DA6F80C801B1E630A7C1E9CD010000000000000000
Hash REG_BINARY 03E24259A5CAB73201193232A30DE66932E60B37FCE15162F5E2CF71586B7234

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}
Path REG_SZ \Microsoft\Windows\MobilePC\TMM
Triggers REG_BINARY 1500000000000000003A81733083A4100000000000000000003A81733083A410FFFFFFFFFFFFFFFF4087400048484848DB9FB2EE484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A81733083A4100000000000000000003A81733083A410FFFFFFFFFFFFFFFF02000000FFFFFFFF000000000000000000000000008B827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601E1EA8475C0E9CD010113040000000000
Hash REG_BINARY 73FC71C9E74A8781444B4A2C97C1421B3850250987E60BC02206A5417E931604

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E576951-3A41-43AE-84EA-623F02F80E79}
Path REG_SZ \SONY\VAIO Update\VAIO Update
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF48854001484848487F96AA9B4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000000000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E96B020100730043006F006E0066006C0069000148484848484848
DynamicInfo REG_BINARY 03000000978302E2E627C80181863877C0E9CD010113040000000000
Hash REG_BINARY 6D693E8B1D4380A9FEAB9670BC50AB643A5B38FE2A4DCCDEA2579C757D8F8E0D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24AEC961-850F-4439-ABCC-E9E95905F28D}
Path REG_SZ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0085800148484848CBD654634848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 1534331A3DB8B8514050FB6EF242FDCAA836228E4CE7384D76A133489D104530

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{292F1D1D-A798-4275-8620-72A199E3FD3B}
Path REG_SZ \Adobe online update program
Hash REG_BINARY 11111BDC1CD08E1A7409A0FCC702EA6FFDDEEAD42FD3C0E3011EDFEE054BA3E3
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF78A140004848484830DB80E34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001000200000000000001A603010000000000000027000000
DynamicInfo REG_BINARY 030000005004EAA1D3E6CC01AFD593BD71E7CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict2
Triggers REG_BINARY 150000000000000001D31D000AB5AA7480294E129638C601003A817388711108FFFFFFFFFFFFFFFF38A1400148484848581D84C54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC00000000000001D31D000AB5AA7480294E129638C601003A817388711108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008E8273010075007200720065006E00740056008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390039005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC60100000000000000000000000000000000
Hash REG_BINARY F4957EB476E2848D287F7164E07EA69AE15C4E87B965412F6327C6EF922ACCA1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{382A66B5-81CF-460E-ABF5-76A4281A7D68}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Triggers REG_BINARY 15000000000000000000000000000000000000000000000000000000B8D4E700FFFFFFFFFFFFFFFFF885000048484848937F9E14484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001000000B8D4E70000781825AB03C70100000000000000000000000000000000000000000000000000000000000000000000000000000000100E00000100000001000000000000000001ED0001000000100E000027000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 2CDB7ABD6DF5A627B27D6E6AA6C360AB0C06C3A838A3EDF42D788797B68E35E8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}
Path REG_SZ \Microsoft\Windows\SideShow\SystemDataProviders
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00210200484848486282377A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF1E000000FFFFFFFF00000000000000000000000000EBB501010020005500740069006C00690074000148484848484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF1E000000FFFFFFFF00000000000000000000000000EE290101006F006E004100670065006E0074000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC6010D9E5F8AE573C8018F04078000000000
Hash REG_BINARY 7976938439D70BD27B044FF57F8589D0D0684315CA756EA9F9E0297412C3074A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}
Path REG_SZ \Microsoft\Windows\Shell\CrawlStartPages
Triggers REG_BINARY 1500000000000000003A8173D871620C0000000000000000003A8173D871620CFFFFFFFFFFFFFFFF3021420048484848EBC7C3A6484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C00000048484848100E0000FFFFFFFF80F40300FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848EEEE000000000000003A8173D871620C0000000000000000003A8173D871620CFFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000D21D0001000000000000000000000000000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601D1172546D8E9CD010000000000000000
Hash REG_BINARY FB61EA68890B11161767C7822D85CFF91477F7852614EF9AB390F172D6608024

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}
Path REG_SZ \Microsoft\Windows\WDI\ResolutionHost
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000000085C00148484848227178E2484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848
DynamicInfo REG_BINARY 030000000000000000000000E17ED640C4E6CD012B04078000000000
Hash REG_BINARY FD03A51788E0AD34E943ACFCF54AD73A26BF1C3E8D2B5836DCF4831F28D16D35

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA53AD9-B8FA-4454-B10A-BBB9D7869580}
Path REG_SZ \{6277BBC7-0687-4823-A4F1-863F60EFA2E2}
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF38214100484848487758ACC4484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848482400000048484848460075006E005F00430065006E007400650072005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E9CB02010048006F0073007400000020003C00
DynamicInfo REG_BINARY 030000003037DD53EA84C901405EDD53EA84C9010000000000000000
Hash REG_BINARY 2A1E6961AE510E698E4B191D0E85122833F5D8D1F390C0E6E660AEEFAB816617

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{445B8115-F062-4F14-8CF6-71132C02F9A7}
Path REG_SZ \VAIO Service Utility
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF68A1400148484848B0B9E4874848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002002000000000000484848482C0000004848484858020000100E000080F40300000000000700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001E86B020AB59973009898F6DED5C70101E86B020AB599730098BF73586BC901000000000000000000000000000000000000000000000000FFFFFFFF02000000010002000000000000016B02010000000000000027000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E96B020100730043006F006E0066006C0069000148484848484848
DynamicInfo REG_BINARY 0300000077D9D6C8E627C801B13CD274C0E9CD010000000000000000
Hash REG_BINARY 7B37A2B8443E2ECCE2DE778DB24AE8D9EE870B3EE3071BF0385C400A60E2E143

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}
Path REG_SZ \Microsoft\Windows\RAC\RACAgent
Triggers REG_BINARY 1500000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF0021C20048484848947A7980484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848480000000048484848FFFF000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF84030000FFFFFFFF100E0000000000000000000000888273010000000000000000000000000000008888000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF100E0000FFFFFFFF100E000000000000000000000088827301000000000000000000000000000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC60121624030E3E9CD010000000000000000
Hash REG_BINARY CAEA2CD6647DAC834D041D0EC1A19A6CB7E3737C0C5790AB103195851CD54986

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}
Path REG_SZ \Microsoft\Windows\MobilePC\HotStart
Triggers REG_BINARY 1500000000000000003A8173C8080E0F0000000000000000003A8173C8080E0FFFFFFFFFFFFFFFFF4085400048484848E4C941FC484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C8080E0F0000000000000000003A8173C8080E0FFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601A1976375C0E9CD010000000000000000
Hash REG_BINARY B1F2AA490305894BF294311E67D445A11F2F6CC2D32F4D809D60180A102424F7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BF7EFA7-B12A-40B0-BE22-AB4E64083250}
Path REG_SZ \RNUpgradeHelperLogonPrompt_Cherie
Hash REG_BINARY 7825733B1FA1BFE447665F4F6415326424536BF8DBEE7D4F9C7FAA77230B7C09
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00216100484848486F0D74CB484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E000080F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E96103010072006F0063006500730073006F000148484848484848
DynamicInfo REG_BINARY 03000000C039FA67AEDFCD01415C3774C0E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}
Path REG_SZ \Microsoft\Windows\Bluetooth\UninstallDeviceTask
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000001005420048484848E2A91A23484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000000000000000000000E74B88CFDE27C8010000000000000000
Hash REG_BINARY F05995CD0C376EC2A9A295259B32C4774B49ABFCFF49F9F732BD9A31C3452993

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}
Path REG_SZ \Microsoft\Windows\Wired\GatherWiredInfo
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E68073000000000000000000854001484848489C5812604848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848
Hash REG_BINARY 5589567BE1AB168A7807442E4763AE796B1541CFE519EEFC9A0D55D65F54C8C6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{563F9E71-B031-464D-ADEB-763521504163}
Path REG_SZ \RealCreateProcessScheduledTask474599018S-1-5-21-2337267849-1452406365-3508456928-1000
Hash REG_BINARY 2362A40F86866230F1C3EADBD943B533A9D80390DC59EF93AA8EC71AF2CF4786
Triggers REG_BINARY 150000000000000001040000E8A3230200000000000000000000000000000000FFFFFFFFFFFFFFFF3821410048484848A92D25E5484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E000080F40300FFFFFFFF0400000000000000000000000000000000000000000000000000000048484848888800000000000001040000E8A3230200000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E7B3020100380035003800390031007D000000
DynamicInfo REG_BINARY 03000000F01855E22971CD01709E5EE22971CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{56A34393-E764-4730-B136-C58D6D601F68}
Path REG_SZ \RealUpgradeScheduledTaskS-1-5-21-2337267849-1452406365-3508456928-1000
Hash REG_BINARY 0E1026620186621AFBE184E214865EA3901AA15B052D7D039B95058764D125AF
Triggers REG_BINARY 150000000000000001040000D808230200D04B98FFE0CD0100040000D8082302FFFFFFFFFFFFFFFF38214100484848481409B644484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001040000D808230200D04B98FFE0CD0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF01000000070000000000000000010E03010000000000000027000000
DynamicInfo REG_BINARY 03000000E0788BE331E1CD013C4BCB0BB2E6CD01DD04078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}
Path REG_SZ \Microsoft\Windows\Media Center\OCURDiscovery
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848FA8981F4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 8E93F7001C1116402BDBD65B6E092681D93F9E7899759A0C238583C9CF199115

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}
Path REG_SZ \Microsoft\Windows\Media Center\OCURActivate
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E68073000000000000000000214200484848485178B7EF484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 9A2B85472C0B137789D7C5F5EB2D866023C4A1619AF5960C15D9DFB28CC26940

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC0DB27-AB18-46F8-968D-0510176E655F}
Path REG_SZ \Microsoft\Windows\Tcpip\WSHReset
Hash REG_BINARY 8020FABA32CAFC6297649E0C0F1FC58B0979C5E4F6A77A40E40969B5D3997BF2
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0020C200484848484446E5D9484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000051300000048484848000000004848484800000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E4D70001000A00200020002000200020002000
DynamicInfo REG_BINARY 0300000091C22ED9B2E6CD01D113AEFAB2E6CD010100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63A5B73B-0C43-4C7B-8B08-34C8E01A264D}
Path REG_SZ \Microsoft\Windows\Defrag\ManualDefrag
Triggers REG_BINARY 150000000000000000E6A20258963A73FFFFFFFFFFFFFFFF00E6A20258963A7300000000000000007821420148484848834B2E7A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
DynamicInfo REG_BINARY 030000000000000000000000F0292191D7C8CD010000000000000000
Hash REG_BINARY 8578C409BECCC7C713C6EAFC37CD5BB924720B4FE82745FDC3588F12EC493D12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}
Path REG_SZ \Microsoft\Windows\SideShow\GadgetManager
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF0091400048484848533D3C394848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827300000000000000004C4D454D480000000148484848484848
Hash REG_BINARY BCCC71F60BEF402EAFBBBFE6931225F44B077261FA1375CFCF22310939BB0C9A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Triggers REG_BINARY 1500000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF908540004848484857A6E567484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000928273011C18083C1C18080000000000000000010000005000000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301231808F42318080000000000000000020000005000000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301006F006E0042006500680061007600030000007200000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301006D0075006C006100740069006F00040000006F00640001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301007500720065007300000069006F00070000006F00640001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000009282730100740053007500700070006F00720008000000320000000148484848484848
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601A0F70983C15ECD010000000000000000
Hash REG_BINARY 6AB98F83CFC626A2ED328731AD0CB0EA7A52C24D7DA9FE60354B9C71FE3F90BA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A67064-7531-4E1A-B744-304C7606F7C9}
Path REG_SZ \Google Updater and Installer
Hash REG_BINARY 15F5A4EB2A6F60A6ED00EA47DB475D615CB99478CD8391B616E2A36D17FB8A1A
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF782141004848484814891D1A484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010002000000000000016003010000000000000027000000
DynamicInfo REG_BINARY 0300000050491DA2D3E6CC01AFD593BD71E7CD01DD04078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}
Path REG_SZ \Microsoft\Windows\SideShow\SessionAgent
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF0085000048484848738379644848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0F000000FFFFFFFF00000000000000000000000000EBB50101006F006E004100670065006E0074000148484848484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0F000000FFFFFFFF00000000000000000000000000EE290101006F006E004100670065006E0074000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC6018DCC6E81E573C8018F04078000000000
Hash REG_BINARY 4C8B1247B536825863B3955A076FC854FE794F32354C1B4F1E57165D35558B7A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B002DC-1295-4A52-B31E-936AD92CE95F}
Path REG_SZ \ScanSoft Background Update
Hash REG_BINARY EF2564B0F16D4D9D1B7D0B7C4EC319AA11C3C892C9F4F8099C9CBF4D817F994D
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF78A1400048484848346CE7E54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001000200000000000001A603010000000000000027000000
DynamicInfo REG_BINARY 03000000B056B0A1D3E6CC01AFD593BD71E7CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77367E09-0898-4B2A-A724-5961373F8950}
Path REG_SZ \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00854000484848481961F8254848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF03000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E5ED000100690065006E00630065002000490023030000000000003C00510075006500720079004C006900730074003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00510075006500720079002000490064003D002200310022003E000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C0021002D002D002000720065007300740072006900630074006500640020002D002D003E00200020000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E002F004F007000650072006100740069006F006E0061006C0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D002F004500760065006E007400490044003D002700310038002700200061006E0064002000530079007300740065006D002F00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E0027005D00200061006E0064002000550073006500720044006100740061002F002A002F00430075007200720065006E007400490073006F006C006100740069006F006E00530074006100740065004E0075006D0065007200690063003D002700330027005D000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C0021002D002D002000700072006F0062006100740069006F006E0020002D002D003E00200020000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E002F004F007000650072006100740069006F006E0061006C0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D002F004500760065006E007400490044003D002700310038002700200061006E0064002000530079007300740065006D002F00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E0027005D00200061006E0064002000550073006500720044006100740061002F002A002F00430075007200720065006E007400490073006F006C006100740069006F006E00530074006100740065004E0075006D0065007200690063003D002700320027005D000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A002000200020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000004B413E25898CC901E1F24D77C0E9CD010613040000000000
Hash REG_BINARY 6D8E6AD7FFDBD0DD04CCEBA5461CEE4185CD0E4110525BDA5BA72DDFD1D4C4F6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}
Path REG_SZ \Microsoft\Windows\Multimedia\SystemSoundsService
Triggers REG_BINARY 1500000000000000003A8173C8680A0A0000000000000000003A8173C8680A0AFFFFFFFFFFFFFFFF0085400048484848A2329E2C4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C8680A0A0000000000000000003A8173C8680A0AFFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000D51D0001000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601817E6F75C0E9CD010113040000000000
Hash REG_BINARY E8C52245D9FAC6434FB7CE1E79A896390B6697B733C945C36837D32E64777287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask
Triggers REG_BINARY 1500000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFFC085400048484848FFE1043D484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848488888000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A82730100000000000000E40B000000000000AAAA000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF807000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC60141417475C0E9CD010113040000000000
Hash REG_BINARY 7AE6E170F2942252E7EE1ADE947C597862AE77C01B41845BCA21E1F339377E7E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\SystemTask
Triggers REG_BINARY 1500000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFFC005420048484848FA4BEB02484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848488888000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301005000540000006E00730000000000FFFF000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF0A000000FFFFFFFF807000000000000000000000008A82730100000043006F0075006E0074000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601115569BBBFE9CD010113040000000000
Hash REG_BINARY 1B59F1150BD5015145F6136D7456F78F68AA12987EAA452FF2D0432B0A8EA8A5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}
Path REG_SZ \Microsoft\Windows\Media Center\mcupdate
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000006005420048484848D0ACBAC1484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848480000000048484848
Hash REG_BINARY 65546C66346A86C62602CB87F3DE8C4A6CE4467C92F7890CF11758883493F919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Triggers REG_BINARY 1500000000000000012F640D00E2280200C05B5DC3D0C301002F640D00E22802FFFFFFFFFFFFFFFF4821420048484848A4700D82484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000012F640D00E2280200C05B5DC3D0C3010000000000000000000000000000000000000000000000000000000000000000300B010000000000FFFFFFFF00000000000000000000000000006003010000000000000019000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601D0EDE12E59E6CC010111008000000000
Hash REG_BINARY 9885502AAA82CEAD395CA4ED57D61753BB64298CE47175B7BCA74A47864CBE2A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}
Path REG_SZ \Microsoft\Windows\Defrag\ScheduledDefrag
Triggers REG_BINARY 150000000000000001D03F0D284802020030F7DA3D87CD0100D03F0D28480202FFFFFFFFFFFFFFFF7E21020148484848CD6C3110484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C00000048484848B40000008033E10180F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D03F0D284802020030F7DA3D87CD0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010008000000000000019D03010000000000000027000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC6012D94E028E227C8012513040000000000
Hash REG_BINARY 3FD581C2E57C4033D9F8A57CF6755C599B86D03F3D9CD45A14E7B52982256ECC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}
Path REG_SZ \Scheduled Update for Ask Toolbar
Hash REG_BINARY BF839A9032962110907DF08725B2D02CA245BFCB6B312A8B8EA31DB6F6C29537
Triggers REG_BINARY 1500000000000000015B3A041008510100DA62A0A7E7CD01010851011008510100BE06F43A56E1013821410148484848B5D2EEED484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000015B3A041008510100DA62A0A7E7CD01010851011008510100BE06F43A56E101000000000000000000000000000000002C01000080510100FFFFFFFF01000000010000000000000000011C02010000000000000027000000
DynamicInfo REG_BINARY 03000000BEE8F8AAA7E7CD01E1C1FEB0E3E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE7DB43-4463-4AA1-B081-B686DD130E83}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFF88540004848484817991E01484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000E5ED000000730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 99F255B7EAB58358E04FB86BD1245D3CBD8108DD8143C61234072E3169B0379F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D14A7BE-839F-471A-AF97-EBC9587648EA}
Path REG_SZ \SONY\WSSU\WSSU
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF488540014848484830AAE7404848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000000000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E82B01010065003A00530065007200760069000148484848484848
DynamicInfo REG_BINARY 03000000FDB64FE2E973C80101175577C0E9CD010113040000000000
Hash REG_BINARY 53012B08475315025E9F34AA97955F9FF8FF1A59BFA40F73E9E48542F19EDAE5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0284D75-8800-4DD4-A7F0-C7375D77B57A}
Path REG_SZ \avast! Emergency Update
Hash REG_BINARY BEAB1CEDE46B377AE3B0E268F115A9B6B7DB908BE3C4055820F890B39E5023A1
Triggers REG_BINARY 15000000000000000030F50768578D028000922258E9CD010030F50768578D02FFFFFFFFFFFFFFFF3821C20048484848121F70FC484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848DDDD0000000000000030F50768578D028000922258E9CD010000000000000000000000000000000000000000000000000000000000000000C0A8000080510100FFFFFFFF01000000010000000000000000016A03010000000000000027000000AAAA0000000000000081831F68578D028000922258E9CD010000000000000000FFFFFFFFFFFFFFFF78000000FFFFFFFF00000000000000000000000000E66A0301006900630065004100700069002E000148484848484848
DynamicInfo REG_BINARY 03000000C93E908FF3E8CD01B1EDC0BBC0E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0BA2EB4-889E-4FC7-9A6F-E700DEB38DA7}
Path REG_SZ \RNUpgradeHelperResumePrompt_Cherie
Hash REG_BINARY 994F19DE1E73FCB27495944DC98B68FA55A5F5A1EF08E593465D1EABA84F47FC
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF082141004848484871B73CCA484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E000080F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E3C20201002D0039003600300032002D003500AB000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D0050006F007700650072002D00540072006F00750062006C006500730068006F006F0074006500720027005D00200061006E00640020004500760065006E007400490044003D0031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 0300000070F7936AAEDFCD0100000000000000000000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}
Path REG_SZ \Microsoft\Windows\SystemRestore\SR
Triggers REG_BINARY 1500000000000000003A8173D0690E0F000000000000000000D11D000AB5AA74FFFFFFFFFFFFFFFF522142004848484881E66A02484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C00000048484848580200008033E10180F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D11D000AB5AA740080E1017470C50100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001590A0100000000000000E0D21D00FFFF000000000000003A8173D0690E0F0000000000000000003A8173D0690E0FFFFFFFFFFFFFFFFF08070000FFFFFFFF000000000000000000000000008A827301000000FFFFFFFF0600000007000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601F163B64AD1E9CD010000000000000000
Hash REG_BINARY 9AF79112528B52600BA69033396D42217B61F06CB73C7FDD403BDDA61EF1BC52

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF48A140004848484863FB2F534848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002002000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF58020000FFFFFFFF00000000000000000000000000EA600300002E006500780065002C002D0031000148484848484848
DynamicInfo REG_BINARY 03000000FB55560F7FFEC6019297595ACAE4CC010000000000000000
Hash REG_BINARY B498F3BC63C735A64FAB1094FF9433D5B156E168C1B34D4FDF56F2D68C8CD4F3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF336F90-33F0-441D-9F1B-941AA64D246D}
Path REG_SZ \{80DCF3C4-5E9E-41D2-A8CC-C1C2FDD85891}
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF38214100484848488255E4D6484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848482400000048484848460075006E005F00430065006E007400650072005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E8F902010048006F0073007400000000000000
DynamicInfo REG_BINARY 030000008096935404B3CA0190BD935404B3CA010000000000000000
Hash REG_BINARY 7318B40C381DF54327D8F8E426D86B43B8D68FEDBD15E1AB697664835C76974C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}
Path REG_SZ \Microsoft\Windows\Media Center\UpdateRecordPath
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848F339BDC1484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 8464C23775EDCE8970C1B0E87A376008217DD618CE0E182B2CA495E63D7FBA7A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}
Path REG_SZ \Microsoft\Windows\SideShow\AutoWake
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00210200484848486101296A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000008B827301000000000000004C4D454D480000000148484848484848
Hash REG_BINARY 971FE3C0D3316333530CF59CCA82A1DEB58568AC1D49056394AC778131BB5E4A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}
Path REG_SZ \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Triggers REG_BINARY 1500000000000000003A8173306A0A0A0000000000000000003A8173306A0A0AFFFFFFFFFFFFFFFF0085C00048484848AC49C9D54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173306A0A0A0000000000000000003A8173306A0A0AFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000FB55560F7FFEC60101047975C0E9CD010113040000000000
Hash REG_BINARY D1A96C5A02025DCC66E7CB38BBDE768E15B8DFB54AB1D8E79DEA7E6E0CCDF2DF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BF2515-443F-456C-8485-F2B9A9142897}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2337267849-1452406365-3508456928-1000
Hash REG_BINARY 88A33A13B63A34D6EC5BB9A25D1A6B2E678D7FAB7BB366254BCE91C3AA354924
Triggers REG_BINARY 150000000000000001FD79156867910100A0ABD56D4CC80101679101686791010080D8FCAD84D001D221C100484848485BE60E05484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001FD79156867910100A0ABD56D4CC80101679101686791010080D8FCAD84D001000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001090101000000100E000027000000
DynamicInfo REG_BINARY 03000000784CB4E075E7CD0121FC7C7CE3E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}
Path REG_SZ \Microsoft\Windows\Wireless\GatherWirelessInfo
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000085400148484848C03091C34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848
Hash REG_BINARY 4020AA015560A7F9A0EE8FA4A0BFA77191FCEF8DB03C05FE3B8993A584F9FAD8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59437C6-816A-4941-AE55-EA5B2E449EB7}
Path REG_SZ \User_Feed_Synchronization-{FE9BFD1C-B6B7-4535-9A5B-B532EEFE9733}
Hash REG_BINARY 5C06AF850BA6DAC6EF440D5C8BA3E640192B895C1350A3877A01C425779B35D0
Triggers REG_BINARY 150000000000000000040000D80E2E02803C5A9AE5E9CD01000E2E02D80E2E02803CF1A6A61FD901C821C100484848483E46E6D5484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000040000D80E2E02803C5A9AE5E9CD01000E2E02D80E2E02803CF1A6A61FD901000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001B803010000000000000027000000
DynamicInfo REG_BINARY 03000000489AA26576E7CD01717C9D7CE3E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}
Path REG_SZ \Microsoft\Windows\UPnP\UPnPHostConfig
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000001021420048484848D13F5283484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY D9CD3D0C615501058A11A3DF41188C1F8AAACBB3AA2979BB6EF10907E7748875

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8586F93-216F-42C2-AA11-CFF75BE2FA65}
Path REG_SZ \CCleanerSkipUAC
Hash REG_BINARY F2DD9D2103E586FEB373B6A51A18B59A249DAB7FB724BB47E6728C528B11047F
Triggers REG_BINARY 150000000000000000F6200399BC4E74FFFFFFFFFFFFFFFF00F6200399BC4E74000000000000000008054101484848487B12696148484848004848484848484800484848484848480300000048484848180000004848484801040000000000051500000089E04F8B5DF69156E0CD1ED114000000484848484300480045005200490045005C000000A0BC0000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict1
Triggers REG_BINARY 1500000000000000003A8173107111080000000000000000003A817310711108FFFFFFFFFFFFFFFF38A1400148484848075A2FC34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000003A8173107111080000000000000000003A817310711108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008E8273010045005400550050002E00450076008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390038005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000002685700F7FFEC60100000000000000000000000000000000
Hash REG_BINARY 1D14988B744D688596184E4E0C1CEBA5434DA67341FEB85EBB2ACAA129CB94BC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe online update program
Id REG_SZ {292F1D1D-A798-4275-8620-72A199E3FD3B}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate
Id REG_SZ {093EFEA0-61F1-486D-AD86-9BDC0B021981}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update
Id REG_SZ {A0284D75-8800-4DD4-A7F0-C7375D77B57A}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC
Id REG_SZ {F8586F93-216F-42C2-AA11-CFF75BE2FA65}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Updater and Installer
Id REG_SZ {71A67064-7531-4E1A-B744-304C7606F7C9}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Id REG_SZ {382A66B5-81CF-460E-ABF5-76A4281A7D68}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Id REG_SZ {9AE7DB43-4463-4AA1-B081-B686DD130E83}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask
Id REG_SZ {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask
Id REG_SZ {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask
Id REG_SZ {792493DE-3878-4323-B44D-F6F0C3562126}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Id REG_SZ {6C041448-C69A-4D8B-A774-4F3948997407}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Id REG_SZ {89194558-47E7-4A9E-B507-6C91CE4E6504}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
Id REG_SZ {A61555D3-7840-45C1-A5A9-0D49851DE37A}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag
Id REG_SZ {63A5B73B-0C43-4C7B-8B08-34C8E01A264D}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag
Id REG_SZ {99B9521C-F109-4B7B-BDDF-99CF656525E0}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Id REG_SZ {24AEC961-850F-4439-ABCC-E9E95905F28D}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit
Id REG_SZ {04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate
Id REG_SZ {858BD5FB-61C3-4D83-8392-B9855BE4DF1D}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate
Id REG_SZ {5936C79A-731F-4716-BE59-35B58194ECE5}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery
Id REG_SZ {57030356-4699-4E1F-9939-F9D4460CD4DA}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath
Id REG_SZ {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart
Id REG_SZ {48909068-64F9-4B29-8C14-6957F35923C3}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM
Id REG_SZ {1CC81347-6204-4B83-900C-01E02F50F067}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove
Id REG_SZ {1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService
Id REG_SZ {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Id REG_SZ {77367E09-0898-4B2A-A724-5961373F8950}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent
Id REG_SZ {44980BEE-7809-44A9-AC24-D6E578A3B7DF}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Id REG_SZ {0C3AF200-FADC-49E5-880E-DEE192C8B79A}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RestartManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages
Id REG_SZ {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake
Id REG_SZ {C6CBFEC8-EF47-4B48-9718-3A4170F99600}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager
Id REG_SZ {6B91DF4F-7E1F-4AE8-820A-2FB331567D67}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent
Id REG_SZ {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders
Id REG_SZ {3BB5D87B-C851-4325-97B6-95E4EA1CBC61}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR
Id REG_SZ {A1868F64-ED08-49A9-9F86-F62ED855AFFD}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1
Id REG_SZ {F8D6E476-24FE-4649-A4D7-985706B29128}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2
Id REG_SZ {2FDBDC47-7148-49DB-9D32-32E6A003C996}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset
Id REG_SZ {5FC0DB27-AB18-46F8-968D-0510176E655F}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Id REG_SZ {DCF8CA49-10FE-40EA-A5B8-504B864BC698}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig
Id REG_SZ {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost
Id REG_SZ {3CD7BF6C-F120-476E-AF84-851D43BDDEEE}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting
Id REG_SZ {11893D5E-54A0-4C6B-AB0D-D9FA527334A9}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo
Id REG_SZ {561375CB-FF5A-417B-B297-BA73DE149581}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo
Id REG_SZ {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration
Id REG_SZ {0021D08E-CCE0-4EA2-B7D2-2663B8984933}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealCreateProcessScheduledTask474599018S-1-5-21-2337267849-1452406365-3508456928-1000
Id REG_SZ {563F9E71-B031-464D-ADEB-763521504163}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealUpgradeScheduledTaskS-1-5-21-2337267849-1452406365-3508456928-1000
Id REG_SZ {56A34393-E764-4730-B136-C58D6D601F68}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNUpgradeHelperLogonPrompt_Cherie
Id REG_SZ {4BF7EFA7-B12A-40B0-BE22-AB4E64083250}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RNUpgradeHelperResumePrompt_Cherie
Id REG_SZ {A0BA2EB4-889E-4FC7-9A6F-E700DEB38DA7}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScanSoft Background Update
Id REG_SZ {75B002DC-1295-4A52-B31E-936AD92CE95F}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Id REG_SZ {9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\VAIO Update

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\VAIO Update\VAIO Update
Id REG_SZ {1E576951-3A41-43AE-84EA-623F02F80E79}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\WSSU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\WSSU\WSSU
Id REG_SZ {9D14A7BE-839F-471A-AF97-EBC9587648EA}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{FE9BFD1C-B6B7-4535-9A5B-B532EEFE9733}
Id REG_SZ {E59437C6-816A-4941-AE55-EA5B2E449EB7}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VAIO Service Utility
Id REG_SZ {445B8115-F062-4F14-8CF6-71132C02F9A7}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2337267849-1452406365-3508456928-1000
Id REG_SZ {E3BF2515-443F-456C-8485-F2B9A9142897}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6277BBC7-0687-4823-A4F1-863F60EFA2E2}
Id REG_SZ {3FA53AD9-B8FA-4454-B10A-BBB9D7869580}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{80DCF3C4-5E9E-41D2-A8CC-C1C2FDD85891}
Id REG_SZ {AF336F90-33F0-441D-9F1B-941AA64D246D}
Index REG_DWORD 0x3
  • 0

#35
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
C:\Windows\Tasks\ReclaimerUpdateXML_Cherie.job is back or never got removed. Uninstall Real Player. I think that's what is doing it. Then delete the file if it is still there.

Reboot and see if the file stays gone then check the task scheduler again.
  • 0

#36
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Real player uninstalled, rebooted.
I don't see it anymore but I still get the error on the task scheduler.

I reran the Junk file

Volume in drive C is Vista
Volume Serial Number is 2894-9318

Directory of C:\Windows\Tasks


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule
CacheCleanupCompleted REG_DWORD 0x1
HashingCompleted REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Aliases
AtServiceAccount REG_MULTI_SZ NT AUTHORITY\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CompatibilityAdapter\Signatures

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Configuration
DataVersion REG_DWORD 0x3
TasksInMemoryQueue REG_DWORD 0x64
TasksPerHighestPrivEngine REG_DWORD 0x64
TasksPerLeastPrivEngine REG_DWORD 0x32
MissedTasksStartupDelay REG_DWORD 0x258

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\CredWom
(Default) REG_SZ Completed

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handlers

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\Handshake

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1CC81347-6204-4B83-900C-01E02F50F067}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1E576951-3A41-43AE-84EA-623F02F80E79}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22D8F25D-E642-4533-A015-DF42E1E7CA33}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24AEC961-850F-4439-ABCC-E9E95905F28D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{382A66B5-81CF-460E-ABF5-76A4281A7D68}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{445B8115-F062-4F14-8CF6-71132C02F9A7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48909068-64F9-4B29-8C14-6957F35923C3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77367E09-0898-4B2A-A724-5961373F8950}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{792493DE-3878-4323-B44D-F6F0C3562126}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AE7DB43-4463-4AA1-B081-B686DD130E83}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D14A7BE-839F-471A-AF97-EBC9587648EA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0284D75-8800-4DD4-A7F0-C7375D77B57A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A61555D3-7840-45C1-A5A9-0D49851DE37A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0021D08E-CCE0-4EA2-B7D2-2663B8984933}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{093EFEA0-61F1-486D-AD86-9BDC0B021981}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{292F1D1D-A798-4275-8620-72A199E3FD3B}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FDBDC47-7148-49DB-9D32-32E6A003C996}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FA53AD9-B8FA-4454-B10A-BBB9D7869580}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{561375CB-FF5A-417B-B297-BA73DE149581}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{563F9E71-B031-464D-ADEB-763521504163}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57030356-4699-4E1F-9939-F9D4460CD4DA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5936C79A-731F-4716-BE59-35B58194ECE5}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FC0DB27-AB18-46F8-968D-0510176E655F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{63A5B73B-0C43-4C7B-8B08-34C8E01A264D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6C041448-C69A-4D8B-A774-4F3948997407}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71A67064-7531-4E1A-B744-304C7606F7C9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75B002DC-1295-4A52-B31E-936AD92CE95F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89194558-47E7-4A9E-B507-6C91CE4E6504}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{99B9521C-F109-4B7B-BDDF-99CF656525E0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AF336F90-33F0-441D-9F1B-941AA64D246D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3BF2515-443F-456C-8485-F2B9A9142897}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E59437C6-816A-4941-AE55-EA5B2E449EB7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8586F93-216F-42C2-AA11-CFF75BE2FA65}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8D6E476-24FE-4649-A4D7-985706B29128}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0021D08E-CCE0-4EA2-B7D2-2663B8984933}
Path REG_SZ \Norton WSC Integration
Hash REG_BINARY 6499E0032A8F6BE3482DCDA1651DF46DF1640CFF5BC30DA66C9C5DB72F17164E
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0021C20148484848ABB4AEF4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E32B01010074006F006E0020005700530043009D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D00270053006500630075007200690074007900430065006E0074006500720027005D00200061006E00640020004500760065006E007400490044003D0031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 0300000019791F26F6A2CD013A6F24EFE7E9CD010300078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Path REG_SZ \Microsoft\Windows\Media Center\ehDRMInit
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848BDF77262484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 03B0BB1C706F35641E31120D128126425362C94006071CEB7569F0139F34EA41

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{093EFEA0-61F1-486D-AD86-9BDC0B021981}
Path REG_SZ \Apple\AppleSoftwareUpdate
Hash REG_BINARY E6DF622DB9973CD7320DEA91542D3B6B9004B2127AEC3324DDB819FA77278ED6
Triggers REG_BINARY 15000000000000000104000068ED470200547FB1B6B9CC010004000068ED4702FFFFFFFFFFFFFFFF78A14000484848487E9E9DBC4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000068ED470200547FB1B6B9CC0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001002000000000000001A903010000000000000027000000
DynamicInfo REG_BINARY 03000000B089BFB49CB9CC01E03952A4A3E6CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C3AF200-FADC-49E5-880E-DEE192C8B79A}
Path REG_SZ \Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Triggers REG_BINARY 1500000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF2811C2014848484860E6BF55484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF0F000000FFFFFFFF000000000000000000000000008B827301006F00770073002F003200C8CF3971A5000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D00470072006F007500700050006F006C0069006300790027005D00200061006E00640020004500760065006E007400490044003D0031003500300032005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E000000484848480000000000000000000000000000000000000000000000008888000000000000003A817360B601110000000000000000003A817360B60111FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A8273012020203C726567697374727956616C
DynamicInfo REG_BINARY 03000000FB55560F7FFEC6016939F4A2455BC9010000000000000000
Hash REG_BINARY 4E1D1A9AE95603E293AF115AF6E5B29D61F221F28C9D822B72FFA0C1E448FEA7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11893D5E-54A0-4C6B-AB0D-D9FA527334A9}
Path REG_SZ \Microsoft\Windows\Windows Error Reporting\QueueReporting
Triggers REG_BINARY 1500000000000000003A8173B8690A0A0000000000000000003A8173B8690A0AFFFFFFFFFFFFFFFF4085400048484848D9CEAE534848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0500000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173B8690A0A0000000000000000003A8173B8690A0AFFFFFFFFFFFFFFFF0C030000FFFFFFFF008D2700000000000000000000888273010058003B003B003B005700440029000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601612C2445C2E9CD010000000000000000
Hash REG_BINARY F1E43E301393C048622563D225BA95F64D60A9B1DB8BF2A93E09778A8C693468

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}
Path REG_SZ \Microsoft\Windows\MUI\LPRemove
Triggers REG_BINARY 150000000000000001E315020AB52B7400D748295281C8010000000000000000FFFFFFFFFFFFFFFF38214201484848484D47E0EB484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848FFFF00000000000001E315020AB52B7400D748295281C8010000000000000000FFFFFFFFFFFFFFFF84030000907E000000000000000000000000000000E41502010076006500720074004C006F006700DDDD00000000000001E315020AB52B7400D748295281C80100000000000000000000000000000000000000000000000000000000000000000000000000000000907E000000000000000000000000000000011502010000000000000019000000
DynamicInfo REG_BINARY 030000009AD012DA6F80C801B1E630A7C1E9CD010000000000000000
Hash REG_BINARY 03E24259A5CAB73201193232A30DE66932E60B37FCE15162F5E2CF71586B7234

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1CC81347-6204-4B83-900C-01E02F50F067}
Path REG_SZ \Microsoft\Windows\MobilePC\TMM
Triggers REG_BINARY 1500000000000000003A81733083A4100000000000000000003A81733083A410FFFFFFFFFFFFFFFF4087400048484848DB9FB2EE484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A81733083A4100000000000000000003A81733083A410FFFFFFFFFFFFFFFF02000000FFFFFFFF000000000000000000000000008B827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC6011AC55B81E8E9CD010113040000000000
Hash REG_BINARY 73FC71C9E74A8781444B4A2C97C1421B3850250987E60BC02206A5417E931604

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E576951-3A41-43AE-84EA-623F02F80E79}
Path REG_SZ \SONY\VAIO Update\VAIO Update
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF48854001484848487F96AA9B4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000000000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E96B020100730043006F006E0066006C0069000148484848484848
DynamicInfo REG_BINARY 03000000978302E2E627C8011A442683E8E9CD010113040000000000
Hash REG_BINARY 6D693E8B1D4380A9FEAB9670BC50AB643A5B38FE2A4DCCDEA2579C757D8F8E0D

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24AEC961-850F-4439-ABCC-E9E95905F28D}
Path REG_SZ \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0085800148484848CBD654634848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 1534331A3DB8B8514050FB6EF242FDCAA836228E4CE7384D76A133489D104530

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{292F1D1D-A798-4275-8620-72A199E3FD3B}
Path REG_SZ \Adobe online update program
Hash REG_BINARY 11111BDC1CD08E1A7409A0FCC702EA6FFDDEEAD42FD3C0E3011EDFEE054BA3E3
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF78A140004848484830DB80E34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001000200000000000001A603010000000000000027000000
DynamicInfo REG_BINARY 030000005004EAA1D3E6CC01AFD593BD71E7CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FDBDC47-7148-49DB-9D32-32E6A003C996}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict2
Triggers REG_BINARY 150000000000000001D31D000AB5AA7480294E129638C601003A817388711108FFFFFFFFFFFFFFFF38A1400148484848581D84C54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC00000000000001D31D000AB5AA7480294E129638C601003A817388711108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008E8273010075007200720065006E00740056008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390039005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC60100000000000000000000000000000000
Hash REG_BINARY F4957EB476E2848D287F7164E07EA69AE15C4E87B965412F6327C6EF922ACCA1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{382A66B5-81CF-460E-ABF5-76A4281A7D68}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Triggers REG_BINARY 15000000000000000000000000000000000000000000000000000000B8D4E700FFFFFFFFFFFFFFFFF885000048484848937F9E14484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001000000B8D4E70000781825AB03C70100000000000000000000000000000000000000000000000000000000000000000000000000000000100E00000100000001000000000000000001ED0001000000100E000027000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 2CDB7ABD6DF5A627B27D6E6AA6C360AB0C06C3A838A3EDF42D788797B68E35E8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BB5D87B-C851-4325-97B6-95E4EA1CBC61}
Path REG_SZ \Microsoft\Windows\SideShow\SystemDataProviders
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00210200484848486282377A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF1E000000FFFFFFFF00000000000000000000000000EBB501010020005500740069006C00690074000148484848484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF1E000000FFFFFFFF00000000000000000000000000EE290101006F006E004100670065006E0074000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC6010D9E5F8AE573C8018F04078000000000
Hash REG_BINARY 7976938439D70BD27B044FF57F8589D0D0684315CA756EA9F9E0297412C3074A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}
Path REG_SZ \Microsoft\Windows\Shell\CrawlStartPages
Triggers REG_BINARY 1500000000000000003A8173D871620C0000000000000000003A8173D871620CFFFFFFFFFFFFFFFF3021420048484848EBC7C3A6484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C00000048484848100E0000FFFFFFFF80F40300FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848EEEE000000000000003A8173D871620C0000000000000000003A8173D871620CFFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000D21D0001000000000000000000000000000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601D1172546D8E9CD010000000000000000
Hash REG_BINARY FB61EA68890B11161767C7822D85CFF91477F7852614EF9AB390F172D6608024

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CD7BF6C-F120-476E-AF84-851D43BDDEEE}
Path REG_SZ \Microsoft\Windows\WDI\ResolutionHost
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000000085C00148484848227178E2484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848
DynamicInfo REG_BINARY 030000000000000000000000E17ED640C4E6CD012B04078000000000
Hash REG_BINARY FD03A51788E0AD34E943ACFCF54AD73A26BF1C3E8D2B5836DCF4831F28D16D35

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FA53AD9-B8FA-4454-B10A-BBB9D7869580}
Path REG_SZ \{6277BBC7-0687-4823-A4F1-863F60EFA2E2}
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF38214100484848487758ACC4484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848482400000048484848460075006E005F00430065006E007400650072005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E9CB02010048006F0073007400000020003C00
DynamicInfo REG_BINARY 030000003037DD53EA84C901405EDD53EA84C9010000000000000000
Hash REG_BINARY 2A1E6961AE510E698E4B191D0E85122833F5D8D1F390C0E6E660AEEFAB816617

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{445B8115-F062-4F14-8CF6-71132C02F9A7}
Path REG_SZ \VAIO Service Utility
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF68A1400148484848B0B9E4874848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002002000000000000484848482C0000004848484858020000100E000080F40300000000000700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001E86B020AB59973009898F6DED5C70101E86B020AB599730098BF73586BC901000000000000000000000000000000000000000000000000FFFFFFFF02000000010002000000000000016B02010000000000000027000000AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E96B020100730043006F006E0066006C0069000148484848484848
DynamicInfo REG_BINARY 0300000077D9D6C8E627C801B13CD274C0E9CD010000000000000000
Hash REG_BINARY 7B37A2B8443E2ECCE2DE778DB24AE8D9EE870B3EE3071BF0385C400A60E2E143

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44980BEE-7809-44A9-AC24-D6E578A3B7DF}
Path REG_SZ \Microsoft\Windows\RAC\RACAgent
Triggers REG_BINARY 1500000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF0021C20048484848947A7980484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848480000000048484848FFFF000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF84030000FFFFFFFF100E0000000000000000000000888273010000000000000000000000000000008888000000000000003A817330AC340A0000000000000000003A817330AC340AFFFFFFFFFFFFFFFF100E0000FFFFFFFF100E000000000000000000000088827301000000000000000000000000000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC60121624030E3E9CD010000000000000000
Hash REG_BINARY CAEA2CD6647DAC834D041D0EC1A19A6CB7E3737C0C5790AB103195851CD54986

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48909068-64F9-4B29-8C14-6957F35923C3}
Path REG_SZ \Microsoft\Windows\MobilePC\HotStart
Triggers REG_BINARY 1500000000000000003A8173C8080E0F0000000000000000003A8173C8080E0FFFFFFFFFFFFFFFFF4085400048484848E4C941FC484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000050B0000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C8080E0F0000000000000000003A8173C8080E0FFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601A1976375C0E9CD010000000000000000
Hash REG_BINARY B1F2AA490305894BF294311E67D445A11F2F6CC2D32F4D809D60180A102424F7

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}
Path REG_SZ \Microsoft\Windows\Bluetooth\UninstallDeviceTask
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000001005420048484848E2A91A23484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
DynamicInfo REG_BINARY 030000000000000000000000E74B88CFDE27C8010000000000000000
Hash REG_BINARY F05995CD0C376EC2A9A295259B32C4774B49ABFCFF49F9F732BD9A31C3452993

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{561375CB-FF5A-417B-B297-BA73DE149581}
Path REG_SZ \Microsoft\Windows\Wired\GatherWiredInfo
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E68073000000000000000000854001484848489C5812604848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848
Hash REG_BINARY 5589567BE1AB168A7807442E4763AE796B1541CFE519EEFC9A0D55D65F54C8C6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{563F9E71-B031-464D-ADEB-763521504163}
Path REG_SZ \RealCreateProcessScheduledTask474599018S-1-5-21-2337267849-1452406365-3508456928-1000
Hash REG_BINARY 2362A40F86866230F1C3EADBD943B533A9D80390DC59EF93AA8EC71AF2CF4786
Triggers REG_BINARY 150000000000000001040000E8A3230200000000000000000000000000000000FFFFFFFFFFFFFFFF3821410048484848A92D25E5484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E000080F40300FFFFFFFF0400000000000000000000000000000000000000000000000000000048484848888800000000000001040000E8A3230200000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E7B3020100380035003800390031007D000000
DynamicInfo REG_BINARY 03000000F01855E22971CD01709E5EE22971CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57030356-4699-4E1F-9939-F9D4460CD4DA}
Path REG_SZ \Microsoft\Windows\Media Center\OCURDiscovery
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848FA8981F4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 8E93F7001C1116402BDBD65B6E092681D93F9E7899759A0C238583C9CF199115

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5936C79A-731F-4716-BE59-35B58194ECE5}
Path REG_SZ \Microsoft\Windows\Media Center\OCURActivate
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E68073000000000000000000214200484848485178B7EF484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 9A2B85472C0B137789D7C5F5EB2D866023C4A1619AF5960C15D9DFB28CC26940

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FC0DB27-AB18-46F8-968D-0510176E655F}
Path REG_SZ \Microsoft\Windows\Tcpip\WSHReset
Hash REG_BINARY 8020FABA32CAFC6297649E0C0F1FC58B0979C5E4F6A77A40E40969B5D3997BF2
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0020C200484848484446E5D9484848480048484848484848004848484848484805000000484848480C0000004848484801010000000000051300000048484848000000004848484800000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E4D70001000A00200020002000200020002000
DynamicInfo REG_BINARY 0300000091C22ED9B2E6CD01D113AEFAB2E6CD010100000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63A5B73B-0C43-4C7B-8B08-34C8E01A264D}
Path REG_SZ \Microsoft\Windows\Defrag\ManualDefrag
Triggers REG_BINARY 150000000000000000E6A20258963A73FFFFFFFFFFFFFFFF00E6A20258963A7300000000000000007821420148484848834B2E7A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848
DynamicInfo REG_BINARY 030000000000000000000000F0292191D7C8CD010000000000000000
Hash REG_BINARY 8578C409BECCC7C713C6EAFC37CD5BB924720B4FE82745FDC3588F12EC493D12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B91DF4F-7E1F-4AE8-820A-2FB331567D67}
Path REG_SZ \Microsoft\Windows\SideShow\GadgetManager
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF0091400048484848533D3C394848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827300000000000000004C4D454D480000000148484848484848
Hash REG_BINARY BCCC71F60BEF402EAFBBBFE6931225F44B077261FA1375CFCF22310939BB0C9A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C041448-C69A-4D8B-A774-4F3948997407}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Triggers REG_BINARY 1500000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF908540004848484857A6E567484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000928273011C18083C1C18080000000000000000010000005000000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301231808F42318080000000000000000020000005000000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301006F006E0042006500680061007600030000007200000001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301006D0075006C006100740069006F00040000006F00640001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF0000000000000000000000000092827301007500720065007300000069006F00070000006F00640001484848484848487777000000000000003A8173207011080000000000000000003A817320701108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000009282730100740053007500700070006F00720008000000320000000148484848484848
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601A0F70983C15ECD010000000000000000
Hash REG_BINARY 6AB98F83CFC626A2ED328731AD0CB0EA7A52C24D7DA9FE60354B9C71FE3F90BA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71A67064-7531-4E1A-B744-304C7606F7C9}
Path REG_SZ \Google Updater and Installer
Hash REG_BINARY 15F5A4EB2A6F60A6ED00EA47DB475D615CB99478CD8391B616E2A36D17FB8A1A
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF782141004848484814891D1A484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E80300004848484820000000484848484300480045005200490045005C004300680065007200690065000000720000002C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010002000000000000016003010000000000000027000000
DynamicInfo REG_BINARY 0300000050491DA2D3E6CC01AFD593BD71E7CD01DD04078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}
Path REG_SZ \Microsoft\Windows\SideShow\SessionAgent
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF0085000048484848738379644848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0F000000FFFFFFFF00000000000000000000000000EBB50101006F006E004100670065006E0074000148484848484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0F000000FFFFFFFF00000000000000000000000000EE290101006F006E004100670065006E0074000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC6018DCC6E81E573C8018F04078000000000
Hash REG_BINARY 4C8B1247B536825863B3955A076FC854FE794F32354C1B4F1E57165D35558B7A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75B002DC-1295-4A52-B31E-936AD92CE95F}
Path REG_SZ \ScanSoft Background Update
Hash REG_BINARY EF2564B0F16D4D9D1B7D0B7C4EC319AA11C3C892C9F4F8099C9CBF4D817F994D
Triggers REG_BINARY 15000000000000000104000000E22802005053B5F76BC9010004000000E22802FFFFFFFFFFFFFFFF78A1400048484848346CE7E54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD0000000000000104000000E22802005053B5F76BC90100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0200000001000200000000000001A603010000000000000027000000
DynamicInfo REG_BINARY 03000000B056B0A1D3E6CC01AFD593BD71E7CD012513040000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77367E09-0898-4B2A-A724-5961373F8950}
Path REG_SZ \Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00854000484848481961F8254848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF03000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E5ED000100730043006F006E0066006C0069000148484848484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E5ED000100690065006E00630065002000490023030000000000003C00510075006500720079004C006900730074003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00510075006500720079002000490064003D002200310022003E000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C0021002D002D002000720065007300740072006900630074006500640020002D002D003E00200020000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E002F004F007000650072006100740069006F006E0061006C0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D002F004500760065006E007400490044003D002700310038002700200061006E0064002000530079007300740065006D002F00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E0027005D00200061006E0064002000550073006500720044006100740061002F002A002F00430075007200720065006E007400490073006F006C006100740069006F006E00530074006100740065004E0075006D0065007200690063003D002700330027005D000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C0021002D002D002000700072006F0062006100740069006F006E0020002D002D003E00200020000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C00530065006C00650063007400200050006100740068003D0022004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E002F004F007000650072006100740069006F006E0061006C0022003E000A00200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002A005B00530079007300740065006D002F004500760065006E007400490044003D002700310038002700200061006E0064002000530079007300740065006D002F00500072006F00760069006400650072005B0040004E0061006D0065003D0027004D006900630072006F0073006F00660074002D00570069006E0064006F00770073002D004E006500740077006F0072006B00410063006300650073007300500072006F00740065006300740069006F006E0027005D00200061006E0064002000550073006500720044006100740061002F002A002F00430075007200720065006E007400490073006F006C006100740069006F006E00530074006100740065004E0075006D0065007200690063003D002700320027005D000A0020002000200020002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00530065006C006500630074003E000A002000200020002000200020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079003E000A002000200020002000200020002000200020002000200020002000200020002000200020003C002F00510075006500720079004C006900730074003E000000000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000004B413E25898CC901E1F24D77C0E9CD010613040000000000
Hash REG_BINARY 6D8E6AD7FFDBD0DD04CCEBA5461CEE4185CD0E4110525BDA5BA72DDFD1D4C4F6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}
Path REG_SZ \Microsoft\Windows\Multimedia\SystemSoundsService
Triggers REG_BINARY 1500000000000000003A8173C8680A0A0000000000000000003A8173C8680A0AFFFFFFFFFFFFFFFF0085400048484848A2329E2C4848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C8680A0A0000000000000000003A8173C8680A0AFFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000D51D0001000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601817E6F75C0E9CD012B04078000000000
Hash REG_BINARY E8C52245D9FAC6434FB7CE1E79A896390B6697B733C945C36837D32E64777287

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{792493DE-3878-4323-B44D-F6F0C3562126}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\UserTask
Triggers REG_BINARY 1500000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFFC085400048484848FFE1043D484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005040000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848488888000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A82730100000000000000E40B000000000000AAAA000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF807000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC60141417475C0E9CD012B04078000000000
Hash REG_BINARY 7AE6E170F2942252E7EE1ADE947C597862AE77C01B41845BCA21E1F339377E7E

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}
Path REG_SZ \Microsoft\Windows\CertificateServicesClient\SystemTask
Triggers REG_BINARY 1500000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFFC005420048484848FA4BEB02484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF070000003C0000000500000000000000000000000000000000000000484848488888000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301005000540000006E00730000000000FFFF000000000000003A8173007211080000000000000000003A817300721108FFFFFFFFFFFFFFFF0A000000FFFFFFFF807000000000000000000000008A82730100000043006F0075006E0074000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601FAD2C6BFE7E9CD010113040000000000
Hash REG_BINARY 1B59F1150BD5015145F6136D7456F78F68AA12987EAA452FF2D0432B0A8EA8A5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{858BD5FB-61C3-4D83-8392-B9855BE4DF1D}
Path REG_SZ \Microsoft\Windows\Media Center\mcupdate
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000006005420048484848D0ACBAC1484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005140000004848484800000000484848480000000048484848
Hash REG_BINARY 65546C66346A86C62602CB87F3DE8C4A6CE4467C92F7890CF11758883493F919

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89194558-47E7-4A9E-B507-6C91CE4E6504}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Triggers REG_BINARY 1500000000000000012F640D00E2280200C05B5DC3D0C301002F640D00E22802FFFFFFFFFFFFFFFF4821420048484848A4700D82484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000012F640D00E2280200C05B5DC3D0C3010000000000000000000000000000000000000000000000000000000000000000300B010000000000FFFFFFFF00000000000000000000000000006003010000000000000019000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC601D0EDE12E59E6CC010111008000000000
Hash REG_BINARY 9885502AAA82CEAD395CA4ED57D61753BB64298CE47175B7BCA74A47864CBE2A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99B9521C-F109-4B7B-BDDF-99CF656525E0}
Path REG_SZ \Microsoft\Windows\Defrag\ScheduledDefrag
Triggers REG_BINARY 150000000000000001D03F0D284802020030F7DA3D87CD0100D03F0D28480202FFFFFFFFFFFFFFFF7E21020148484848CD6C3110484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C00000048484848B40000008033E10180F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D03F0D284802020030F7DA3D87CD0100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF02000000010008000000000000019D03010000000000000027000000
DynamicInfo REG_BINARY 030000005CB7580F7FFEC6012D94E028E227C8012513040000000000
Hash REG_BINARY 3FD581C2E57C4033D9F8A57CF6755C599B86D03F3D9CD45A14E7B52982256ECC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}
Path REG_SZ \Scheduled Update for Ask Toolbar
Hash REG_BINARY BF839A9032962110907DF08725B2D02CA245BFCB6B312A8B8EA31DB6F6C29537
Triggers REG_BINARY 1500000000000000015B3A041008510100DA62A0A7E7CD01010851011008510100BE06F43A56E1013821410148484848B5D2EEED484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD000000000000015B3A041008510100DA62A0A7E7CD01010851011008510100BE06F43A56E101000000000000000000000000000000002C01000080510100FFFFFFFF01000000010000000000000000011C02010000000000000027000000
DynamicInfo REG_BINARY 03000000BEE8F8AAA7E7CD01AA438147E9E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AE7DB43-4463-4AA1-B081-B686DD130E83}
Path REG_SZ \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFFF88540004848484817991E01484848480048484848484848004848484848484805000000484848480C000000484848480101000000000001000000004848484800000000484848482C0000004848484858020000100E0000100E0000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF100E0000FFFFFFFF00000000000000000000000000E5ED000000730043006F006E0066006C0069000148484848484848
Hash REG_BINARY 99F255B7EAB58358E04FB86BD1245D3CBD8108DD8143C61234072E3169B0379F

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D14A7BE-839F-471A-AF97-EBC9587648EA}
Path REG_SZ \SONY\WSSU\WSSU
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF488540014848484830AAE7404848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000000000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF05000000FFFFFFFF00000000000000000000000000E82B01010065003A00530065007200760069000148484848484848
DynamicInfo REG_BINARY 03000000FDB64FE2E973C80101175577C0E9CD010400014000000000
Hash REG_BINARY 53012B08475315025E9F34AA97955F9FF8FF1A59BFA40F73E9E48542F19EDAE5

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0284D75-8800-4DD4-A7F0-C7375D77B57A}
Path REG_SZ \avast! Emergency Update
Hash REG_BINARY BEAB1CEDE46B377AE3B0E268F115A9B6B7DB908BE3C4055820F890B39E5023A1
Triggers REG_BINARY 15000000000000000030F50768578D028000922258E9CD010030F50768578D02FFFFFFFFFFFFFFFF3821C20048484848121F70FC484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0A00000000000000000000000000000000000000000000000000000048484848DDDD0000000000000030F50768578D028000922258E9CD010000000000000000000000000000000000000000000000000000000000000000C0A8000080510100FFFFFFFF01000000010000000000000000016A03010000000000000027000000AAAA0000000000000081831F68578D028000922258E9CD010000000000000000FFFFFFFFFFFFFFFF78000000FFFFFFFF00000000000000000000000000E66A0301006900630065004100700069002E000148484848484848
DynamicInfo REG_BINARY 03000000C93E908FF3E8CD01B1EDC0BBC0E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1868F64-ED08-49A9-9F86-F62ED855AFFD}
Path REG_SZ \Microsoft\Windows\SystemRestore\SR
Triggers REG_BINARY 1500000000000000003A8173D0690E0F000000000000000000D11D000AB5AA74FFFFFFFFFFFFFFFF522142004848484881E66A02484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C00000048484848580200008033E10180F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001D11D000AB5AA740080E1017470C50100000000000000000000000000000000000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001590A0100000000000000E0D21D00FFFF000000000000003A8173D0690E0F0000000000000000003A8173D0690E0FFFFFFFFFFFFFFFFF08070000FFFFFFFF000000000000000000000000008A827301000000FFFFFFFF0600000007000000
DynamicInfo REG_BINARY 03000000166F4A0F7FFEC601F163B64AD1E9CD010000000000000000
Hash REG_BINARY 9AF79112528B52600BA69033396D42217B61F06CB73C7FDD403BDDA61EF1BC52

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A61555D3-7840-45C1-A5A9-0D49851DE37A}
Path REG_SZ \Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF48A140004848484863FB2F534848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002002000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF58020000FFFFFFFF00000000000000000000000000EA600300002E006500780065002C002D0031000148484848484848
DynamicInfo REG_BINARY 03000000FB55560F7FFEC6019297595ACAE4CC010000000000000000
Hash REG_BINARY B498F3BC63C735A64FAB1094FF9433D5B156E168C1B34D4FDF56F2D68C8CD4F3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AF336F90-33F0-441D-9F1B-941AA64D246D}
Path REG_SZ \{80DCF3C4-5E9E-41D2-A8CC-C1C2FDD85891}
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF38214100484848488255E4D6484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848482400000048484848460075006E005F00430065006E007400650072005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF07000000000000000000000000000000000000000000000000000000484848488888000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E8F902010048006F0073007400000000000000
DynamicInfo REG_BINARY 030000008096935404B3CA0190BD935404B3CA010000000000000000
Hash REG_BINARY 7318B40C381DF54327D8F8E426D86B43B8D68FEDBD15E1AB697664835C76974C

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}
Path REG_SZ \Microsoft\Windows\Media Center\UpdateRecordPath
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848F339BDC1484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 8464C23775EDCE8970C1B0E87A376008217DD618CE0E182B2CA495E63D7FBA7A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6CBFEC8-EF47-4B48-9718-3A4170F99600}
Path REG_SZ \Microsoft\Windows\SideShow\AutoWake
Triggers REG_BINARY 1500000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF00210200484848486101296A484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005130000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173C82A6A0E0000000000000000003A8173C82A6A0EFFFFFFFFFFFFFFFF3C000000FFFFFFFF000000000000000000000000008B827301000000000000004C4D454D480000000148484848484848
Hash REG_BINARY 971FE3C0D3316333530CF59CCA82A1DEB58568AC1D49056394AC778131BB5E4A

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCF8CA49-10FE-40EA-A5B8-504B864BC698}
Path REG_SZ \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Triggers REG_BINARY 1500000000000000003A8173306A0A0A0000000000000000003A8173306A0A0AFFFFFFFFFFFFFFFF0085C00048484848AC49C9D54848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848AAAA000000000000003A8173306A0A0A0000000000000000003A8173306A0A0AFFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008A827301000000000000004C4D454D480000000148484848484848
DynamicInfo REG_BINARY 03000000FB55560F7FFEC60101047975C0E9CD012B04078000000000
Hash REG_BINARY D1A96C5A02025DCC66E7CB38BBDE768E15B8DFB54AB1D8E79DEA7E6E0CCDF2DF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3BF2515-443F-456C-8485-F2B9A9142897}
Path REG_SZ \WPD\SqmUpload_S-1-5-21-2337267849-1452406365-3508456928-1000
Hash REG_BINARY 88A33A13B63A34D6EC5BB9A25D1A6B2E678D7FAB7BB366254BCE91C3AA354924
Triggers REG_BINARY 150000000000000001FD79156867910100A0ABD56D4CC80101679101686791010080D8FCAD84D001D221C100484848485BE60E05484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C00000048484848580200007043010084030000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000001FD79156867910100A0ABD56D4CC80101679101686791010080D8FCAD84D001000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001090101000000100E000027000000
DynamicInfo REG_BINARY 03000000784CB4E075E7CD0121FC7C7CE3E9CD010000000000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}
Path REG_SZ \Microsoft\Windows\Wireless\GatherWirelessInfo
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000085400148484848C03091C34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848480000000048484848
Hash REG_BINARY 4020AA015560A7F9A0EE8FA4A0BFA77191FCEF8DB03C05FE3B8993A584F9FAD8

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E59437C6-816A-4941-AE55-EA5B2E449EB7}
Path REG_SZ \User_Feed_Synchronization-{FE9BFD1C-B6B7-4535-9A5B-B532EEFE9733}
Hash REG_BINARY 27EDEFEE9ABCE32D77947878CA86E2F9CEB016AE7A5217BA56E64E01D1AEED19
Triggers REG_BINARY 150000000000000000040000D80E2E0200A128B8E7E9CD01000E2E02D80E2E0200A1BFC4A81FD901C821C10048484848F05E7694484848480048484848484848004848484848484801000000484848481C0000004848484801050000000000051500000089E04F8B5DF69156E0CD1ED1E8030000484848481C000000484848484300480045005200490045005C004300680065007200690065000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848DDDD00000000000000040000D80E2E0200A128B8E7E9CD01000E2E02D80E2E0200A1BFC4A81FD901000000000000000000000000000000000000000000000000FFFFFFFF0100000001000000000000000001B202010000000000000027000000
DynamicInfo REG_BINARY 03000000489AA26576E7CD019A0F2EB8E7E9CD01DD04078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}
Path REG_SZ \Microsoft\Windows\UPnP\UPnPHostConfig
Triggers REG_BINARY 150000000000000000D91D00E8E68073FFFFFFFFFFFFFFFF00D91D00E8E6807300000000000000001021420048484848D13F5283484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY D9CD3D0C615501058A11A3DF41188C1F8AAACBB3AA2979BB6EF10907E7748875

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8586F93-216F-42C2-AA11-CFF75BE2FA65}
Path REG_SZ \CCleanerSkipUAC
Hash REG_BINARY F2DD9D2103E586FEB373B6A51A18B59A249DAB7FB724BB47E6728C528B11047F
Triggers REG_BINARY 150000000000000000F6200399BC4E74FFFFFFFFFFFFFFFF00F6200399BC4E74000000000000000008054101484848487B12696148484848004848484848484800484848484848480300000048484848180000004848484801040000000000051500000089E04F8B5DF69156E0CD1ED114000000484848484300480045005200490045005C000000A0BC0000484848482C0000004848484800000000FFFFFFFF80F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D6E476-24FE-4649-A4D7-985706B29128}
Path REG_SZ \Microsoft\Windows\Tcpip\IpAddressConflict1
Triggers REG_BINARY 1500000000000000003A8173107111080000000000000000003A817310711108FFFFFFFFFFFFFFFF38A1400148484848075A2FC34848484800484848484848480048484848484848040000004848484810000000484848480102000000000005200000002102000000000000484848482C0000004848484858020000100E000080F40300FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000003A8173107111080000000000000000003A817310711108FFFFFFFFFFFFFFFF00000000FFFFFFFF000000000000000000000000008E8273010045005400550050002E00450076008D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D002200530079007300740065006D0022003E003C00530065006C00650063007400200050006100740068003D002200530079007300740065006D0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D0027005400630070006900700027005D00200061006E00640020004500760065006E007400490044003D0034003100390038005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 030000002685700F7FFEC60100000000000000000000000000000000
Hash REG_BINARY 1D14988B744D688596184E4E0C1CEBA5434DA67341FEB85EBB2ACAA129CB94BC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe online update program
Id REG_SZ {292F1D1D-A798-4275-8620-72A199E3FD3B}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate
Id REG_SZ {093EFEA0-61F1-486D-AD86-9BDC0B021981}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avast! Emergency Update
Id REG_SZ {A0284D75-8800-4DD4-A7F0-C7375D77B57A}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC
Id REG_SZ {F8586F93-216F-42C2-AA11-CFF75BE2FA65}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Updater and Installer
Id REG_SZ {71A67064-7531-4E1A-B744-304C7606F7C9}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
Id REG_SZ {382A66B5-81CF-460E-ABF5-76A4281A7D68}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
Id REG_SZ {9AE7DB43-4463-4AA1-B081-B686DD130E83}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Bluetooth\UninstallDeviceTask
Id REG_SZ {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\SystemTask
Id REG_SZ {7D6040AE-2D30-49F3-9E48-FC8AF6F1AC75}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask
Id REG_SZ {792493DE-3878-4323-B44D-F6F0C3562126}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\CertificateServicesClient\UserTask-Roam
Id REG_SZ {6C041448-C69A-4D8B-A774-4F3948997407}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\Consolidator
Id REG_SZ {89194558-47E7-4A9E-B507-6C91CE4E6504}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification
Id REG_SZ {A61555D3-7840-45C1-A5A9-0D49851DE37A}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ManualDefrag
Id REG_SZ {63A5B73B-0C43-4C7B-8B08-34C8E01A264D}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Defrag\ScheduledDefrag
Id REG_SZ {99B9521C-F109-4B7B-BDDF-99CF656525E0}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
Id REG_SZ {24AEC961-850F-4439-ABCC-E9E95905F28D}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit
Id REG_SZ {04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\mcupdate
Id REG_SZ {858BD5FB-61C3-4D83-8392-B9855BE4DF1D}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURActivate
Id REG_SZ {5936C79A-731F-4716-BE59-35B58194ECE5}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\OCURDiscovery
Id REG_SZ {57030356-4699-4E1F-9939-F9D4460CD4DA}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\UpdateRecordPath
Id REG_SZ {B0C3FDC1-6390-43BE-927C-2CCE6A3E7B91}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\HotStart
Id REG_SZ {48909068-64F9-4B29-8C14-6957F35923C3}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MobilePC\TMM
Id REG_SZ {1CC81347-6204-4B83-900C-01E02F50F067}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MUI\LPRemove
Id REG_SZ {1C0EBB1F-54BC-4A55-B31B-FC280B897DF8}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SystemSoundsService
Id REG_SZ {77EA1F70-8B2C-4BDA-8E82-3C597D8C7A00}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Id REG_SZ {77367E09-0898-4B2A-A724-5961373F8950}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\PLA\System

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RAC\RACAgent
Id REG_SZ {44980BEE-7809-44A9-AC24-D6E578A3B7DF}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask
Id REG_SZ {0C3AF200-FADC-49E5-880E-DEE192C8B79A}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\RestartManager

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\CrawlStartPages
Id REG_SZ {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\AutoWake
Id REG_SZ {C6CBFEC8-EF47-4B48-9718-3A4170F99600}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\GadgetManager
Id REG_SZ {6B91DF4F-7E1F-4AE8-820A-2FB331567D67}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SessionAgent
Id REG_SZ {74D1CC51-F3BA-47F2-A5B0-2D669FA07C6F}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SideShow\SystemDataProviders
Id REG_SZ {3BB5D87B-C851-4325-97B6-95E4EA1CBC61}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SystemRestore\SR
Id REG_SZ {A1868F64-ED08-49A9-9F86-F62ED855AFFD}
Index REG_DWORD 0x1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict1
Id REG_SZ {F8D6E476-24FE-4649-A4D7-985706B29128}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\IpAddressConflict2
Id REG_SZ {2FDBDC47-7148-49DB-9D32-32E6A003C996}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Tcpip\WSHReset
Id REG_SZ {5FC0DB27-AB18-46F8-968D-0510176E655F}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\TextServicesFramework\MsCtfMonitor
Id REG_SZ {DCF8CA49-10FE-40EA-A5B8-504B864BC698}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UPnP\UPnPHostConfig
Id REG_SZ {F55F85D3-8FDE-479E-82E0-A9BB339AA8E2}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WDI\ResolutionHost
Id REG_SZ {3CD7BF6C-F120-476E-AF84-851D43BDDEEE}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Error Reporting\QueueReporting
Id REG_SZ {11893D5E-54A0-4C6B-AB0D-D9FA527334A9}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wired\GatherWiredInfo
Id REG_SZ {561375CB-FF5A-417B-B297-BA73DE149581}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Wireless\GatherWirelessInfo
Id REG_SZ {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration
Id REG_SZ {0021D08E-CCE0-4EA2-B7D2-2663B8984933}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RealCreateProcessScheduledTask474599018S-1-5-21-2337267849-1452406365-3508456928-1000
Id REG_SZ {563F9E71-B031-464D-ADEB-763521504163}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScanSoft Background Update
Id REG_SZ {75B002DC-1295-4A52-B31E-936AD92CE95F}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Id REG_SZ {9A9F4EA3-C8E4-44F6-9B36-2DE854B7D0ED}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\VAIO Update

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\VAIO Update\VAIO Update
Id REG_SZ {1E576951-3A41-43AE-84EA-623F02F80E79}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\WSSU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SONY\WSSU\WSSU
Id REG_SZ {9D14A7BE-839F-471A-AF97-EBC9587648EA}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\User_Feed_Synchronization-{FE9BFD1C-B6B7-4535-9A5B-B532EEFE9733}
Id REG_SZ {E59437C6-816A-4941-AE55-EA5B2E449EB7}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VAIO Service Utility
Id REG_SZ {445B8115-F062-4F14-8CF6-71132C02F9A7}
Index REG_DWORD 0x2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-2337267849-1452406365-3508456928-1000
Id REG_SZ {E3BF2515-443F-456C-8485-F2B9A9142897}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6277BBC7-0687-4823-A4F1-863F60EFA2E2}
Id REG_SZ {3FA53AD9-B8FA-4454-B10A-BBB9D7869580}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{80DCF3C4-5E9E-41D2-A8CC-C1C2FDD85891}
Id REG_SZ {AF336F90-33F0-441D-9F1B-941AA64D246D}
Index REG_DWORD 0x3
  • 0

#37
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Try deleting the following the same way we did the others:


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe online update program
Id REG_SZ {292F1D1D-A798-4275-8620-72A199E3FD3B}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple\AppleSoftwareUpdate
Id REG_SZ {093EFEA0-61F1-486D-AD86-9BDC0B021981}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC
Id REG_SZ {F8586F93-216F-42C2-AA11-CFF75BE2FA65}
Index REG_DWORD 0x3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Google Updater and Installer
Id REG_SZ {71A67064-7531-4E1A-B744-304C7606F7C9}
Index REG_DWORD 0x3

These two are from a different section but I think we can delete them the same way:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0021D08E-CCE0-4EA2-B7D2-2663B8984933}
Path REG_SZ \Norton WSC Integration
Hash REG_BINARY 6499E0032A8F6BE3482DCDA1651DF46DF1640CFF5BC30DA66C9C5DB72F17164E
Triggers REG_BINARY 1500000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF0021C20148484848ABB4AEF4484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848482C0000004848484800000000FFFFFFFF00000000FFFFFFFF0700000000000000000000000000000000000000000000000000000048484848CCCC000000000000000000000000000000000000000000000000000000000000FFFFFFFFFFFFFFFF00000000FFFFFFFF00000000000000000000000000E32B01010074006F006E0020005700530043009D000000000000003C00510075006500720079004C006900730074003E003C00510075006500720079002000490064003D00220030002200200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E003C00530065006C00650063007400200050006100740068003D0022004100700070006C00690063006100740069006F006E0022003E002A005B00530079007300740065006D005B00500072006F00760069006400650072005B0040004E0061006D0065003D00270053006500630075007200690074007900430065006E0074006500720027005D00200061006E00640020004500760065006E007400490044003D0031005D005D003C002F00530065006C006500630074003E003C002F00510075006500720079003E003C002F00510075006500720079004C006900730074003E00000048484848000000000000000000000000000000000000000000000000
DynamicInfo REG_BINARY 0300000019791F26F6A2CD013A6F24EFE7E9CD010300078000000000

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Path REG_SZ \Microsoft\Windows\Media Center\ehDRMInit
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848BDF77262484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 03B0BB1C706F35641E31120D128126425362C94006071CEB7569F0139F34EA41

If any of them come back then try and uninstall the associated program.
  • 0

#38
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Ok deleted them and rebooted.

I am now able to get to Task Scheduler. When I click on it I get an error that ehDRMInt is no longer available. I also got one for Norton WPS but was able to delete that from the TREE and now I don't get that error. I'm not sure what the ehDRMInt is though? Once I click ok it loads up task scheduler and then I can click on Task Scheduler Library and it now opens with no more corruption error.
Attached is what I have when TSL opens.
  • 0

#39
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
oops here is the screen shot

Attached Thumbnails

  • TSL.jpg

  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Go back in and make sure you have deleted these three keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Path REG_SZ \Microsoft\Windows\Media Center\ehDRMInit
Triggers REG_BINARY 150000000000000000D71D00E8E68073FFFFFFFFFFFFFFFF00D71D00E8E6807300000000000000000021420048484848BDF77262484848480048484848484848004848484848484805000000484848480C000000484848480101000000000005120000004848484800000000484848480000000048484848
Hash REG_BINARY 03B0BB1C706F35641E31120D128126425362C94006071CEB7569F0139F34EA41

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Media Center\ehDRMInit
Id REG_SZ {04699375-5AFB-4BAF-9F2A-09D8C0497F4E}
Index REG_DWORD 0x3

See if it still complains about media center.

Attach your schedule.reg file and we can try and put it back if it still complains.
  • 0

Advertisements


#41
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
No more complaints for the Task Scheduler.
Start-up still takes 6 minutes to get to the login screen.

I notice in the first item in the TSL
{5C915B4C-B261-45D0-BFE5-2CA6E6EC0EA7}
Under the actions tab is says to start a program and includes C:\Program Files\Skypemate\uninstall.exe
I have been trying to uninstall this program (its a program that runs a USB Skype phone) and it hasn't let me, would this be the reason why?
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Get the free Revo uninstaller and see if it can get rid of skypemate for you.

http://www.revounins...e_download.html

If it's in the list I'm not sure why we don't see it in the registry entries. Can you right click on it and delete it?

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Before you reboot let's turn on boot logging:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

msconfig

under the Boot Tab, check Boot Log. Apply

Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Also post or attach the log C:\Windows\ntbtlog.txt.

Also how much memory does it have?

Ron
  • 0

#43
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
I deleted the registries that were part of the Skymate. None of them had the name just that key but I did find them on the TREE, PLAIN, and TASKS and deleted them all then I was able to uninstall the program from the control panel. Yay!

Start-up still takes 6 minutes although log-off and shutdown sped up :)

How much memory does what have? Not sure what you are asking on this question?


SYSTEM

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/01/2013 4:48:41 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2013 10:39:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 10:39:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 10:38:37 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 10:27:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 10:27:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 10:26:08 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 8:15:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 8:15:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 8:13:47 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 7:53:08 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 7:53:08 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 7:51:42 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 7:22:47 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 7:22:47 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 7:21:50 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 2:42:53 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.19 for the Network Card with network address 001DE099BE4D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 03/01/2013 2:36:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 2:36:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 2:35:20 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 2:35:13 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 7:31:38 PM on 1/2/2013 was unexpected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2013 10:24:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 8:09:07 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 7:50:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 7:20:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 2:42:53 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 03/01/2013 2:42:43 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/01/2013 2:42:34 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 11:26:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 2:09:32 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 02/01/2013 2:09:22 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 2:09:13 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 2:01:22 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 1:19:37 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 02/01/2013 1:19:28 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 1:19:19 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 1:10:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



APPLICATION


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/01/2013 4:49:23 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2013 7:48:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application btsendto_explorer.exe, version 6.1.0.2000, time stamp 0x46d4c465, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x1608, application start time 0x01cde9eb583c467a.

Log: 'Application' Date/Time: 03/01/2013 7:42:48 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xe24, application start time 0x01cde9ea811b75da.

Log: 'Application' Date/Time: 03/01/2013 7:38:44 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application uninstall.exe_unknown, version 0.0.0.0, time stamp 0x3da6a14d, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00059731, process id 0x1340, application start time 0x01cde9e9f0b0259a.

Log: 'Application' Date/Time: 03/01/2013 7:38:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application uninstall.exe_unknown, version 0.0.0.0, time stamp 0x3da6a14d, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00059731, process id 0xad0, application start time 0x01cde9e9df51a4ea.

Log: 'Application' Date/Time: 03/01/2013 7:29:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x91c, application start time 0x01cde9e88921265a.

Log: 'Application' Date/Time: 03/01/2013 7:23:29 PM
Type: Error Category: 3
Event: 3024 Source: Microsoft-Windows-Search
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 03/01/2013 7:02:12 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 6:58:51 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 4:10:53 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0000002, fault offset 0x0003fc16, process id 0xfa0, application start time 0x01cde9cc8db92ed1.

Log: 'Application' Date/Time: 03/01/2013 4:08:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0000002, fault offset 0x0003fc16, process id 0xd1c, application start time 0x01cde9cbcec58411.

Log: 'Application' Date/Time: 03/01/2013 3:45:06 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\TQJR9SRS\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS.TP-CDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:45:06 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\TQJR9SRS\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS.TP-CDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:31:55 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:31:22 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 03/01/2013 3:31:21 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 03/01/2013 2:55:05 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program regedit.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b98 Start Time: 01cde9c13028ea91 Termination Time: 0

Log: 'Application' Date/Time: 03/01/2013 2:43:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x904, application start time 0x01cde9c081094821.

Log: 'Application' Date/Time: 02/01/2013 2:09:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xba4, application start time 0x01cde8f2b1425549.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2013 10:24:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000_Classes:
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2013 10:24:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 74 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Security
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\OpenWithProgids
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Policies\Microsoft\Internet Explorer
Process 1560 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Command Processor
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl


Log: 'Application' Date/Time: 03/01/2013 8:07:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000_Classes:
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2013 8:07:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 50 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 3148 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 2672 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 3148 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\SkypeMate
Process 2672 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\SkypeMate
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle


Log: 'Application' Date/Time: 03/01/2013 7:50:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 2768 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 2032 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2032 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Log: 'Application' Date/Time: 03/01/2013 7:49:47 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Users\Cherie\AppData\Local\Google\Chrome\Application\chrome.exe' (pid 824) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2013 7:49:47 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 3692) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2013 7:23:29 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{s-1-5-21-2337267849-1452406365-3508456928-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error (0x80004005)
  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Lot of errors.


Copy the next 4 lines:

cd \Windows\System32\config\TxR
attrib -r -h -s *.*
del *.*
fsutil resource setautoreset true C:\

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. (If you get an Are you sure, say Y)
Close the command window.

Go back into Regedit and navigate to:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ccSet_NAT

This key will need for you to take ownership of it as before. Right click on ccSet_NAT and delete.

Right click on (My) Computer and select Manage then Services and Applications then Services. Find Microsoft Windows Search or maybe it just says Windows Search. Right click on it and select Properties then change the Startup Type: to Disabled then Apply.

Clear the alarms, reboot and rerun VEW as per the last post.
  • 0

#45
M624

M624

    Member

  • Topic Starter
  • Member
  • PipPip
  • 71 posts
Not sure what you mean by clear alarms?

Rebooted and ran VEW

SYSTEM

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/01/2013 6:00:52 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2013 11:51:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 11:51:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 11:50:20 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 10:39:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 10:39:58 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 10:38:37 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 10:27:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 10:27:29 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 10:26:08 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 8:15:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 8:15:07 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 8:13:47 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942402. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 7:53:08 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 7:53:08 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 7:51:42 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 7:22:47 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

Log: 'System' Date/Time: 03/01/2013 7:22:47 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 03/01/2013 7:21:50 PM
Type: Error Category: 403
Event: 412 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147549183. User Action: restart task scheduler service.

Log: 'System' Date/Time: 03/01/2013 2:42:53 PM
Type: Error Category: 0
Event: 1002 Source: Microsoft-Windows-Dhcp-Client
The IP address lease 192.168.1.19 for the Network Card with network address 001DE099BE4D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Log: 'System' Date/Time: 03/01/2013 2:36:43 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Norton Anti-Theft service failed to start due to the following error: The system cannot find the path specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/01/2013 11:49:25 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 10:24:59 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 8:09:07 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 7:50:31 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 7:20:06 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 03/01/2013 2:42:53 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 03/01/2013 2:42:43 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 03/01/2013 2:42:34 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 11:26:44 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 2:09:32 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 02/01/2013 2:09:22 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 2:09:13 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 2:01:22 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 02/01/2013 1:19:37 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
The event description cannot be found.

Log: 'System' Date/Time: 02/01/2013 1:19:28 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 1:19:19 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001DE099BE4D. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 02/01/2013 1:10:21 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.




APPLICATION

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 03/01/2013 6:02:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2013 7:48:47 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application btsendto_explorer.exe, version 6.1.0.2000, time stamp 0x46d4c465, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x1608, application start time 0x01cde9eb583c467a.

Log: 'Application' Date/Time: 03/01/2013 7:42:48 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xe24, application start time 0x01cde9ea811b75da.

Log: 'Application' Date/Time: 03/01/2013 7:38:44 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application uninstall.exe_unknown, version 0.0.0.0, time stamp 0x3da6a14d, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00059731, process id 0x1340, application start time 0x01cde9e9f0b0259a.

Log: 'Application' Date/Time: 03/01/2013 7:38:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application uninstall.exe_unknown, version 0.0.0.0, time stamp 0x3da6a14d, faulting module ole32.dll, version 6.0.6002.18277, time stamp 0x4c28d53e, exception code 0xc0000005, fault offset 0x00059731, process id 0xad0, application start time 0x01cde9e9df51a4ea.

Log: 'Application' Date/Time: 03/01/2013 7:29:16 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x91c, application start time 0x01cde9e88921265a.

Log: 'Application' Date/Time: 03/01/2013 7:23:29 PM
Type: Error Category: 3
Event: 3024 Source: Microsoft-Windows-Search
The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.

Context: Application, SystemIndex Catalog


Log: 'Application' Date/Time: 03/01/2013 7:02:12 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 6:58:51 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 4:10:53 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0000002, fault offset 0x0003fc16, process id 0xfa0, application start time 0x01cde9cc8db92ed1.

Log: 'Application' Date/Time: 03/01/2013 4:08:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application POWERPNT.EXE, version 12.0.6600.1000, time stamp 0x4de50c7e, faulting module KERNEL32.dll, version 6.0.6002.18704, time stamp 0x5065ccb6, exception code 0xe0000002, fault offset 0x0003fc16, process id 0xd1c, application start time 0x01cde9cbcec58411.

Log: 'Application' Date/Time: 03/01/2013 3:45:06 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\TQJR9SRS\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS.TP-CDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:45:06 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\PEPPER DATA\SHOCKWAVE FLASH\WRITABLEROOT\#SHAREDOBJECTS\TQJR9SRS\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\#ASSETS.TP-CDN.COM\SETTINGS.SOL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:31:55 PM
Type: Error Category: 3
Event: 3013 Source: Microsoft-Windows-Search
The entry <C:\USERS\CHERIE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\DATABASES\CHROME-EXTENSION_PPMLFIKLPJEMADICIGNFCFNDMJEGGNDP_0\6-JOURNAL> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


Log: 'Application' Date/Time: 03/01/2013 3:31:22 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Log: 'Application' Date/Time: 03/01/2013 3:31:21 PM
Type: Error Category: 0
Event: 1010 Source: Microsoft-Windows-Perflib
The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.

Log: 'Application' Date/Time: 03/01/2013 2:55:05 PM
Type: Error Category: 101
Event: 1002 Source: Application Hang
The program regedit.exe version 6.0.6001.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: b98 Start Time: 01cde9c13028ea91 Termination Time: 0

Log: 'Application' Date/Time: 03/01/2013 2:43:26 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0x904, application start time 0x01cde9c081094821.

Log: 'Application' Date/Time: 02/01/2013 2:09:39 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application BTTray.exe, version 6.1.0.2000, time stamp 0x46d4c82d, faulting module btwapi.dll, version 6.0.6002.18541, time stamp 0x4ec3e3d5, exception code 0xc0000135, fault offset 0x00009f5d, process id 0xba4, application start time 0x01cde8f2b1425549.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/01/2013 10:24:53 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000_Classes:
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2013 10:24:52 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 74 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Security
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bat\OpenWithProgids
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Policies\Microsoft\Internet Explorer
Process 1560 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Command Processor
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 4956 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 4648 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl


Log: 'Application' Date/Time: 03/01/2013 8:07:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000_Classes:
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000_CLASSES


Log: 'Application' Date/Time: 03/01/2013 8:07:07 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 50 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000409\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Process 3148 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 2672 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Run
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x0000045e\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000411\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000478\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\HiddenDummyLayouts
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e82e4fe8-dfd7-11dc-8737-806e6f6e6963}
Process 3148 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\SkypeMate
Process 2672 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\SkypeMate
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000804\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\DirectSwitchHotkeys
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\SortOrder\Language
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000404\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\Assemblies\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\CTF\TIP\{FA445657-9379-11D6-B41A-00065B83EE53}\LanguageProfile\0x00000412\{38445657-9381-11D6-B41A-00065B83EE53}
Process 6100 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle
Process 2308 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Keyboard Layout\Toggle


Log: 'Application' Date/Time: 03/01/2013 7:50:21 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 6 user registry handles leaked from \Registry\User\S-1-5-21-2337267849-1452406365-3508456928-1000:
Process 2768 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000
Process 2032 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Control Panel\Desktop
Process 4928 (<Unknown>) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Process 2032 (\Device\HarddiskVolume2\Windows\System32\msiexec.exe) has opened key \REGISTRY\USER\S-1-5-21-2337267849-1452406365-3508456928-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts


Log: 'Application' Date/Time: 03/01/2013 7:49:47 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Users\Cherie\AppData\Local\Google\Chrome\Application\chrome.exe' (pid 824) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2013 7:49:47 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Windows\explorer.exe' (pid 3692) cannot be restarted - Application SID does not match Conductor SID..

Log: 'Application' Date/Time: 03/01/2013 7:23:29 PM
Type: Warning Category: 3
Event: 3036 Source: Microsoft-Windows-Search
The content source <iehistory://{s-1-5-21-2337267849-1452406365-3508456928-1000}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
Unspecified error (0x80004005)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP